last executing test programs:

35.355527745s ago: executing program 0 (id=167):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000340)={0xcf45, 0x4cc, 0xc81, 0x9e03, 0x3, "80030000000100"})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x5, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

34.410139128s ago: executing program 0 (id=173):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x9, 0x10001, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0x3}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0x8, '\x00', 0xb4}, {0x0, 0x7, 0x54, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x4, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0x9, 0x3, 0x8, '\x00', 0x6}, {0xf, 0x3, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x1}, {0x4, 0xc, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x4, 0x12, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

34.004521628s ago: executing program 0 (id=175):
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x2)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000440)={0x0, 0xec24, 0x10000, 0x4002, 0x40000233}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

33.518584886s ago: executing program 0 (id=178):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x400, &(0x7f0000000600)=ANY=[@ANYBLOB='nostrict,umask=00000000000000000000010,unhide,longad,utf8,lastblock=00000000000000002304,anchor=18446744073709551615,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,uid=forget,noadinicb,shortad,iocharset=ascii,lastblock=00000000000000000009,iocharset=cp950,fileset=00000000000000000001,undelete,anchor=00000000000000000006,partition=00000000000000000008,anchor=00000000000008421375,session=00000000000000000001,anchor=00000000000000000005,gid=', @ANYRESDEC, @ANYBLOB="2c66fefb470f725c", @ANYRES8, @ANYRESOCT, @ANYRES8=0x0, @ANYBLOB="2c736d61636b66736465663d233f9d1abf59c53229ddd780b162f44a0e44f3436d598025e596d23078a3e733e07b480ad2f41c3ccd7956530c3be5c0d1833ad4954140d857bb924e0f613fe32a0c1461263f77581d8ed8b341959c53a341493644534a4b27223d1faac6bf7df530d100a57452b6a3abc826bb0f0b82809ca1e13376959935f589115abe267b25f42757304b4d6c7ffaec13f3079a4658933152fe693cc762ce82776b4003c4ac3d9d3478da3da1f79ad788d3b25f59422ba668e32c00"], 0x9, 0xc1e, &(0x7f0000001240)="$eJzs3U9sHNd9B/DfG5HiUmkrJnYUu42LTVukMmO5+hdTsQp3VdNsA8gyEYq5BeCKpNSFKZIgqUY20oLppYceAhRFDzkRaI0CKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAOQUsZvatuKRIixFFibI+H5v67s6+N/PevPWMLOjNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdfu3T6THrUrQAAHqYrY185fdb9HwCeKFf9/z8AAAAAAAAAAAAAABx2KYp4KlLMX1lPE9X7ttrlVu+t2+PDIztX609VzSNV+fKndubsufNffGnoQicvt2Y/ov6D9my8MXb1Uv3VuZvzC9OLi9NT9fHZ1uTc1PSe97Df+tsNViegfvPNW1PXry/Wz754bsvHtwc+7PvEiYGLQ8+feq5Tdnx4ZGRss0jtvo+9g91meByNIk5Fihe++5PUjIgi9n8uag937LfrrzoxWHVifHik6shMqzm7VH442jkRRUS9q1Kjc452Hovo6X2ofdhdI2K5bH7Z4MGye2PzzYXmtZnp+mhzYam11JqbHU3t1pb9qUcRF1LESkSs9d29u94ooidSfPv4eroWEUc65+EL1cTg3dtRHGAf96BsZ703YqV4DMbsEOuLIl6PFD9972RMlucs/8TnI14v8/sR75T5SkQqvxjnIz7Y4XvE46kniviLcvwvrqep6nrQua5c/mr9y7PX57rKdq4rv+D94a4rxSO6P/Rvy4fjkF+balFEs7rir6f7/80OAAAAAAAAAAAAAAAAAA9afxTxbKR47d//uJpXHNW89OMXh/5g4Je754w/c4/9lGVfjIjlYm9zco/miYGjaTSlRzyX+ElWiyL+JM//++ajbgwAAAAAAAAAAAAAAAAAAMATrYgfR4qX3z+ZVqJ7TfHW7I361ea1mfaqsJ21fztrpm9sbGzUUzsbOSdyLudcybmacy1nFLl+zkbOiZzLOVdyruZcyxlHcv2cjZwTOZdzruRczbmWM3py/ZyNnBM5l3Ou5FzNuZYzDsnavQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHydFFPHzSPGtr6+nSBHRiJiIdq72PerWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAClvlTE9yJF/Q8bd7b1RESq/m07Wf5yPhpHy/xUNIbKfCUal3I2q+xpfPMRtJ/96U1F/ChS9NXevTPgefx72+/ufA3inW9svvvVnnYe6Xw48GHfJ04cvzg08uvP7PY67dSAwcut2Vu36+PDIyNjXZt78tE/1bVtIB+3eDBdJyIW33r7zebMzPTC/b8ovwL7qO6FF4f1RfQcimY8mr7zBCjv/x9Eit95/z86N/zO/f+X2u/u3OHjZ3+6ef9/efuO9nj/79le7x73/6e6tr2cfzfS2xNRW7o533siorb41tunWjebN6ZvTM+eP336S0NDXzp3uvdoRO16a2a669UDOV0AAAAAAAAAAAAAAAAAD08q4vciRfNH66keEber+VoDF4eeP/XckThSzbfaMm/7jbGrl+qvzt2cX5heXJyeqo/Ptibnpqb3erhaNd1rfHjkQDpzT/0H3P7+2qtz828ttG780dKOnx+rXbq2uLTQnNz54+iPIqLRvWWwavD48EjV6JlWc7aqOrrjZPpfXG8q4j8jxeT5evpc3pbn/22f4b9l/v/y9h0d0Pz/T3ZtK4+ZUhE/ixS//ZfPxOeqdh6Lu85ZLve3kWLwwmdzuThaluu0of1cgfbMwLLs/0aKf/z51rKd+ZBPbZY9s+cT+5gox/94pPjen38nfiNv2/r8h53H/9j2HR3Q+D/dte3YlucV7Lvr5PE/FSleeerd+M287aOe/9F59sbJXPjO8zkOaPw/3bVtIB/3tx5M1wEAAAAAAAAAAB5rvamIv4sUPxjpSS/lbXv5+39T23d0QH//6zNd26YezHpF93yx75MKAAAAAIdEbyrix5HixtK7d+ZQb53/3TX/83c3538Op22fVn/O9yvVcwMe5J//dRvIx53Yf7cBAAAAAAAAAAAAAAAAAADgUEmpiJfyeuoT1Xz+qV3XU1+NFK/99wu5XDpRluusAz9Q/Vq7Mjd76tLMzNxkc6l5bWa6PjbfnJwu6z4dKdb/5rO5blGtr95Zb769xvvmWuwLkWLk7ztl22uxd9Ymf3qz7Jmy7CcjxX/9w9aynXWsP71Z9mxZ9q8jxdf+eeeyJzbLnivLfidS/PBr9U7ZY2XZzvNRP7NZ9sXJueIARgUAAAAAAAAAAAAAAAAAAIAnTW8q4s8ixf/cXLkzlz+v/9/b9bbyzje61vvf5na1zv9Atf7/bq/vZ/3/6rkCy7sdFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPp5SFPF2pJi/sp5W+8r3bbXLrdlbt8eHR3au1p+qmkeq8uVP7czZc+e/+NLQhU5+dP0H7dl4Y+zqpfqrczfnF6YXF6en6uOzrcm5qek972G/9bcbrE5A/eabt6auX1+sn33x3JaPbw982PeJEwMXh54/9Vyn7PjwyMhYV5me3vs++l3SLtuPRhF/FSle+O5P0g/6IorY/7m4x3fnoPVXnRisOjE+PFJ1ZKbVnF0qPxztnIgiot5VqdE5Rw9hLPalEbFcNr9s8GDZvbH55kLz2sx0fbS5sNRaas3NjqZ2a8v+1KOICyliJSLW+u7eXW8U8Wak+Pbx9fQvfRFHOufhC1fGvnL67O7tKA6wj3tQtrPeG7FSPAZjdoj1RRH/FCl++t7J+Ne+iJ5o/8TnI14v8/sR70R7vFP5xTgf8cEO3yMeTz1RxP+V439xPb3XV14POteVy1+tf3n2+lxX2c515bG/PzxMh/zaVIsiflhd8dfTv/nvGgAAAAAAAAAAAAAAAOAQKeLXIsXL759M1fzgO3OKW7M36leb12ba0/o6c/86c6Y3NjY26qmdjZwTOZdzruRczbmWM4pcP2ejzNrGxkR+v5xzJedqzrWccSTXz9nIOZFzOedKztWcazmjJ9fP2cg5kXM550rO1ZxrOeOQzN0DAAAAAAAAAAAAAAAAAAA+XorqnxTf+vp62uhrry89Ee1ctR7ox97/BwAA///bhfta")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x40403, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
sendfile(r0, r0, 0x0, 0x800000009)

32.76837883s ago: executing program 0 (id=182):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r0, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="a9", 0x1}], 0x1}}], 0x1, 0x4008440)
close(0x3)

32.160744989s ago: executing program 0 (id=185):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1, [0x5, 0x4, 0x2, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f00000003c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000102,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="d6d84c0df937ed4a0cd30000f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32d7d508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f70400000000000000cee1f628d1cec3462830606bb612bfed91181cdc107bb91a2e86de2ad5", @ANYRESOCT], 0x12, 0xc38, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNiOSEml9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSoWwEAPExXRr5y+qz7PwA8Vq75/38AAAAAAAAAAAAAANjvUhTxZKSYubKSxqr3HfXL7b47d0eHhjevdiRVNQ9V5cuf+pmz585/8YXBC9283J76gPq77dPx2si1S42Xp2/PzE7MzU2MN0an2jemxye2vYed1t/oZHUCGrdfvzN+8+Zc4+zz59Z9fHfg/f4njg9cHHz21DPdsqNDw8Mja0XqveVrD9yQjq1meByOIk5Fiue++5PUiogidn4u6g937Dc6UnXiZNWJ0aHhqiOT7dbUfPnh1e6JKCIaPZWa3XO0+VhEre+h9mFrzYiFsvllg0+W3RuZac22rk9ONK62Zufb8+3pqaup09qyP40o4kKKWIyI5f77d9cXRdQixbePraTrEXGoex6+UE0M3rodxR72cRvKdjb6IhaLAzBm+1h/FPFqpPjpOyfiRr7OVNeaz0e8Wub3I94q86WIVH4xzke8t8n3iIOpFkX8ZTn+F1fSeHU96F5XLn+18eWpm9M9ZbvXlV/y/nDfleIR3R+ObMiHY59fm+pRRKu64q+kB//NDgAAAAAAAAAAAAAAAAC77UgU8alI8cp//Ek1rziqeenHLg7+4cCv9s4Zf/pD9lOWfT4iFortzck9nCcGXk1XU3rEc4kfZ/Uo4k/z/L9vPurGAAAAAAAAAAAAAAAAAAAAPNaK+HGkePHdE2kxetcUb0/dalxrXZ/srArbXfu3u2b66urqaiN1splzLOdCzsWcSzmXc0aR6+ds5hzLuZBzMedSzuWccSjXz9nMOZZzIedizqWcyzmjluvnbOYcy7mQczEvur+U3y/njH2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEdJEUX8PFJ86+srKVJENCPGopNL/Y+6dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8b1I0fij5r1ttYhI1b8dJ8pfzkfzcJkfj+ZgmS9F81LOVpW15jcfQfvZmb5UxI8iRX/97XsDnse/r/Pu3tcg3vrG2rtP1zp5qPvhwPv9Txw/dnFw+Dee3up12qwBJy+3p+7cbYwODQ+P9Gyu5aN/vGfbQD5usTtdJyLm3njz9dbk5MTsg78ovwI7qH6AXqTa49LTg/3iN3drh1HbD915NC8e9ZWJh6G8/78XKX733f/s3vA79/96/Ern3b07fPzsz9bu/y9u3NE27/+1jfXy/b+8p292/3+yZ9uL+XcjfbWI+vztmb7jEfW5N9481b7dujVxa2Lq/OnTXxoc/NK5032HI+o325MTPa925XQBAAAAAAAAAAAAAAAAPDypiN+PFK0fraRGRNyt5msNXBx89tQzh+JQNd9q3bzt10auXWq8PH17ZnZibm5ivDE61b4xPT6x3cPVq+leo0PDe9KZD3Vkj9t/pP7y9Mwbs+1bfzy/6edH65euz83Ptm5s/nEciSKi2bvlZNXg0aHhqtGT7dZUVfXqppPpf3l9qYj/ihQ3zjfSZ/O2PP9/4wz/dfP/FzbuaI/m/3+sZ1t5zJSK+Fmk+J2/ejo+W7XzaNx3znK5v4sUJy98JpeLw2W5bhs6zxXozAwsy/5fpPinn68v250P+eRa2TPbPrEHRDn+xyLF9/7iO/Fbedv65z9sPv5HN+5oj8b/qZ5tR9c9r2DHXSeP/6lI8dKTb8fn8rYPev5H99kbJ3Lhe8/n2KPx/0TPtoF83N/ena4DAAAAAAAAAAAcaH2piL+PFD8YrqUX8rbt/P2/8Y072qO///XJnm3ju7Ne0Ye+2PFJBQAAAIB9oi8V8eNIcWv+7XtzqNfP/+6Z//l7a/M/h9KGT6s/5/u16rkBu/nnf70G8nHHdt5tAAAAAAAAAAAAAAAAAAAA2FdSKuKFvJ76WDWff3zL9dSXIsUr//NcLpeOl+W668APVL/Wr0xPnbo0OTl9ozXfuj450RiZad2YKOs+FSlW/vYzuW5Rra/eXW++s8b72lrss5Fi+B+6ZTtrsXfXJn9qreyZsuzHIsV//+P6sp/L5T6xVvZsWfZvIsXX/uX+sqXja2XPlWW/Eyl++LVGt+zRsmz3+aifXCv7/I3pYo9GBgAAAAAAAAAAAAAAAAAAgMdJXyrizyPF/95evDeXP6//39fztvLWN3rW+9/gbrXO/0C1/v9Wrx9k/f/quQILWx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+mlIU8WakmLmykpb6y/cd9cvtqTt3R4eGN692JFU1D1Xly5/6mbPnzn/xhcEL3fzg+rvtU/HayLVLjZenb8/MTszNTYw3RqfaN6bHJ7a9h53W3+hkdQIat1+/M37z5lzj7PPn1n18d+D9/ieOD1wcfPbUM92yo0PDwyM9ZWp9D3z0+6Qtth+OIv46Ujz33Z+kH/RHFLHzc/Eh3529dqTqxMmqE6NDw1VHJtutqfnyw6vdE1FENHoqNbvn6CGMxY40IxbK5pcNPll2b2SmNdu6PjnRuNqanW/Pt6enrqZOa8v+NKKICyliMSKW++/fXV8U8Xqk+PaxlfSv/RGHuufhC1dGvnL67NbtKPawj9tQtrPRF7FYHIAx28f6o4h/jhQ/fedE/Ft/RC06P/H5iFfL/H7EW9EZ71R+Mc5HvLfJ94iDqRZF/H85/hdX0jv95fWge125/NXGl6duTveU7V5XDvz94WHa59emehTxw+qKv5L+3X/XAAAAAAAAAAAAAAAAAPtIEb8eKV5890Sq5gffm1PcnrrVuNa6PtmZ1ted+9edM726urraSJ1s5hzLuZBzMedSzuWcUeT6OZtl1ldXx/L7hZyLOZdyLueMQ7l+zmbOsZwLORdzLuVczhm1XD9nM+dYzoWcizmXci7njH0ydw8AAAAAAAAAAAAAAAAAAPhoKap/Unzr6ytptb+zvvRYdHLJeqAfeb8IAAD//1qT9HY=")
mount$nfs(&(0x7f0000000100)='\xd2\xa6.', 0x0, 0x0, 0x44, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)

31.761151919s ago: executing program 32 (id=185):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1, [0x5, 0x4, 0x2, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f00000003c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000102,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYBLOB="d6d84c0df937ed4a0cd30000f2e9ea9568eab74a46c525dc386983eade0b0ce5f1dd911706cf7d32d7d508d1823b8871e001000000eb4ce0a008f5cdea622fc6675e5486860a752ed0298a948efa72b2c8d8525181644a3124f3544a50f192b98f055ad125fd4674534413c6044136ea5aefac5267e43739626ea9391d8f346c4694f70400000000000000cee1f628d1cec3462830606bb612bfed91181cdc107bb91a2e86de2ad5", @ANYRESOCT], 0x12, 0xc38, &(0x7f0000001080)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThq3m6ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNiOSEml9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSoWwEAPExXRr5y+qz7PwA8Vq75/38AAAAAAAAAAAAAANjvUhTxZKSYubKSxqr3HfXL7b47d0eHhjevdiRVNQ9V5cuf+pmz585/8YXBC9283J76gPq77dPx2si1S42Xp2/PzE7MzU2MN0an2jemxye2vYed1t/oZHUCGrdfvzN+8+Zc4+zz59Z9fHfg/f4njg9cHHz21DPdsqNDw8Mja0XqveVrD9yQjq1meByOIk5Fiue++5PUiogidn4u6g937Dc6UnXiZNWJ0aHhqiOT7dbUfPnh1e6JKCIaPZWa3XO0+VhEre+h9mFrzYiFsvllg0+W3RuZac22rk9ONK62Zufb8+3pqaup09qyP40o4kKKWIyI5f77d9cXRdQixbePraTrEXGoex6+UE0M3rodxR72cRvKdjb6IhaLAzBm+1h/FPFqpPjpOyfiRr7OVNeaz0e8Wub3I94q86WIVH4xzke8t8n3iIOpFkX8ZTn+F1fSeHU96F5XLn+18eWpm9M9ZbvXlV/y/nDfleIR3R+ObMiHY59fm+pRRKu64q+kB//NDgAAAAAAAAAAAAAAAAC77UgU8alI8cp//Ek1rziqeenHLg7+4cCv9s4Zf/pD9lOWfT4iFortzck9nCcGXk1XU3rEc4kfZ/Uo4k/z/L9vPurGAAAAAAAAAAAAAAAAAAAAPNaK+HGkePHdE2kxetcUb0/dalxrXZ/srArbXfu3u2b66urqaiN1splzLOdCzsWcSzmXc0aR6+ds5hzLuZBzMedSzuWccSjXz9nMOZZzIedizqWcyzmjluvnbOYcy7mQczEvur+U3y/njH2ydi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEdJEUX8PFJ86+srKVJENCPGopNL/Y+6dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAqT8V8b1I0fij5r1ttYhI1b8dJ8pfzkfzcJkfj+ZgmS9F81LOVpW15jcfQfvZmb5UxI8iRX/97XsDnse/r/Pu3tcg3vrG2rtP1zp5qPvhwPv9Txw/dnFw+Dee3up12qwBJy+3p+7cbYwODQ+P9Gyu5aN/vGfbQD5usTtdJyLm3njz9dbk5MTsg78ovwI7qH6AXqTa49LTg/3iN3drh1HbD915NC8e9ZWJh6G8/78XKX733f/s3vA79/96/Ern3b07fPzsz9bu/y9u3NE27/+1jfXy/b+8p292/3+yZ9uL+XcjfbWI+vztmb7jEfW5N9481b7dujVxa2Lq/OnTXxoc/NK5032HI+o325MTPa925XQBAAAAAAAAAAAAAAAAPDypiN+PFK0fraRGRNyt5msNXBx89tQzh+JQNd9q3bzt10auXWq8PH17ZnZibm5ivDE61b4xPT6x3cPVq+leo0PDe9KZD3Vkj9t/pP7y9Mwbs+1bfzy/6edH65euz83Ptm5s/nEciSKi2bvlZNXg0aHhqtGT7dZUVfXqppPpf3l9qYj/ihQ3zjfSZ/O2PP9/4wz/dfP/FzbuaI/m/3+sZ1t5zJSK+Fmk+J2/ejo+W7XzaNx3znK5v4sUJy98JpeLw2W5bhs6zxXozAwsy/5fpPinn68v250P+eRa2TPbPrEHRDn+xyLF9/7iO/Fbedv65z9sPv5HN+5oj8b/qZ5tR9c9r2DHXSeP/6lI8dKTb8fn8rYPev5H99kbJ3Lhe8/n2KPx/0TPtoF83N/ena4DAAAAAAAAAAAcaH2piL+PFD8YrqUX8rbt/P2/8Y072qO///XJnm3ju7Ne0Ye+2PFJBQAAAIB9oi8V8eNIcWv+7XtzqNfP/+6Z//l7a/M/h9KGT6s/5/u16rkBu/nnf70G8nHHdt5tAAAAAAAAAAAAAAAAAAAA2FdSKuKFvJ76WDWff3zL9dSXIsUr//NcLpeOl+W668APVL/Wr0xPnbo0OTl9ozXfuj450RiZad2YKOs+FSlW/vYzuW5Rra/eXW++s8b72lrss5Fi+B+6ZTtrsXfXJn9qreyZsuzHIsV//+P6sp/L5T6xVvZsWfZvIsXX/uX+sqXja2XPlWW/Eyl++LVGt+zRsmz3+aifXCv7/I3pYo9GBgAAAAAAAAAAAAAAAAAAgMdJXyrizyPF/95evDeXP6//39fztvLWN3rW+9/gbrXO/0C1/v9Wrx9k/f/quQILWx0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+mlIU8WakmLmykpb6y/cd9cvtqTt3R4eGN692JFU1D1Xly5/6mbPnzn/xhcEL3fzg+rvtU/HayLVLjZenb8/MTszNTYw3RqfaN6bHJ7a9h53W3+hkdQIat1+/M37z5lzj7PPn1n18d+D9/ieOD1wcfPbUM92yo0PDwyM9ZWp9D3z0+6Qtth+OIv46Ujz33Z+kH/RHFLHzc/Eh3529dqTqxMmqE6NDw1VHJtutqfnyw6vdE1FENHoqNbvn6CGMxY40IxbK5pcNPll2b2SmNdu6PjnRuNqanW/Pt6enrqZOa8v+NKKICyliMSKW++/fXV8U8Xqk+PaxlfSv/RGHuufhC1dGvnL67NbtKPawj9tQtrPRF7FYHIAx28f6o4h/jhQ/fedE/Ft/RC06P/H5iFfL/H7EW9EZ71R+Mc5HvLfJ94iDqRZF/H85/hdX0jv95fWge125/NXGl6duTveU7V5XDvz94WHa59emehTxw+qKv5L+3X/XAAAAAAAAAAAAAAAAAPtIEb8eKV5890Sq5gffm1PcnrrVuNa6PtmZ1ted+9edM726urraSJ1s5hzLuZBzMedSzuWcUeT6OZtl1ldXx/L7hZyLOZdyLueMQ7l+zmbOsZwLORdzLuVczhm1XD9nM+dYzoWcizmXci7njH0ydw8AAAAAAAAAAAAAAAAAAPhoKap/Unzr6ytptb+zvvRYdHLJeqAfeb8IAAD//1qT9HY=")
mount$nfs(&(0x7f0000000100)='\xd2\xa6.', 0x0, 0x0, 0x44, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)

26.734701523s ago: executing program 2 (id=200):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x6, 0x7, 0x8001}, {{0x2, 0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0)

24.175265194s ago: executing program 2 (id=205):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

21.893061188s ago: executing program 2 (id=209):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000100)=0x8004, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x103}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000840)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x1b}, 0x9c)

20.763258639s ago: executing program 2 (id=212):
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x3, 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x30)

18.627247229s ago: executing program 2 (id=220):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x6)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x243014, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xa41, 0x10c)

18.42082912s ago: executing program 2 (id=221):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
setrlimit(0x40000000000008, &(0x7f00000002c0)={0x0, 0x5})
setresuid(0x0, 0xee00, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r1, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1})

4.700443258s ago: executing program 3 (id=273):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7fff, 0x80, 0x240}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r3, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0x9}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

4.397322458s ago: executing program 1 (id=275):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, 0x0, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001140)={0x3, 0x0, [{0x0, 0x6d, &(0x7f0000000640)=""/109}, {0x6000, 0xe8, &(0x7f00000006c0)=""/232}, {0x4000, 0x88, &(0x7f0000000fc0)=""/136}]})

4.132505283s ago: executing program 1 (id=277):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000dc0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000000e00)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x300, 0x4e20, 0x8}}}}}, 0x0)

3.943807642s ago: executing program 1 (id=278):
syz_mount_image$xfs(&(0x7f0000000040), &(0x7f0000009740)='./file0\x00', 0x4000000, &(0x7f0000000180)={[{@pquota}, {@discard}, {@nolargeio}, {@lazytime}, {@nogrpid}, {@bsdgroups}, {@quota}, {@nolazytime}]}, 0x1, 0x97ee, &(0x7f0000012f40)="$eJzs3QW8rGWheP994ACHDkGwACkxSQkD6VBESVFCkJYUEAGlQwkVFAEFFFCQ7u4u6e7u7o7/58AB8bjgcn9/74XLWuvj2bNn5t2zn3m+87zu2e9mZsl5F51zYGCcgTd68/SfnbPr7csuNuaC6x678+Dr9tphoYeGXTzyGyfjzj7sdI5hp3MODAwMGnY7g964bPBsxxw7wsDggaH/+2djjDraCGMMDIw27Oyw2xmY+Y2T0fd/c7vXhosHOunQb7f9G/9eb8yhNzL0k6WXe2WtgYGBIW/7+qHjmvbf7qi0JeeYb95/Wr3lNsKwqwf987rXTwe/8W/0fQcGRt974J0fH0O3HeltX/u/2dDvOc7kA4vf/j587/9zLTnHfAsM5z90LY447LKZh67x4degseEf5zssuvoDw6Zw0LCJG/y29fJ+PO7/n1pyjnkXHHjndTyw0Dyb3P/a6/vNwXMPDAyeZ2Bg8LwDA4Pne7896j/T+/rgq6qqqvelOeacYehz9hGG+3lgyJs/19LPhRe8PN3dAwODF3rjeeLg5d58LlhVVVVVVVVVH8zmmHOGueD5/zjv9vx/0pO3Hrfn/1VVVVVVVVX/d1pgjjlnGPpcf7jn/xO92/P/xx88dL83/vZ/9pnf+KpX3987UVVVVVVVVVXv2rwL4PP/Sd/t+f9Fx0x6ac//q6qqqqqqqv7vtMhrr7222dteZ2/YxVO/eT09/z/1vluXed8GXFVVVVVVVVX/7V595KTT/vma7xMPDPd676837PcCg4444/LL37eBfjAa9O+/D9n8/R7T/9+GOg85aNKBgbUWf7+HUu9D/2deq77+R8rfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/MW9w/H/t17//9SjVnjzveA/M+UM15/0z698/b3/By+0wCNbvE9Dfz/6sB7/H1ht0MDAMN9xVhsYGFhojkUWm3pgYOCk62eYcoqBt66bZeh1Xx1vxNffIP7N/0xknnH5hjef7I3ToQ+UgfHfuo0jXr/9BV7bZ8RBww3ibY173H77rbrkczMOfzrVO9+PEd76bMxjH3zzv2UZYbiNhrzDF795+2/el+Gdh4196qFjn2b9NdeZZr2NNv7iamsuv8pKq6y01qzTzzTdjLPOOtNM06y82horTfvGx3eas0lf/zjXe5mzMYafs0fmePucDX/f3mnOJn33OXv9Fne5cMg33pyzwf/NOZvr3eds0tWGfaNxZx9pYLnX52bQwMC4c480sOHQM9ONMjAw7jzDtp1o6LZfG2+EgYGd/nlHh342yluPwUGbD91myXkXnfON3dTAwD9P/9k7vJ/9yMNGPvuw0zmGnc75xrcZZ+CfD8XBsx1z7AhD5+JfpmOMUUcbYYyBgdGGnR12OwOzvnEy2slvbvcO77M+3EBff5mV7d/493pjDgwMjD70k4mXP3WboVP/v/A+7f9P////b16zDHrr8Tho2L9h27zhNcd8C/zze70+DUPnbsRhl8081OQ//Nb2/9K/jXfSIQOTvst43+V1cV6PHl9rnDTBlv+p18Wh8U70LuN9l9fxfcfxLnH37g+8cVP/sfEOt69b8PWPs7+Xfd3Au+/rRqQbWOmSTw2/r/vWOw/xX3aXb87RKMNt9E77uon2nGTzobc/+7vv6xYcOvaR/mVfN8LAwLhzvbmvG7rjm3ekgZ2Gnpl+6Jn5Rho4YOiZGV4/M+rAGUPPfGmFtddYcegF8//742DqQf/yB5qwzuYdbp0Nett9HzTc33cOfuN09H3ffA+nd9hvDhp2t/7LfQU9bsd5l/G+y/tP4TwPvWzFI4dM8J96/yka75B3H+87vV/2O453x2dPvf0/PN631tlIb5uu+d/LOpv0X9fZ0Ls44ttWxnv9OWxF2P6Nzyd669Y22PTBt36mGGm42/2vfqaY/93X2TirDfd12+09MOjd5ma+9zI3n/y3fdAWb5+b9/rz1tSTv3H9iO8yN6PMuuxUb87NyP/NuZnvvzs3sw+M+K9zM3hgnoGBgSmG7R/mfS9zM9G7z817fdyMBtu/8flKb1009w4Hnffm3Aw/F//V3Mz7352bSd963Ezx+nWTjTAw8sgDGy6//vrrTvfGxzfPTv/Gx3dfg3O/l7kc5z8zlx8f/E5z+c+H6hh3X7rvf7EG/22f/ubtz/3fncuBt+ZyYLXhF0t9UOv3f+7yd5e/u/zd5e8uf3f5i3uH4/9vvf7/buN8dedhv9wY6dJJJtz2/R7v+9yH+vj/MN9/Of6/7YSTXDrCwFvXvevx2Te2+UAen535jZPR939zu+GPD/JA3/n47N6zzrz1/9Lx2f+n3lyr7+H3cO3/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uLe4fj/tG/+HcB90y385LADoSM9tNVSC7/f432f+1Af/x/m+y/H/xdeaquHRhh467p3Pf7/xjaO4/93vjTvjh/k4/9vrtWO/9d/Uf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3lL+4djv/P/ubfARx66O4bv/n3AFePu/1J7/d43+c+rMf/e/9/b+3/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uKGHf8fGO7tLb/b4wKD4///t3sH/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6Yxf97+WMW/yXzxyz+388fs/j/IH/M4r9U/pjFf+n8MYv/MvljFv9l88cs/j/MH7P4L5c/ZvFfPn/M4v+j/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjF/8f5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjF/yf5Yxb/dfPHLP7r5Y9Z/NfPH7P4/zR/zOK/Qf6Yxf9n+WMW/w3zxyz+G+WPWfw3zh+z+P88f8zi/4v8MYv/JvljFv9N88cs/pvlj1n8N88fs/hvkT9m8d8yf8ziv1X+mMV/6/wxi/82+WMW/23zxyz+v8wfs/j/Kn/M4r9d/pjFf/v8MYv/DvljFv8d88cs/r/OH7P4/yZ/zOL/2/wxi/9O+WMW/53zxyz+v8sfs/j/Pn/M4r9L/pjF/w/5Yxb/XfPHLP675Y9Z/HfPH7P4/zF/zOL/p/wxi/8e+WMW/z3zxyz+e+WPWfz/nD9m8f9L/pjFf+/8MYv/PvljFv9988cs/n/NH7P4/y1/zOK/X/6YxX///DGL/9/zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvH/R/6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9J/AcN5I9Z/Aflj1n8R8gfs/iPmD9m8R+cP2bxHyl/zOI/cv6YxX+U/DGL/5D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+H8kfs/iPnz9m8Z8gf8zi/9H8MYv/hPljFv+J8scs/h/LH7P4fzx/zOL/ifwxi/8n88cs/p/KH7P4T5w/ZvGfJH/M4j9p/pjF/9P5Yxb/yd70H/I+jesDmsV/8tY/ZvGfIn/M4j9l/pjFf6r8MYv/Z/LHLP5T549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bx/1L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/3L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/kj9m8f9q/pjF/2v5Yxb/r+ePWfxnyx+z+H8jf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/zfzxyz+38ofs/gvmD9m8f92/pjFf6H8MYv/d/LHLP7fzR+z+C+cP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP7fyx+z+C+ZP2bx/37+mMX/B/ljFv+l8scs/kvnj1n8l8kfs/gvmz9m8f9h/pjFf7n8MYv/8vljFv8f5Y9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/j/OH7P4r54/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/j/JH7P4r5s/ZvFfL3/M4r9+/pjF/6f5Yxb/DfLHLP4/yx+z+G+YP2bx3yh/zOK/cf6Yxf/n+WMW/1/kj1n8N8kfs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx/2X+mMX/V/ljFv/t8scs/tvnj1n8d8gfs/jvmD9m8f91/pjF/zf5Yxb/3+aPWfx3yh+z+O+cP2bx/13+mMX/9/ljFv9d8scs/n/IH7P475o/ZvHfLX/M4r97/pjF/4/5Yxb/P+WPWfz3yB+z+O+ZP2bx3yt/zOL/5/wxi/9f8scs/nvnj1n898kfs/jvmz9m8f9r/pjF/2/5Yxb//fLHLP77549Z/P/+r/73/q+P6wOaxf+A1j9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6YxP/18v/3JP6DLs4fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/mPTBda/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljEv/XP83/37P4D8ofs/iPkD9m8R8xf8ziPzh/zOI/Uv6YxX/k/DGL/yj5Yxb/IfljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfw/kj9m8R8/f8ziP0H+mMX/o/ljFv8J88cs/hPlj1n8P5Y/ZvH/eP6Yxf8T+WMW/0/mj1n8P5U/ZvGfOH/M4j9J/pjFf9L8MYv/p/PHLP6T5Y9Z/CfPH7P4T5E/ZvGfMn/M4j9V/pjF/zP5Yxb/qfPHLP6fzR+z+H8uf8zi//n8MYv/F/LHLP5fzB+z+H8pf8ziP03+mMV/2vyxQefsOtLAwMCH3n+6/DHL+p8+f8ziP0P+mMV/xvwxi/+X88cs/jPlj1n8Z84fs/jPkj9m8Z81f8zi/5X8MYv/V/PHLP5fyx+z+H89f8ziP1v+mMX/G/ljFv/Z88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfy/mT9m8f9W/pjFf8H8MYv/t/PHLP4L5Y9Z/L+TP2bx/27+mMV/4fwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bx/17+mMV/yfwxi//388cs/j/IH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/D/PHLP7L5Y9Z/JfPH7P4/yh/zOK/Qv6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvH/cf6YxX/1/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvH/Sf6YxX/d/DGL/3r5Yxb/9fPHLP4/zR+z+G+QP2bx/1n+mMV/w/wxi/9G+WMW/43zxyz+P88fs/j/In/M4r9J/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/8v88cs/r/KH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/r/PHLP6/yR+z+P82f8ziv1P+mMV/5/wxi//v8scs/r/PH7P475I/ZvH/Q/6YxX/X/DGL/275Yxb/3fPHLP5/zB+z+P8pf8ziv0f+mMV/z/wxi/9e+WMW/z/nj1n8/5I/ZvHfO3/M4r9P/pjFf9/8MYv/X/PHLP5/yx+z+O+XP2bx3z9/zOL/9/wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/P+RP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/EQfyxyz+g/LHLP4j5I9Z/EfMH7P4D84fs/iPlD9m8R85f8ziP0r+mMV/SP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv+P5I9Z/MfPH7P4T5A/ZvH/aP6YxX/C/DGL/0T5Yxb/j+WPWfw/nj9m8f9E/pjF/5P5Yxb/T+WPWfwnzh+z+E+SP2bxnzR/zOL/6fwxi/9k+WMW/8nzxyz+U+SPWfynzB+z+E+VP2bx/0z+mMV/6vwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8X88cs/l/KH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/l/OH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/bPljFv9v5I9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8f9m/pjF/1v5Yxb/BfPHLP7fzh+z+C+UP2bx/07+mMX/u/ljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/e/ljFv8l88cs/t/PH7P4/yB/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/zB+z+C+XP2bxXz5/zOL/o/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf/H+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6Yxf8n+WMW/3Xzxyz+6+WPWfzXzx+z+P80f8ziv0H+mMX/Z/ljFv8N88cs/hvlj1n8N84fs/j/PH/M4v+L/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/NvljFv9t88cs/r/MH7P4/yp/zOK/Xf6YxX/7/DGL/w75Yxb/HfPHLP6/zh+z+P8mf8zi/9v8MYv/TvljFv+d88cs/r/LH7P4/z5/zOK/S/6Yxf8P+WMW/13zxyz+u+WPWfx3zx+z+P8xf8zi/6f8MYv/HvljFv8988cs/nvlj1n8/5w/ZvH/S/6YxX/v/DGL/z75Yxb/ffPHLP5/zR+z+P8tf8ziv1/+mMV///wxi//f88cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bx/0f+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPSfwHD+SPWfwHvTf/kf/HxvUBzeI/Qusfs/iPmD9m8R+cP2bxHyl/zOI/cv6YxX+U/DGL/5D8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMV/nPwxi/+4+WMW//Hyxyz+H8kfs/iPnz9m8Z8gf8zi/9H8MYv/hPljFv+J8scs/h/LH7P4fzx/zOL/ifwxi/8n88cs/p/KH7P4T5w/ZvGfJH/M4j9p/pjF/9P5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4v+Z/DGL/9T5Yxb/z+aPWfw/lz9m8f98/pjF/wv5Yxb/L+aPWfy/lD9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfy/nD9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/6/kj1n8v5o/ZvH/Wv6Yxf/r+WMW/9nyxyz+38gfs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOL/zfwxi/+38scs/gvmj1n8v50/ZvFfKH/M4v+d/DGL/3fzxyz+C+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL//fyxyz+S+aPWfy/nz9m8f9B/pjFf6n8MYv/0vljFv9l8scs/svmj1n8f5g/ZvFfLn/M4r98/pjF/0f5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/j/PHLP6r549Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/T/LHLP7r5o9Z/NfLH7P4r58/ZvH/af6YxX+D/DGL/8/yxyz+G+aPWfw3yh+z+G+cP2bx/3n+mMX/F/ljFv9N8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfx/mT9m8f9V/pjFf7v8MYv/9vljFv8d8scs/jvmj1n8f50/ZvH/Tf6Yxf+3+WMW/53yxyz+O+ePWfx/lz9m8f99/pjFf5f8MYv/H/LHLP675o9Z/HfLH7P4754/ZvH/Y/6Yxf9P+WMW/z3yxyz+e+aPWfz3yh+z+P85f8zi/5f8MYv/3vljFv998scs/vvmj1n8/5o/ZvH/W/6YxX+//DGL//75Yxb/v+ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4v+P/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH5P4jzSQP2bxH5Q/ZvEfIX/M4j9i/pjFf3D+mMV/pPwxi//I+WMW/1Hyxyz+Q/LHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/h/JH/M4j9+/pjFf4L8MYv/R/PHLP4T5o9Z/CfKH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4fyp/zOI/cf6YxX+S/DGL/6T5Yxb/T+ePWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/2fyxyz+U+ePWfw/mz9m8f9c/pjF//P5Yxb/L+SPWfy/mD9m8f9S/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9y/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v5I/ZvH/av6Yxf9r+WMW/6/nj1n8Z8sfs/h/I3/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/8388cs/t/KH7P4L5g/ZvH/dv6YxX+h/DGL/3fyxyz+33X5D36vG1r8F3b5v+cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/e/ljFv8l88cs/t/PH7P4/yB/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/zB+z+C+XP2bxXz5/zOL/o/wxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bxXzV/zOK/Wv6Yxf/H+WMW/9Xzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6Yxf8n+WMW/3Xzxyz+6+WPWfzXzx+z+P80f8ziv0H+mMX/Z/ljFv8N88cs/hvlj1n8N84fs/j/PH/M4v+L/DGL/yb5Yxb/TfPHLP6b5Y9Z/DfPH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/NvljFv9t88cs/r/MH7P4/yp/zOK/Xf6YxX/7/DGL/w75Yxb/HfPHLP6/zh+z+P8mf8zi/9v8MYv/TvljFv+d88cs/r/LH7P4/z5/zOK/S/6Yxf8P+WMW/13zxyz+u+WPWfx3zx+z+P8xf8zi/6f8MYv/HvljFv8988cs/nvlj1n8/5w/ZvH/S/6YxX/v/DGL/z75Yxb/ffPHLP5/zR+z+P8tf8ziv1/+mMV///wxi//f88cs/gfkj1n8D8wfs/gflD9m8T84f8zif0j+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/9T8MYv/afljFv/T88cs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bx/0f+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPSfxHHsgfs/gPyh+z+I+QP2bxHzF/zOI/OH/M4j9S/pjFf+T8MYv/KPljFv8h+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/zj5Yxb/cfPHLP7j5Y9Z/D+SP2bxHz9/zOI/Qf6Yxf+j+WMW/wnzxyz+E+WPWfw/lj9m8f94/pjF/xP5Yxb/T+aPWfw/lT9m8Z84f8ziP0n+mMV/0vwxi/+n88cs/pPlj1n8J88fs/hPkT9m8Z8yf8ziP1X+mMX/M/ljFv+p88cs/p/NH7P4fy5/zOL/+fwxi/8X8scs/l/MH7P4fyl/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fzl/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP5fyR+z+H81f8zi/7X8MYv/1/PHLP6z5Y9Z/L+RP2bxn/2/9h/lf3RcH9As/nO0/jGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/N/PHLP7fyh+z+C+YP2bx/3b+mMV/ofwxi/938scs/t/NH7P4L5w/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/t/LH7P4L5k/ZvH/fv6Yxf8H+WMW/6Xyxz6k/oOGsx556fyxD6n/6719/S+TP2bxXzZ/zOL/w/wxi/9y+WMW/+Xzxyz+P8ofs/ivkD826JxBw2bmw+2/Yv6YZf2vlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/x/nj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/5/kj1n8180fs/ivlz9m8V8/f8zi/9P8MYv/BvljFv+f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4v/z/DGL/y/yxyz+m+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/LfNH7P4/zJ/zOL/q/wxi/92+WMW/+3zxyz+O+SPWfx3zB+z+P86f8zi/5v8MYv/b/PHLP475Y9Z/HfOH7P4/y5/zOL/+/wxi/8u+WMW/z/kj1n8d80fs/jvlj9m8d89f8zi/8f8MYv/n/LHLP575I9Z/PfMH7P475U/ZvH/c/6Yxf8v+WMW/73zxyz+++SPWfz3zR+z+P81f8zi/7f8MYv/fvljFv/988cs/n/PH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/H/ljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V79F/8P/UuD6gWfyvbv1jFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+Q+MCpdZ/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf0ziP8pA/pjFf1D+mMV/hPwxi/+I+WMW/8H5Yxb/kfLHLP4j549Z/EfJH7P4D8kfs/iPmj9m8R8tf8ziP3r+mMV/jPwxi/+Y+WMW/7Hyxyz+Y+ePWfzHyR+z+I+b/7CG/Ms5i/94+WMW/4/kj1n8x88fs/hPkD9m8f9o/pjFf8L8MYv/RPljFv+P5Y9Z/D+eP2bx/0T+mMX/k/ljFv9P5Y9Z/CfOH7P4T5I/ZvGfNH/M4v/p/DGL/2T5Yxb/yfPHLP5T5I9Z/KfMH7P4T5U/ZvH/TP6YxX/q/DGL/2fzxyz+n8sfs/h/Pn/M4v+F/DGL/xfzxyz+X8ofs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+X84fs/jPlD9m8Z85f8ziP0v+mMV/1vwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/9s+WMW/2/kj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+8+WPWfznzx+z+C+QP2bx/2b+mMX/W/ljFv8F88cs/t/OH7P4L5Q/ZvH/Tv6Yxf+7+WMW/4Xzxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6Yxf97+WMW/yXzxyz+388fs/j/IH/M4r9U/pjFf+n8MYv/MvljFv9l88cs/j/MH7P4L5c/ZvFfPn/M4v+j/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjF/8f5Yxb/1fPHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjF/yf5Yxb/dfPHLP7r5Y9Z/NfPH7P4/zR/zOK/Qf6Yxf9n+WMW/w3zxyz+G+WPWfw3zh+z+P88f8zi/4v8MYv/JvljFv9N88cs/pvlj1n8N88fs/hvkT9m8d8yf8ziv1X+mMV/6/wxi/826N8jwuK/bdqYxf+X+WMW/1/lj1n8t8sfs/hvnz9m8d/hDf9XXnu/xvUBzeK/Y+sfs/j/On/M4v+b/DGL/2/zxyz+O+WPWfx3zh+z+P8uf8zi//v8MYv/LvljFv8/5I9Z/HfNH7P475Y/ZvHfPX/M4v/H/DGL/5/yxyz+e+SPWfz3zB+z+O+VP2bx//N78h/pf25cH9As/n9p/WMW/73zxyz+++SPWfz3zR+z+P81f8zi/7f8MYv/fvljFv/988cs/n/PH7P4H5A/ZvE/MH/M4n9Q/pjF/+D8MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfyPzx+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/H/ljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj8m8R8ykD9m8R+UP2bxHyF/zOI/Yv6YxX9w/pjFf6T8MYv/yPljFv9R8scs/kPyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4fyR/zOI/fv6YxX+C/DGL/0fzxyz+E+aPWfwnyh+z+H8sf8zi//H8MYv/J/LHLP6fzB+z+H8qf8ziP3H+mMV/kvwxi/+k+WMW/0/nj1n8J8sfs/hPnj9m8Z8if8ziP2X+mMV/qvwxi/9n8scs/lPnj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8v5g/ZvH/Uv6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/cv6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/L+SP2bx/+q7+u/+Pz+uD2gW/6+1/jGL/9fzxyz+s+WPWfy/kT9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6Yxf+b+WMW/2/lj1n8F8wfs/h/O3/M4r9Q/pjF/zv5Yxb/7+aPWfwXzh+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/7+WPWfyXzB+z+H8/f8zi/4P8MYv/UvljFv+l88cs/svkj1n8l80fs/j/MH/M4r9c/pjFf/n8MYv/j/LHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv8f549Z/FfPH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv+f5I9Z/NfNH7P4r5c/ZvFfP3/M4v/T/DGL/wb5Yxb/n+WPWfw3zB+z+G+UP2bx3zh/zOL/8/wxi/8v8scs/pvkj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfy3zR+z+P8yf8zi/6v8MYv/dvljFv/t88cs/jvkj1n8d8wfs/j/On/M4v+b/DGL/2/zxyz+O+WPWfx3zh+z+P8uf8zi//v8MYv/LvljFv8/5I9Z/HfNH7P475Y/ZvHfPX/M4v/H/DGL/5/yxyz+e+SPWfz3zB+z+O+VP2bx/3P+mMX/L/ljFv+988cs/vvkj1n8980fs/j/NX/M4v+3/DGL/375Yxb//fPHLP5/zx+z+B+QP2bxPzB/zOJ/UP6Yxf/g/DGL/yH5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/ifkD9m8T8xf8zif1L+mMX/5Pwxi/8p+WMW/1Pzxyz+p+WPWfxPzx+z+J+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvG/MH/M4n9R/pjF/x/5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v/Au/mP9b8wrg9oFv8HW/+Yxf+h/DGL/8P5Yxb/R/LHDP6DBg8MeTR/zOA/dP0/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/JvEfdSB/zOI/KH/M4j9C/pjFf8T8MYv/4Pwxi/9I+WMW/5Hzxyz+o+SPWfyH5I9Z/EfNH7P4j5Y/ZvEfPX/M4j9G/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8f9I/pjFf/z8MYv/BPljFv+P5o9Z/CfMH7P4T5Q/ZvH/WP6Yxf/j+WMW/0/kj1n8P5k/ZvH/VP6YxX/i/DGL/yT5Yxb/SfPHLP6fzh+z+E+WP2bxnzx/zOI/Rf6YxX/K/DGL/1T5Yxb/z+SPWfynzh+z+H82f8zi/7n8MYv/5/PHLP5fkPlP9x63s/h/Ueb/XrP4fyl/zOI/Tf6YxX/agYHN3q8hfZCz+E/X+scs/tPnj1n8Z8gfs/jPmD9m8f9y/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v5I/ZvH/av6Yxf9r+WMW/6/nj1n8Z8sfs/h/I3/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/8388cs/t/KH7P4L5g/ZvH/dv6YxX+h/DGL/3fyxyz+380fs/gvnD9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+38sfs/gvmT9m8f9+/pjF/wf5Yxb/pfLHLP5L549Z/JfJH7P4L5s/ZvH/Yf6YxX+5/DGL//L5Yxb/H+WPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/6r5Yxb/1fLHLP4/zh+z+K+eP2bxXyN/zOK/Zv6YxX+t/DGL/9r5Yxb/dfLHLP4/yR+z+K+bP2bxXy9/zOK/fv6Yxf+n+WMW/w3yxyz+P8sfs/hvmD9m8d8of8ziv3H+mMX/5/ljFv9f5I9Z/DfJH7P4b5o/ZvHfLH/M4r95/pjFf4v8MYv/lvljFv+t8scs/lvnj1n8t8kfs/hvmz9m8f9l/pjF/1f5Yxb/7fLHLP7b549Z/HfIH7P475g/ZvH/df6Yxf83+WMW/9/mj1n8d8ofs/jvnD9m8f9d/pjF//f5Yxb/XfLHLP5/yB+z+O+aP2bx3y1/zOK/e/6Yxf+P+WMW/z/lj1n898gfs/jvmT9m8d8rf8zi/+f8MYv/X/LHLP57549Z/PfJH7P475s/ZvH/a/6Yxf9v+WMW//3yxyz+++ePWfz/nj9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljH17/PS5826WjnpI/9uH1/9f1f2r+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4/yN/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHJP6jDeSPWfwH5Y9Z/EfIH7P4j5g/ZvEfnD9m8R8pf8ziP3L+mMV/FJX/qO95S4v/EJX/e8/iP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bxHyd/zOI/bv6YxX+8/DGL/0fyxyz+4+ePWfwnyB+z+H80f8ziP2H+mMV/ovwxi//H8scs/h/PH7P4fyJ/zOL/yfwxi/+n8scs/hPnj1n8J8kfs/hPmj9m8f90/pjFf7L8MYv/5PljFv8p8scs/lPmj1n8p8ofs/h/Jn/M4j91/pjF/7P5Yxb/z+WPWfw/nz9m8f9C/pjF/4v5Yxb/L+WPWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/L+ePWfxnyh+z+M+cP2bxnyV/zOI/a/6Yxf8r+WMW/6/mj1n8v5Y/ZvH/ev6YxX+2/DGL/zfyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/BfIH7P4fzN/zOL/rfwxi/+C+WMW/2/nj1n8F8ofs/h/J3/M4v/d/DGL/8L5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4v+9/DGL/5L5Yxb/7+ePWfx/kD9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/x/mj1n8l8sfs/gvnz9m8f9R/pjFf4X8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8zi/+P8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8zi/5P8MYv/uvljFv/18scs/uvnj1n8f5o/ZvHfIH/M4v+z/DGL/4b5Yxb/jfLHLP4b549Z/H+eP2bx/0X+mMV/k/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/X+aPWfx/lT9m8d8uf8ziv33+mMV/h/wxi/+O+WMW/1/nj1n8f5M/ZvH/bf6YxX+n/DGL/875Yxb/3+WPWfx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J/8Nv8R3o9xfUCz+J/S+scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/z/yxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+LQv9R38M2Fv+XhP7vJYv/y/ljFv9X8scs/q/mj1n8X8sfk/iPPpA/ZvEflD9m8R8hf8ziP2L+mMV/cP6YxX+k/DGL/8j5Yxb/UfLHLP5D8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+H8kf8ziP37+mMV/gvwxi/9H88cs/hPmj1n8J8ofs/h/LH/M4v/x/DGL/yfyxyz+n8wfs/h/Kn/M4j9x/pjFf5L8MYv/pPljFv9P549Z/CfLH7P4T54/ZvGfIn/M4j9l/pjFf6r8MYv/Z/LHLP5T549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bx/1L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/3L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/kj9m8Z97SP6Uxf9rrX/M4v/1/DGL/2z5Yxb/b+SPWfxnzx+z+M+RP2bxnzN/zOI/V/6YxX/u/DGL/zz5Yxb/efPHLP7z5Y9Z/OfPH7P4L5A/ZvH/Zv6Yxf9b+WMW/wXzxyz+384fs/gvlD9m8f9O/pjF/7v5Yxb/hfPHLP6L5I9Z/BfNH7P4L5Y/ZvFfPH/M4r9E/pjF/3v5Yxb/JfPHLP7fzx+z+P8gf8ziv1T+mMV/6fwxi/8y+WMW/2Xzxyz+P8wfs/gvlz9m8V8+f8zi/6P8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8V81f8ziv1r+mMX/x/ljFv/V88cs/mvkj1n818wfs/ivlT9m8V87f8ziv07+mMX/J/ljFv9188cs/uvlj1n8188fs/j/NH/M4r9B/pjF/2f5Yxb/DfPHLP4b5Y9Z/DfOH7P4/zx/zOL/i/wxi/8m+WMW/03zxyz+m+WPWfw3zx+z+G+RP2bx3zJ/zOK/Vf6YxX/r/DGL/zb5Yxb/bfPHLP6/zB+z+P8qf8ziv13+mMV/+/wxi/8O+WMW/x3zxyz+v84fs/j/Jn/M4v/b/LEPnf/bkN/uv1P+2IfO/x3W/875Yxb/3+WPWfx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP/am/8CQgYEPs/8p+WOW9X9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+P8jf8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB9z+Cf/Tjn8B0Z/qEcBZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/MQbyxyz+g/LHLP4j5I9Z/EfMH7P4D84fs/iPlD9m8R85f8ziP0r+mMV/SP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv+P5I9Z/MfPH7P4T5A/ZvH/aP6YxX/C/DGL/0T5Yxb/j+WPWfw/nj9m8f9E/pjF/5P5Yxb/T+WPWfwnzh+z+E+SP2bxnzR/zOL/6fwxi/9k+WMW/8nzxyz+U+SPWfynzB+z+E+VP2bx/0z+mMV/6vwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8X88cs/l/KH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/l/OH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/bPljFv9v5I9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8f9m/pjF/1v5Yxb/BfPHLP7fzh+z+C+UP2bx/07+mMX/u/ljFv+F88cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMX/e/ljFv8l88cs/t/PH7P4/yB/zOK/VP6YxX/p/DGL/zL5Yxb/ZfPHLP4/zB+z+C+XP2bxXz5/zOL/o/wxi/8K+WMW/xWN/u/hDlv8VzL6v4cs/ivnj1n8V8kfs/ivmj9m8V8tf8zi/+P8MYv/6vljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8zi/5P8MYv/uvljFv/18scs/uvnj1n8f5o/ZvHfIH/M4v+z/DGL/4b5Yxb/jfLHLP4b549Z/H+eP2bx/0X+mMV/k/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/X+aPWfx/lT9m8d8uf8ziv33+mMV/h/wxi/+O+WMW/1/nj1n8f5M/ZvH/bf6YxX+n/DGL/875Yxb/3+WPWfx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/j/I3/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/LEPt//tb146xq35Yx9u/7ca47b8MYv/7fljFv878scs/nfmj1n878ofs/jfnT9m8b8nf8zif2/+2IfUf8rhLh3jvvyxD6n/6719/d+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+T+I85kD9m8R+UP2bxHyF/zOI/Yv6YxX9w/pjFf6T8MYv/yPljFv9R8scs/kPyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4fyR/zOI/fv6YxX+C/DGL/0fzxyz+E+aPWfwnyh+z+H8sf8zi//H8MYv/J/LHLP6fzB+z+H8qf8ziP3H+mMV/kvwxi/+k+WMW/0/nj1n8J8sfs/hPnj9m8Z8if8ziP2X+mMV/qvwxi/9n8scs/lPnj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8v5g/ZvH/Uv6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/cv6YxX+m/DGL/8z5Yxb/WfLH/sV/2GXjvM9j+v/VO/jPmj9mWf9fyR+z+H81f8zi/7X8MYv/1/PHLP6z5Y9Z/L+RP2bxnz1/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjF/5v5Yxb/b+WPWfwXzB+z+H87f8ziv1D+mMX/O/ljFv/v5o9Z/BfOH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv/v5Y9Z/JfMH7P4fz9/zOL/g/wxi/9S+WMW/6Xzxyz+y+SPWfyXzR+z+P8wf8ziv1z+mMV/+fwxi/+P8scs/ivkj1n8V8wfs/ivlD9m8V85f8ziv0r+mMV/1fwxi/9q+WMW/x/nj1n8V88fs/ivkT9m8V8zf8ziv1b+mMV/7fwxi/86+WMW/5/kj1n8180fs/ivlz9m8V8/f8zi/9P8MYv/BvljFv+f5Y9Z/DfMH7P4b5Q/ZvHfOH/M4v/z/DGL/y/yxyz+m+SPWfw3zR+z+G+WP2bx3zx/zOK/Rf6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/LfNH7P4/zJ/zOL/q/wxi/92+WMW/+3zxyz+O+SPWfx3zB+z+P86f8zi/5v8MYv/b/PHLP475Y9Z/HfOH/uw+g8Zzv93+WMfVv+B4fx/nz9m8d8lf8zi/4f8MYv/rvljFv/d8scs/rvnj1n8/5g/ZvH/U/6YxX+P/DGL/575Yxb/vfLHLP5/zh+z+P8lf8ziv3f+mMV/n/wxi/+++WMW/7/mj1n8/5Y/ZvHfL3/M4r9//pjF/+/5Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/j/I3/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/7hvff/H95XB/QLP73t/4xi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMR/rIH8MYv/oPwxi/8I+WMW/xHzxyz+g/PHLP4j5Y9Z/EfOH7P4j5I/ZvEfkj9m8R81f8ziP1r+mMV/9Pwxi/8Y+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6Yxf8j+WMW//Hzxyz+E+SPWfw/mj9m8Z8wf8ziP1H+mMX/Y/ljFv+P549Z/D+RP2bx/2T+mMX/U/ljFv+J88cs/pPkj1n8J80fs/h/On/M4j9Z/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8P5M/ZvGfOn/M4v/Z/DGL/+fyxyz+n88fs/h/IX/M4v/F/DGL/5fyxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/5fzxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/lfwxi/9X88cs/l/LH7P4fz1/zOI/W/6Yxf8bav/lRn+nayz+s6v93zmL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv9v5o9Z/L+VP2bxXzB/zOL/7fwxi/9C+WMW/+/kj1n8v5s/ZvFfOH/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8v5c/ZvFfMn/M4v/9/DGL/w/yxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOL/w/wxi/9y+WMW/+Xzxyz+P8ofs/ivkD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfx/nD9m8V89f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfx/kj9m8V83f8ziv17+mMV//fwxi/9P88cs/hvkj1n8f5Y/ZvHfMH/M4r9R/pjFf+P8MYv/z/MfGBgY9d8usfj/In/M4r9J/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/8v88cs/r/KH7P4b5c/ZvHfPn/M4r9D/pjFf8f8MYv/r/PHLP6/yR+z+P82f8ziv1P+mMV/5/wxi//v8scs/r/PH7P475I/ZvH/Q/6YxX/X/DGL/275Yxb/3fPHLP5/zB+z+P8pf8ziv0f+mMV/z/wxi/9e+WMW/z/nj1n8/5I/ZvHfO3/M4r9P/pjFf9/8MYv/X/PHLP5/yx+z+O+XP2bx3z9/zOL/9/wxi/8B+WMW/wPzxyz+B+WPWfwPzh+z+B+SP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/ifkj9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/P+RP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5YxL/sQfyxyz+g/LHLP4j5I9Z/EfMH7P4D84fs/iPlD9m8R85f8ziP0r+mMV/SP6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv+P5I9Z/MfPH7P4T5A/ZvH/aP7Y/8fO3Yd7Xdd3HP9xT5azT7sudWnDoTHXZiQyGrUQFcXjzSkTzbxHPQLJjdxIgCmw0Uodmy51s2ATC8ecrVricHPdrWhY1myN2FrlFNfCGHOwyJyx68A5BGdvz7XzZd+vm+/H4w/O+f2O71/K83r5+3lxXWXpf5j+oSz9D9c/lKX/z+gfytL/1fqHsvQ/Qv9Qlv5H6h/K0v81+oey9P9Z/UNZ+g/TP5Sl/1H6h7L0/zn9Q1n6D9c/lKX/0fqHsvQ/Rv9Qlv6v1T+Upf8I/UNZ+v+8/qEs/Y/VP5Sl/y/oH8rS/3X6h7L0/0X9Q1n6/5L+oSz9j9M/lKX/6/UPZek/Uv9Qlv5v0D+Upf/x+oey9B+lfyhL/xP0D2XpP1r/UJb+v6x/KEv/MfqHsvR/o/6hLP1/Rf9Qlv5j9Q9l6f8m/UNZ+r9Z/1CW/r+qfyhL/7foH8rSf5z+oSz9T9Q/lKX/eP1DWfqfpH8oS/+T9Q9l6X+K/qEs/SfoH8rS/1T9Q1n6n6Z/KEv/ifqHsvQ/Xf9Qlv5t+oey9D9D/1CW/mfqH8rS/yz9Q1n6n61/KEv/dv1DWfq/Vf9Qlv5v0z+Upf85+oey9H+7/qEs/c/VP5Sl/yT9Q1n6n6d/KEv/8/UPZen/Dv1DWfpfoH8oS/936h/K0v9C/UNZ+l+kfyhL/4v1D2Xpf4n+oSz9L9U/lKX/ZfqHsvS/XP9Qlv6T9Q9l6X+F/qEs/a/UP5Sl/1X6h7L079A/lKX/1fqHsvSfon8oS/+p+oey9J+mfyhL/3fpH8rS/xr9Q1n6T9c/lKX/DP1DWfrP1D+Upf8s/UNZ+l+rfyhL/9n6h7L0n6N/KEv/ufqHsvSfp38oS//r9A9l6T9f/1CW/u/WP5Sl/wL9Q1n6L9Q/lKX/Iv1DWfpfr38oS//36B/K0v8G/UNZ+t+ofyhL/8X6h7L0X6J/KEv/pfqHsvT/Nf1DWfr/uv6hLP2X6R/K0v+9+oey9P8N/UNZ+r9P/1CW/u/XP5Sl/036h7L0v1n/UJb+t+gfytL/N/UPZem/XP9Qlv6/pX8oS//f1j+Upf+t+oey9L9N/1CW/r+jfyhL/w/oH8rS/3b9Q1n636F/KEv/O/UPZen/u/qHsvT/Pf1DWfrfpX8oS/8P6h/K0v9D+oey9F+hfyhL/5X6h7L0/339Q1n6/4H+oSz979Y/lKX/Kv1DWfrfo38oS/8P6x/K0v8j+oey9F+tfyhL/3v1D2Xp/4f6h7L0X6N/KEv/P9I/lKX/ffqHsvT/Y/1DWfrfr38oS/+P6h/K0v9P9A9l6f8x/UNZ+n9c/1CW/p/QP5Sl/5/qH8rS/5P6h7L0f0D/UJb+a/UPZen/oP6hLP3/TP9Qlv7r9A9l6f+Q/qEs/f9c/1CW/n+hfyhL/4f1D2Xp/5f6h7L0/5T+oSz9P61/KEv/z+gfytL/s/qHsvT/nP6hLP3/Sv9Qlv6f1z+Upf8X9A9l6b9e/1CW/l/UP5Sl/1/rH8rSf4P+oSz9H9E/lKX/l/QPZen/Zf1DWfo/qn8oS/+v6B/K0v+r+oey9P8b/UNZ+j+mfyhL/6/pH8rS/2/1D2Xp/3X9Q1n6/53+oSz9N+ofytL/G/qHsvTfpH8oS/+/1z+Upf8/6B/K0v+b+oey9P9H/UNZ+n9L/1CW/t/WP5Sl/3f0D2Xp/7j+oSz9/0n/UJb+T+gfytL/Sf1DWfpv1j+Upf9T+oey9P9n/UNZ+n9X/1CW/v+ifyhL/+/pH8rSf4v+oSz9n9Y/lKX/9/UPZem/Vf9Qlv7/qn8oS/9t+oey9P83/UNZ+j+jfyhL/3/XP5Sl/3b9Q1n679A/lKX/f+gfytL/B/qHsvTfqX8oS/8f6h/K0v9Z/UNZ+v9I/1CW/s/pH8rS/z/1D2Xp/7z+oSz9f6x/KEv/XfqHkvR/ZUv/UJb+/fQPZenfX/9Qlv4D9A9l6T9Q/1CW/oP0D2XpP1j/UJb+Q/QPZek/VP9Qlv4v0z+Upf9B+oey9H+5/qEs/V+hfyhL/4P1D2Xp/1P6h7L0P0T/0EuuPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP81cxcuumby9Okdc3zjG9/4Zu83L/a/mQAAgP9tP/nQ/2L/nQAAAAAAAAAAAAAAAAAAAEBeTfzfib3Y/4wAAAAAAAAAAAAAAPD/XVv7SVsH9NvvqQH7PnjNox27v47eecHU1asfLN1fu358ZvCS/fd9sGvXrl0rnxk3oevhkFar1fm/9squx0N7Hne+/pJhKw7f86iM//ydj1866eCz5qy9beA3Vt7S/vSg3c8Oal1+9bTpHW/o32qVUwa1FnQ+OL5fq1VOG9S6tfPBqM4HEwe11nQ+OGH3g5e1PtP54PVXzpp+VecTp1f+PYOXirb2Ja0B+y22td+/Dfbd/5JhT0zt/trLS3a/2sBW1/6Hr/3SYT1+1u0F9t/9+uWknvvv8z8g8IL6tv9nN3V/7eUl/9v7/4c37FwU/eyF99/9+uVk+4f6BJ//99toz8/9PT7/HxW85N77E4duuL1z/23n3Xdk11MD/yef/3/y+uWUnvvvv9/n/87P8RO6P/8PabXKqQf42wGptLUv3drb+3/v+x/46h43/fbd/z1f2fyKzv3f+1xrWddTg/q4/wm9vf/f1OPvFeibtvZVu3q8//dh/60RwUvu3f+WtQfv/vy/+f4rD93nZ33Z/6k99z9y3oxrR85duOi4aTMmT+mY0jFz7Kgxx48eO3bMmJG7PxHs+fUAf1MgiQN7/28d1OOmX6vVsfd+/X23TOjc/7aHln2k66mhfdz/ab2+/x/l/R9Cw/u3Bg9uLZg8b96c4/f82v1w1J5f9/xlwf778N//Rx/b9Zd1/5lhv1br8L33Iy4dO6Rz/9fPLuu6nhrcx/1P7HX/4/f/s0qgbw7w/f+qHjf77f/ELTfO79z/MT941eaup/r63/+n97r/u73/w4Foa2/V+ibauf8Thiw9o9p1afPnf1CfJvY/bPutO6pdlzPsH+rTxP4nLX/zFdWuy5n2D/VpYv8PzrhsebXrcpb9Q32a2P/zP73jiGrX5Wz7h/o0sf/HvvvU6mrXpd3+oT5N7P+Dd7WfUO26vNX+oT5N7P+46344rtp1eZv9Q32a2P/VLz93TbXrco79Q32a2P8Zu04+tNp1ebv9Q32a2H+/pd9bUu26nGv/UJ8m9v/k5OWzql2XSfYP9Wli/2uGjXi22nU5z/6hPk3sf9nTb5xY7bqcb/9Qnyb2/9U7VjxW7bq8w/6hPk3s/xMXv2pFtetygf1DfZrY/4+GP3RQtevyTvuH+jSx/40b1zxQ7bpcaP9Qnyb2v3LNgOHVrstF9g/1aWL/i0+f8mi163Kx/UN9mtj/6DFfvqjadbnE/qE+Tez/8M9966lq1+VS+4f6NLH/cx+eP7fadbnM/qE+Tex//hEf/3G163K5/UN9mtj/WzqOmFrtuky2f6hPE/svtx20sdp1ucL+oT5N7P/CbavGV7suV9o/1KeJ/a875Asfq3ZdrrJ/qE8T+98+e+bYatelw/6hPk3s/zvvXfy+atflavuH+jSx/9uf+3qpdl2m2D/Up4n9bxl14cXVrstU+4f6NLH/VWc980i16zLN/qE+Tex/+brH51W7Lu+yf6hPE/tfv/7MJ6pdl2vsH+rTxP6PGTHy4GrXZbr9Q32a2P+sC5Z9qNp1mWH/UJ8m9n/K/Xe8ttp1mWn/UJ8m9j/0a+M+We26zLJ/qE8T+//0uPd/qtp1udb+oT5N7H/H+KOPrXZdZts/1KeJ/W96YNSd1a7LHPuH+jSx/w88clfF6zLX/qE+Tex/9uue31btusyzf6hPE/t/06TzF1a7LtfZP9Snif0fevfEL1a7LvPtH+rTxP4v+fb3z6l2Xd5t/1CfJvZ/9GFXHFntuiywf6hPE/ufOm3DzdWuy0L7h/o0sf8JKzeNrnZdFtk/1KeJ/R/y5Nx7ql2X6+0f6tPE/rcOOOzsatflPfYP9Wli//fe8PA3q12XG+wf6tPE/m++6aMd1a7LjfYP9Wli/5/dOXh7teuy2P4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2IHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WQfRuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAUAAD//3II6Vg=")
symlink(&(0x7f0000000900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1acd060, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
rename(0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/49, 0x31)

3.363708609s ago: executing program 33 (id=221):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
setrlimit(0x40000000000008, &(0x7f00000002c0)={0x0, 0x5})
setresuid(0x0, 0xee00, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r1, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1})

3.332672572s ago: executing program 3 (id=280):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000063e000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x29, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f3266b9ab0900000f32f2f031b3e759dc2c", 0x38}], 0x1, 0x9f6a364b3fac2a67, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.25093871s ago: executing program 4 (id=281):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = eventfd2(0xff, 0x80801)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x1, r1})
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x2006})
read$eventfd(r1, &(0x7f0000000040), 0x8)

2.94878312s ago: executing program 4 (id=282):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x101001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x1, 0x0, @ioapic={0x8000000, 0x5fa, 0x84, 0x1ff, 0x0, [{0x6d, 0x6, 0x9, '\x00', 0xe}, {0x8, 0xb, 0x72, '\x00', 0x4}, {0x0, 0x7f, 0x9, '\x00', 0x2}, {0x81, 0x3, 0x8, '\x00', 0x2}, {0xb7, 0x50, 0x7f, '\x00', 0x60}, {0x0, 0x0, 0x2}, {0x6, 0x9, 0x1, '\x00', 0xa}, {0xd, 0x7, 0xb, '\x00', 0x4}, {0xe, 0x0, 0x0, '\x00', 0xff}, {0x0, 0x3, 0x0, '\x00', 0x6}, {0x40, 0x4, 0x3, '\x00', 0x1}, {0x8, 0x7, 0x19, '\x00', 0xff}, {0x5, 0x86, 0xc, '\x00', 0xf9}, {0x5, 0x4f, 0x2}, {0x4, 0x4, 0x96, '\x00', 0x7}, {0xb, 0x0, 0x7, '\x00', 0x7f}, {0x3, 0x7, 0xd1, '\x00', 0x4}, {0x6c, 0x4, 0x2, '\x00', 0x3}, {0x8, 0x6, 0xc0}, {0x3e, 0x4c, 0xd, '\x00', 0x3}, {0x7, 0xff, 0x2, '\x00', 0x11}, {0x3, 0x0, 0x6, '\x00', 0x4}, {0x93, 0x9, 0x4, '\x00', 0xe6}, {0x3, 0x8, 0xdf}]}})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"0bd13af7e222d7b82977a894bcf2d741b99f8f02da617b9ad94014424a83db0314f34fdfe9a260e953f1aaf3610eec4c839a08a42b569d1e59b5520d8ad988ecacf773bc8c1855c13291a20986512ff73d4967f734679cb88ac4c1013a6d38828f96b71019283ce07d08bbb370738322ffae7a0afc79279598c1166ec564d5be5344fc87a5f00ca1354bced1fccde226dcd6e864d8262199e37fda0824cafccbe5f8cd0518aa106eb5f8a0986aca2d05a5eaa0177c72d3caeb3579fd729cfe1e7c8e2bb7a9dcfc32e31c7dd4cb48b11128a933481391a63c788de6306217984ef3aa5c402cf680385d96c065818632f2eb3b976ae7997d793ee5a91e26017c70319748f5b8505ce26e2fc2a50296523adc134596ff6ce79f6b58e5ca0612085af940096fb90cb23a7eac4d0e1f0933ef17dd5b760ed2864d8cc3dca7174f7d10bc4ccde5463f72f0265c673a73a1d7d41a581d8491c8f37615278b543c2c3310ae461a924409d0b5a1a75085d800e69f7351d6f2e058d6323d3ae70c7a1b7961a017dcbd827381d2133be3eda141656239ee6859843e51305726cc2444f1360e65e2993842d09428843f2c50c989084ed7722d34e930873d420e9c9fffda5fedf8370000000000000000885e2e653d083ccc91792e12e3082139763d44f68d1115d8e545444accee3bb38a9fa3b9ff7172868cfaf0a8f22a6939248404db646f2aa405a21b953498132fe3167e4783623451da9253e12187b4086f56bdd827e75a5523e04683335992552fa2cce95d2b23833d57bf2872f9e428b374d049a35636113207f68e34d7f1392c05add0d78b9d999c7a5d47dcbb803bcab54544dbceb73f41d5ac0970883308fecd0edcbb3eea10c1b56c851d13ff248353994d4fc68815b1bf45d202c9944b5cecc4d09a99b422ef51442a8c16e1dbb6a955c4618d592d43cd7e52c206929662f178afe060401868ffaf0db2f1eb3aaeb591be9eae546ae97266315e87487dd399ea4ec20423904c3953376a3ab41853f00b720b270b6ae8fd3cbd6c66e4af6d15bbae6aa085e56a3f8ca4a40117a72209d18e4e31e06389650b8115ef5f1fcd8c2d56b37d66fff06008836e501304a332dd3a9e6eea4f8f8d9e3671edc0abe7788692ba653850e980c36a4d3f60d090a58e34fa033b8e92ce7c19a1730872bd9b58530729400823e68ebb0ab9294bebfcd5404194a9dce119d204e01736b57ef37f7bc11ebf9bbf4d33a35ccebc67a3e38bc092cc208e8d70f33d830d26e16b5adcfb3a8928ececc4273771716dce7a0cd4d6f37f8cf70242fe91f09d9d07745e60c35b93bc343eb27751afc6ffb4693ef290668824287595c20cda170ff582c630e2a5df595cb8b7868b8f28665c7fb592d8763b6a0c3e20154f6400"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @pic={0x1, 0x5, 0xff, 0xf, 0x9, 0x8, 0x80, 0xf7, 0x2, 0x0, 0x9, 0x3, 0x0, 0x2, 0x9}})

2.622770402s ago: executing program 3 (id=283):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="11000000040000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r4, r1, 0x25, 0x4, @val=@tcx}, 0x1c)
syz_emit_ethernet(0xfdef, &(0x7f0000000300)={@random="6ea88d319b8c", @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@x25={0x805, {0x0, 0x1, 0xb}}}}, 0x0)

2.376062686s ago: executing program 1 (id=284):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000000a00), 0x2, 0x3d0, &(0x7f00000004c0)="$eJzs3M1uG0UcAPD/br5I+mEjcUCFgyUQBAFxHQhQhEThyscFeAArSUuF21SNkWjJoSBOnDggbhz6Ahx4gKpCSEi8Ai+AKlUozQFuQWvvOm4cp7Fix2r6+0mjndkdZ/bv3axm1rsTwGOrEhHnI2IiIhYjopSvT/MUN9spq3d/c2N5a3NjOYnt7U/+SSLJ1xV/K8mXJ/LCfBqRfhfxzM3edtev3/ii3misXsvL1eblq9X16zdevXS5fnH14uqV2pvnarWlxbdqrw8t1p+ef+ncxPvnz/z8V+nO0vT0bLa/J/Nt3XEMSyUqne9kt6VhNzZm0+PeAQAADiTN+/6Trf5/KSZaubZSVDfGunMAAADAUGy/my8BAACAYywx9gcAAIBjrngO4P7mxnKRxvg4wpG7915ElHfebd7qxD8ZT+R1pkb4fmslIq6+kJSyFCN6DxkAoNudrP9zdq/+XxpPd9WbiWj1h2aH3H5lV7m3/5PeHXKTD8j6f+9ExFZP/y8tqpQn8tKpVldxKrlwqbF6NiJOR8R8TM1k5do+bXzw7y8f99uWxf97cup0kbL2s+VOjfTu5MyDn1mpN+uHibnbvW8izkzuFX/S6f8mETF3iDYmvr71dr9tD49/tLZvRby45/Hfmbkn2X9+omrrfKgWZ0Wv/7799aN+7Y87/uz4z+0ffznpnq9pffA2bn/+57P9tnWPfwY5/6eTT1v5Ylz2Vb3ZvFaLmE4+7F2/uPPZolzUz+Kff27v///i+pfkc1qdzK8Bg/r+h99eOUj8WcraL8aCRyGLf2Wg4z945o3bf3zWr/2Hx58d//YcYPP5moNc/w66g4f57gAAAOBRkbbuayTpQiefpgsL7fsdT8Vc2lhbb758Ye3LKyvt+x/lmEqLO12lrvuhtfbP6J3y4q7yaxHxZET8WJptlReW1xor4w4eAAAAHhMn+oz/M38f2VMIAAAAwMiVx70DAAAAwMgZ/wMAAMCxdph5/WRkZI5rZtxXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfb/wEAAP//Wt22ag==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8042, 0x0)
r1 = open(&(0x7f00000004c0)='./bus\x00', 0x10b042, 0x0)
ftruncate(r1, 0x2008002)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x126)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
fallocate(r0, 0x3, 0x80007, 0x8000c62)

2.33748346s ago: executing program 3 (id=285):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000002440)='./file0\x00', 0x2000000, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x185093, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x20000, 0x0)
move_mount(r1, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x152)

2.289233345s ago: executing program 4 (id=286):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
unshare(0x26020480)
umount2(&(0x7f0000000100)='./file0\x00', 0x0)

1.854857958s ago: executing program 1 (id=287):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x200000, 0x4)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000240)={0x0, 0x1228000, 0x1000, 0x2, 0x1}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)

1.311624251s ago: executing program 3 (id=288):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002740)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000300)="9b", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f00000017c0)="f0", 0x1}], 0x1}}], 0x2, 0x20000010)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0xffff, 0x1, [0x2]}, 0xa)

1.309723751s ago: executing program 4 (id=289):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4", 0x390}], 0x1}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400200010000100000000b40d0011"], 0x28}, 0x1, 0x0, 0x0, 0x4000040}, 0x10)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12008864"], 0xfce)

844.692267ms ago: executing program 3 (id=290):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB="000106"], 0x0, 0x0})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

316.775359ms ago: executing program 34 (id=290):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)=ANY=[@ANYBLOB="000106"], 0x0, 0x0})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

302.32372ms ago: executing program 4 (id=292):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001b00)={0x1, 0x0, [{0x0, 0x0, 0x0}]})

183.234842ms ago: executing program 4 (id=293):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@broadcast, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0xff, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x82}}}}}}}, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="fb01"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

0s ago: executing program 1 (id=294):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f00000003a8407a730b93bf0280b3"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000040), 0x0, 0x40a00)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f00000001c0)={0x3, 0x0, 0x17c, 0xa, 0x4, 0x4})
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0x3)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.10.1' (ED25519) to the list of known hosts.
[   59.739355][ T5771] cgroup: Unknown subsys name 'net'
[   59.878085][ T5771] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   61.226566][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.099492][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.105005][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   63.107565][ T5791] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.124311][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.132717][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.140818][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   63.148775][ T5792] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.148860][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   63.159444][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.164581][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.172539][ T5794] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   63.179316][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   63.184260][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.191628][ T5791] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.198880][ T5794] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.212541][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.213428][ T5791] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.219868][ T5794] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   63.230543][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   63.234637][ T5794] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   63.240949][ T5791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.256193][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.266520][ T5785] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   63.274117][ T5785] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.690519][ T5780] chnl_net:caif_netlink_parms(): no params data found
[   63.784140][ T5781] chnl_net:caif_netlink_parms(): no params data found
[   63.851209][ T5782] chnl_net:caif_netlink_parms(): no params data found
[   63.882075][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.889765][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.897154][ T5780] bridge_slave_0: entered allmulticast mode
[   63.903893][ T5780] bridge_slave_0: entered promiscuous mode
[   63.917608][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.924755][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.931929][ T5780] bridge_slave_1: entered allmulticast mode
[   63.938926][ T5780] bridge_slave_1: entered promiscuous mode
[   63.949508][ T5783] chnl_net:caif_netlink_parms(): no params data found
[   64.059009][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.069212][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.076761][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.083938][ T5781] bridge_slave_0: entered allmulticast mode
[   64.090560][ T5781] bridge_slave_0: entered promiscuous mode
[   64.110409][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.120404][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.127906][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.135531][ T5781] bridge_slave_1: entered allmulticast mode
[   64.142772][ T5781] bridge_slave_1: entered promiscuous mode
[   64.152978][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.160072][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.167353][ T5782] bridge_slave_0: entered allmulticast mode
[   64.175106][ T5782] bridge_slave_0: entered promiscuous mode
[   64.217592][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.224935][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.232811][ T5782] bridge_slave_1: entered allmulticast mode
[   64.239407][ T5782] bridge_slave_1: entered promiscuous mode
[   64.248726][ T5780] team0: Port device team_slave_0 added
[   64.257282][ T5780] team0: Port device team_slave_1 added
[   64.302358][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.346351][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.367042][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.375184][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.401103][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.413137][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.420233][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.427696][ T5783] bridge_slave_0: entered allmulticast mode
[   64.434757][ T5783] bridge_slave_0: entered promiscuous mode
[   64.443544][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.455366][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.478102][ T5781] team0: Port device team_slave_0 added
[   64.484759][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.491873][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.517920][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.529636][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.537109][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.544249][ T5783] bridge_slave_1: entered allmulticast mode
[   64.550871][ T5783] bridge_slave_1: entered promiscuous mode
[   64.568244][ T5781] team0: Port device team_slave_1 added
[   64.610771][ T5782] team0: Port device team_slave_0 added
[   64.650981][ T5782] team0: Port device team_slave_1 added
[   64.657532][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.664601][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.690543][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.704337][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.716435][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.752370][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.759341][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.785659][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.810735][ T5780] hsr_slave_0: entered promiscuous mode
[   64.817546][ T5780] hsr_slave_1: entered promiscuous mode
[   64.866359][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.873797][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.900215][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.912620][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.919565][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.945585][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.959738][ T5783] team0: Port device team_slave_0 added
[   64.997840][ T5783] team0: Port device team_slave_1 added
[   65.066135][ T5781] hsr_slave_0: entered promiscuous mode
[   65.073019][ T5781] hsr_slave_1: entered promiscuous mode
[   65.079069][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.087155][ T5781] Cannot create hsr debugfs directory
[   65.102059][ T5782] hsr_slave_0: entered promiscuous mode
[   65.108453][ T5782] hsr_slave_1: entered promiscuous mode
[   65.114569][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.122435][ T5782] Cannot create hsr debugfs directory
[   65.128945][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.136220][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.162372][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.175269][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.182310][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.209198][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.292505][ T5785] Bluetooth: hci3: command tx timeout
[   65.292518][ T5791] Bluetooth: hci1: command tx timeout
[   65.347674][ T5783] hsr_slave_0: entered promiscuous mode
[   65.353983][ T5783] hsr_slave_1: entered promiscuous mode
[   65.360031][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.367653][ T5783] Cannot create hsr debugfs directory
[   65.376008][ T5785] Bluetooth: hci0: command tx timeout
[   65.376024][ T5791] Bluetooth: hci2: command tx timeout
[   65.573011][ T5780] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.601021][ T5780] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.610137][ T5780] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.620830][ T5780] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.702599][ T5782] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.718230][ T5782] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.728563][ T5782] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.739235][ T5782] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.834608][ T5781] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.846058][ T5781] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.856639][ T5781] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.875114][ T5781] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.940972][ T5783] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   65.955683][ T5783] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   65.968102][ T5783] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   65.979555][ T5783] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   66.022910][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.071511][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[   66.086046][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.107425][ T2908] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.114765][ T2908] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.145890][ T5782] 8021q: adding VLAN 0 to HW filter on device team0
[   66.171614][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.178794][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.189275][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.196393][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.228794][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.235934][ T2908] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.275158][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.339682][ T5781] 8021q: adding VLAN 0 to HW filter on device team0
[   66.361130][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.368308][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.390636][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.402921][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.410039][ T2908] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.429449][ T5782] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   66.442192][ T5782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.530780][ T5783] 8021q: adding VLAN 0 to HW filter on device team0
[   66.553922][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.561073][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.610602][ T3501] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.617770][ T3501] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.847473][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.921638][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.967671][ T5782] veth0_vlan: entered promiscuous mode
[   67.023614][ T5782] veth1_vlan: entered promiscuous mode
[   67.078787][ T5780] veth0_vlan: entered promiscuous mode
[   67.100121][ T5780] veth1_vlan: entered promiscuous mode
[   67.123474][ T5782] veth0_macvtap: entered promiscuous mode
[   67.134377][ T5782] veth1_macvtap: entered promiscuous mode
[   67.149282][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.168942][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.199868][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.214850][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.227959][ T5782] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.237433][ T5782] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.246426][ T5782] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.255386][ T5782] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.308276][ T5780] veth0_macvtap: entered promiscuous mode
[   67.325990][ T5780] veth1_macvtap: entered promiscuous mode
[   67.375921][ T5785] Bluetooth: hci1: command tx timeout
[   67.376129][ T5791] Bluetooth: hci3: command tx timeout
[   67.390384][ T5781] veth0_vlan: entered promiscuous mode
[   67.427197][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.438393][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.450285][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.452498][ T5791] Bluetooth: hci2: command tx timeout
[   67.457953][ T5785] Bluetooth: hci0: command tx timeout
[   67.489681][ T5783] veth0_vlan: entered promiscuous mode
[   67.498139][ T5781] veth1_vlan: entered promiscuous mode
[   67.506416][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.518190][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.529599][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.543563][ T5780] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.552491][ T5780] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.561177][ T5780] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.570081][ T5780] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.584406][ T2116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.594998][ T2116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.625201][ T5783] veth1_vlan: entered promiscuous mode
[   67.647351][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.663301][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.705054][ T5781] veth0_macvtap: entered promiscuous mode
[   67.715697][ T5783] veth0_macvtap: entered promiscuous mode
[   67.734650][ T5781] veth1_macvtap: entered promiscuous mode
[   67.757485][ T5783] veth1_macvtap: entered promiscuous mode
[   67.789510][ T2908] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.803529][ T2908] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.859033][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.879804][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.890799][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.906108][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.907050][ T5868] syz.2.3[5868]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   67.928117][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.966363][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.977018][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.987431][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.998134][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.008242][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.019601][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.031395][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.053309][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.066714][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.081296][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.096958][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.110528][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.125334][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.134067][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.145551][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.156817][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.169845][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.181996][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.192066][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.202872][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.215152][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.225661][ T5781] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.237892][ T5781] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.246737][ T5781] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.260465][ T5781] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.316089][ T5783] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.349612][ T5783] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.358793][ T5783] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.367637][ T5783] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.394683][ T5868] loop2: detected capacity change from 0 to 32768
[   68.405333][ T5868] =======================================================
[   68.405333][ T5868] WARNING: The mand mount option has been deprecated and
[   68.405333][ T5868]          and is ignored by this kernel. Remove the mand
[   68.405333][ T5868]          option from the mount to silence this warning.
[   68.405333][ T5868] =======================================================
[   68.500305][ T5868] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   68.515866][ T2908] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.533465][ T2908] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.566531][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.566800][ T5875] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   68.618959][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.719406][ T2116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.771741][ T2116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.780756][ T5868] XFS (loop2): Ending clean mount
[   68.809876][ T5868] XFS (loop2): Quotacheck needed: Please wait.
[   68.876988][ T2116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.915095][ T5868] XFS (loop2): Quotacheck: Done.
[   68.915699][ T2116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.254613][ T5782] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   69.452706][ T5785] Bluetooth: hci3: command tx timeout
[   69.453439][ T5791] Bluetooth: hci1: command tx timeout
[   69.533620][ T5791] Bluetooth: hci0: command tx timeout
[   69.533808][ T5785] Bluetooth: hci2: command tx timeout
[   69.559981][ T5899] loop2: detected capacity change from 0 to 512
[   69.584164][ T5899] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   69.607653][ T5899] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   69.691030][ T5899] EXT4-fs (loop2): 1 truncate cleaned up
[   69.719851][ T5899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.816834][ T5899] syz.2.6 (pid 5899) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   69.984456][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.142176][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.772415][ T5849] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   70.851883][ T5848] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   70.993185][ T5849] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   71.007018][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.035428][ T5849] usb 2-1: Product: syz
[   71.039627][ T5849] usb 2-1: Manufacturer: syz
[   71.053483][ T5848] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   71.059403][ T5849] usb 2-1: SerialNumber: syz
[   71.066652][ T5848] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   71.084366][ T5849] usb 2-1: config 0 descriptor??
[   71.087588][ T5848] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[   71.104220][ T5848] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   71.123493][ T5848] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   71.147119][ T5848] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   71.164195][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   71.176048][ T5848] usb 3-1: Product: syz
[   71.186501][ T5848] usb 3-1: Manufacturer: syz
[   71.201036][ T5848] cdc_wdm 3-1:1.0: skipping garbage
[   71.208200][ T5848] cdc_wdm 3-1:1.0: skipping garbage
[   71.225452][ T5848] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[   71.231566][ T5848] cdc_wdm 3-1:1.0: Unknown control protocol
[   71.340570][ T5849] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   71.519281][ T5785] Bluetooth: Unknown BR/EDR signaling command 0x0d
[   71.531897][ T5791] Bluetooth: hci1: command tx timeout
[   71.531959][ T5785] Bluetooth: Wrong link type (-22)
[   71.548624][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[   71.556861][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[   71.558976][ T5785] Bluetooth: hci3: command tx timeout
[   71.612739][ T5785] Bluetooth: hci2: command tx timeout
[   71.612760][ T5791] Bluetooth: hci0: command tx timeout
[   72.071708][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   72.471755][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   72.540845][ T5849] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71
[   72.582013][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   72.661515][    T8] usb 3-1: USB disconnect, device number 2
[   72.676843][ T5849] usb 2-1: USB disconnect, device number 2
[   72.869286][ T5956] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   72.884319][ T5956] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   72.905511][ T5956] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   72.919456][ T5956] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   72.928011][ T5956] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   72.939198][ T5956] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   72.949944][ T5956] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   72.959178][ T5956] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   72.970484][ T5956] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   73.007951][ T5956] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   73.019187][ T5956] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   73.028754][ T5956] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   73.736282][ T5975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.34'.
[   74.062908][ T5962] loop0: detected capacity change from 0 to 40427
[   74.099367][ T5962] F2FS-fs (loop0): build fault injection attr: rate: 25, type: 0x7ffff
[   74.120922][ T5962] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x7698c
[   74.164889][ T5962] F2FS-fs (loop0): invalid crc value
[   74.207348][ T5962] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1d6/0x920
[   74.246050][ T5962] F2FS-fs (loop0): Found nat_bits in checkpoint
[   74.348150][ T5962] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920
[   74.422594][ T5791] Bluetooth: hci1: command 0x0c1a tx timeout
[   74.432976][ T5962] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   74.563360][ T5962] F2FS-fs (loop0): inject too big dir depth in f2fs_add_regular_entry of f2fs_add_dentry+0xda/0x1d0
[   74.631542][ T5962] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910
[   74.655583][ T5962] F2FS-fs (loop0): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fb/0x5b0
[   74.669729][ T5962] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x5b4/0x19c0
[   74.701947][ T5962] F2FS-fs (loop0): invalid blkaddr: 5648, type: 7, run fsck to fix.
[   74.718238][ T5962] syz.0.28: attempt to access beyond end of device
[   74.718238][ T5962] loop0: rw=2049, sector=45096, nr_sectors = 104 limit=40427
[   74.756085][ T5980] loop2: detected capacity change from 0 to 32768
[   74.797555][ T5781] syz-executor: attempt to access beyond end of device
[   74.797555][ T5781] loop0: rw=2049, sector=45200, nr_sectors = 16 limit=40427
[   74.797726][ T5980] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.36 (5980)
[   74.830145][ T5781] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   74.838501][ T5781] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   74.933193][ T5980] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   74.972630][ T5791] Bluetooth: hci2: command 0x0c1a tx timeout
[   74.979465][ T5791] Bluetooth: hci3: command 0x0c1a tx timeout
[   74.991918][ T5980] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[   75.000668][ T5980] BTRFS info (device loop2): using free space tree
[   75.062191][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout
[   75.308616][ T5980] BTRFS info (device loop2): enabling ssd optimizations
[   75.341967][ T5980] BTRFS info (device loop2): auto enabling async discard
[   75.696795][   T12] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[   75.796972][   T27] audit: type=1800 audit(1761256630.713:2): pid=5980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.36" name="file1" dev="loop2" ino=260 res=0 errno=0
[   76.048662][ T6023] loop0: detected capacity change from 0 to 256
[   76.068828][ T6023] exfat: Deprecated parameter 'utf8'
[   76.132183][ T6023] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[   76.470782][ T5782] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   76.493564][ T5791] Bluetooth: hci1: command 0x0c1a tx timeout
[   76.506069][ T6007] netlink: 'syz.1.40': attribute type 4 has an invalid length.
[   76.605936][ T6007] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   77.051908][ T5791] Bluetooth: hci2: command 0x0c1a tx timeout
[   77.051918][ T5785] Bluetooth: hci3: command 0x0c1a tx timeout
[   77.131810][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout
[   77.541328][ T6040] netlink: 'syz.0.51': attribute type 22 has an invalid length.
[   77.881147][ T6051] overlayfs: upper fs does not support file handles, falling back to index=off.
[   78.164578][ T6047] loop3: detected capacity change from 0 to 32768
[   78.185164][ T6047] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   78.250347][ T6067] loop1: detected capacity change from 0 to 16
[   78.295093][ T6067] erofs: (device loop1): mounted with root inode @ nid 36.
[   78.318530][ T6067] VFS: Lookup of '$' in erofs loop1 would have caused loop
[   78.364926][ T6047] XFS (loop3): Ending clean mount
[   78.379299][ T6047] XFS (loop3): Quotacheck needed: Please wait.
[   78.439741][ T6047] XFS (loop3): Quotacheck: Done.
[   78.583648][ T5791] Bluetooth: hci1: command 0x0c1a tx timeout
[   78.596582][ T5783] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   79.046095][ T6075] loop3: detected capacity change from 0 to 8192
[   79.083242][ T6075] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   79.122720][ T6075] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[   79.132443][ T5791] Bluetooth: hci3: command 0x0c1a tx timeout
[   79.132497][ T5785] Bluetooth: hci2: command 0x0c1a tx timeout
[   79.139640][ T6075] REISERFS (device loop3): using ordered data mode
[   79.163186][ T6075] reiserfs: using flush barriers
[   79.193315][ T6075] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   79.217355][ T5785] Bluetooth: hci0: command 0x0c1a tx timeout
[   79.241945][ T5849] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   79.263739][ T6075] REISERFS (device loop3): checking transaction log (loop3)
[   79.311210][ T6075] REISERFS (device loop3): Using r5 hash to sort names
[   79.354316][ T6075] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[   79.431724][ T5849] usb 2-1: Using ep0 maxpacket: 8
[   79.440661][ T5849] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   79.452925][ T5849] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   79.469119][ T5849] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   79.484814][ T5849] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   79.505184][ T5849] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   79.520270][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.747338][ T5849] usb 2-1: GET_CAPABILITIES returned 0
[   79.752941][ T5849] usbtmc 2-1:16.0: can't read capabilities
[   79.995610][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   80.032032][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   80.041171][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   80.050293][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   80.059404][    C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   80.067327][ T5849] usb 2-1: USB disconnect, device number 3
[   80.675150][ T6114] loop3: detected capacity change from 0 to 16
[   80.704242][ T6114] erofs: (device loop3): mounted with root inode @ nid 36.
[   80.754990][ T6115] syz.2.77 uses obsolete (PF_INET,SOCK_PACKET)
[   80.865736][ T6119] netlink: 'syz.3.80': attribute type 1 has an invalid length.
[   81.365452][ T6117] loop0: detected capacity change from 0 to 32768
[   81.407032][ T6127] loop2: detected capacity change from 0 to 512
[   81.416262][ T6117] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.79 (6117)
[   81.457907][ T6117] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   81.478472][ T6117] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[   81.517494][ T6117] BTRFS info (device loop0): using free space tree
[   81.539222][ T6127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.581126][ T6127] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   81.642022][ T5866] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[   81.671742][ T6117] BTRFS info (device loop0): enabling ssd optimizations
[   81.706069][ T6117] BTRFS info (device loop0): auto enabling async discard
[   81.828493][    T9] cfg80211: failed to load regulatory.db
[   81.852168][ T5866] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   81.886158][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.920937][ T5866] usb 2-1: config 0 descriptor??
[   81.974525][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.060068][   T27] audit: type=1800 audit(1761256636.983:3): pid=6117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.79" name="file1" dev="loop0" ino=260 res=0 errno=0
[   82.310753][ T6158] loop2: detected capacity change from 0 to 16
[   82.311451][ T5781] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[   82.352415][ T6158] erofs: (device loop2): mounted with root inode @ nid 36.
[   82.468816][ T6160] netlink: 24 bytes leftover after parsing attributes in process `syz.3.91'.
[   82.913224][ T6167] netlink: 'syz.0.94': attribute type 1 has an invalid length.
[   82.921572][ T6167] netlink: 'syz.0.94': attribute type 2 has an invalid length.
[   82.946080][ T6167] netlink: 'syz.0.94': attribute type 1 has an invalid length.
[   82.961818][ T6167] netlink: 'syz.0.94': attribute type 2 has an invalid length.
[   83.180740][ T5866] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   83.197511][ T5866] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[   83.209302][ T5866] asix: probe of 2-1:0.0 failed with error -71
[   83.249707][ T5866] usb 2-1: USB disconnect, device number 4
[   83.700121][ T6191] trusted_key: syz.0.103 sent an empty control message without MSG_MORE.
[   84.092767][ T6189] loop3: detected capacity change from 0 to 32768
[   84.244852][ T6189] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   84.585272][   T27] audit: type=1800 audit(1761256639.513:4): pid=6189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.102" name="file1" dev="loop3" ino=17062 res=0 errno=0
[   84.608188][ T6189] syz.3.102 (6189) used greatest stack depth: 18928 bytes left
[   84.705060][ T5783] ocfs2: Unmounting device (7,3) on (node local)
[   85.105085][ T6206] overlayfs: statfs failed on './file0'
[   85.541098][  T787] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   85.692063][ T5848] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   85.732172][  T787] usb 2-1: Using ep0 maxpacket: 16
[   85.751317][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.764745][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   85.802005][  T787] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   85.825160][  T787] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   85.845249][  T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.864795][  T787] usb 2-1: config 0 descriptor??
[   85.881920][ T5848] usb 4-1: Using ep0 maxpacket: 8
[   85.899218][ T5848] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   85.919902][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.935825][ T5848] usb 4-1: config 0 descriptor??
[   86.178704][ T5848] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[   86.338098][  T787] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0001/input/input5
[   86.429645][ T6244] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer.
[   86.480882][  T787] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[   86.564052][  T787] usb 2-1: USB disconnect, device number 5
[   86.723351][ T6246] fido_id[6246]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[   87.403263][ T5848] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   87.423332][ T5848] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[   87.451393][ T6250] capability: warning: `syz.0.124' uses deprecated v2 capabilities in a way that may be insecure
[   87.462265][ T5848] asix: probe of 4-1:0.0 failed with error -71
[   87.481950][ T5848] usb 4-1: USB disconnect, device number 2
[   87.928354][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   88.215075][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.302153][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.310769][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.319373][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.338107][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   88.872542][ T6265] Bluetooth: MGMT ver 1.22
[   89.104747][ T6270] loop3: detected capacity change from 0 to 128
[   89.150000][ T6270] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   89.175179][ T6270] ext4 filesystem being mounted at /39/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   89.216730][   T42] Bluetooth: (null): Invalid header checksum
[   89.223828][   T42] Bluetooth: (null): Invalid header checksum
[   89.315426][ T6270] EXT4-fs error (device loop3): dx_make_map:1328: inode #2: block 20: comm syz.3.132: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[   89.339412][   T11] Bluetooth: (null): Invalid header checksum
[   89.359260][ T6270] EXT4-fs error (device loop3) in do_split:2095: Corrupt filesystem
[   89.373634][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   89.398273][ T6270] EXT4-fs error (device loop3): dx_make_map:1328: inode #2: block 20: comm syz.3.132: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[   89.408574][ T6223] Set syz1 is full, maxelem 65536 reached
[   89.419445][ T6270] EXT4-fs error (device loop3) in do_split:2095: Corrupt filesystem
[   89.431834][   T11] Bluetooth: (null): Invalid header checksum
[   89.535638][   T49] Bluetooth: (null): Invalid header checksum
[   89.549384][ T5783] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   89.612209][    T9] usb 2-1: Using ep0 maxpacket: 16
[   89.625742][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[   89.635630][    T9] usb 2-1: unable to read config index 0 descriptor/start: -71
[   89.664120][    T9] usb 2-1: can't read configurations, error -71
[   90.027521][ T6285] input: syz0 as /devices/virtual/input/input6
[   90.229970][ T5785] Bluetooth: hci3: unexpected event for opcode 0x2016
[   90.397003][ T6283] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.222187][ T6323] Zero length message leads to an empty skb
[   91.566804][ T6336] loop0: detected capacity change from 0 to 512
[   91.625265][ T6336] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   91.678687][ T6336] EXT4-fs (loop0): 1 truncate cleaned up
[   91.710381][ T6340] loop2: detected capacity change from 0 to 128
[   91.718002][ T6336] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.783973][ T6340] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   91.842847][ T6340] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   91.874333][    C1] vkms_vblank_simulate: vblank timer overrun
[   91.958862][ T5781] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.013654][   T27] audit: type=1800 audit(1761256646.943:5): pid=6340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.154" name="file1" dev="loop2" ino=12 res=0 errno=0
[   92.033831][    C1] vkms_vblank_simulate: vblank timer overrun
[   92.226612][ T6353] loop1: detected capacity change from 0 to 512
[   92.322967][ T5782] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   92.427107][ T6353] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.805149][ T5785] Bluetooth: hci1: Invalid handle: 0xff00 > 0x0eff
[   93.085087][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.676822][ T6379] loop3: detected capacity change from 0 to 32768
[   93.719346][ T6379] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.161 (6379)
[   93.780250][ T6379] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   93.798800][ T6379] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[   93.813044][ T6379] BTRFS warning (device loop3): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   93.829060][ T6399] overlayfs: upper fs does not support file handles, falling back to index=off.
[   93.838258][ T6379] BTRFS info (device loop3): trying to use backup root at mount time
[   93.848594][ T6379] BTRFS info (device loop3): use zlib compression, level 3
[   93.865506][ T6379] BTRFS info (device loop3): enabling ssd optimizations
[   93.891344][ T6379] BTRFS info (device loop3): disabling tree log
[   93.902327][ T6379] BTRFS info (device loop3): using free space tree
[   94.039798][ T2116] BTRFS warning (device loop3): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0
[   94.117385][ T6379] BTRFS warning (device loop3): couldn't read tree root
[   94.127670][ T6379] BTRFS warning (device loop3): try to load backup roots slot 1
[   94.136478][ T2116] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0
[   94.171742][ T6379] BTRFS warning (device loop3): couldn't read tree root
[   94.201700][ T6379] BTRFS warning (device loop3): try to load backup roots slot 2
[   94.214177][   T49] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[   94.242016][ T6379] BTRFS warning (device loop3): couldn't read tree root
[   94.248993][ T6379] BTRFS warning (device loop3): try to load backup roots slot 3
[   94.258981][ T5791] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   94.271750][ T5791] Bluetooth: hci3: Injecting HCI hardware error event
[   94.280726][ T5791] Bluetooth: hci3: hardware error 0x00
[   94.355190][ T6379] BTRFS info (device loop3): auto enabling async discard
[   94.427958][ T6379] BTRFS info (device loop3): rebuilding free space tree
[   94.522808][ T6379] BTRFS info (device loop3): checking UUID tree
[   94.929573][ T5783] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   95.033529][ T6406] loop2: detected capacity change from 0 to 32768
[   95.091920][ T6406] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   95.401430][ T6406] XFS (loop2): Ending clean mount
[   95.420176][ T6406] XFS (loop2): Quotacheck needed: Please wait.
[   95.499686][ T6449] loop0: detected capacity change from 0 to 2048
[   95.514449][ T6406] XFS (loop2): Quotacheck: Done.
[   95.587522][ T6449] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[   95.636348][ T6449] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   95.781809][   T27] audit: type=1800 audit(1761256650.703:6): pid=6449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.178" name="file1" dev="loop0" ino=1346 res=0 errno=0
[   95.893472][ T6449] loop0: detected capacity change from 2048 to 0
[   95.898742][ T6459] syz.0.178: attempt to access beyond end of device
[   95.898742][ T6459] loop0: rw=2049, sector=1346, nr_sectors = 1 limit=0
[   95.933413][ T5782] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   95.964386][ T6459] Buffer I/O error on dev loop0, logical block 1346, lost sync page write
[   95.992541][ T6459] UDF-fs: warning (device loop0): udf_update_inode: IO error syncing udf inode [00000542]
[   96.104131][ T5781] syz-executor: attempt to access beyond end of device
[   96.104131][ T5781] loop0: rw=0, sector=1408, nr_sectors = 1 limit=0
[   96.137094][ T5781] syz-executor: attempt to access beyond end of device
[   96.137094][ T5781] loop0: rw=0, sector=1408, nr_sectors = 1 limit=0
[   96.219857][ T5781] syz-executor: attempt to access beyond end of device
[   96.219857][ T5781] loop0: rw=2049, sector=128, nr_sectors = 1 limit=0
[   96.242073][  T787] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   96.257256][ T5781] Buffer I/O error on dev loop0, logical block 128, lost sync page write
[   96.341875][ T5791] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   96.472482][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[   96.496042][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7
[   96.527452][  T787] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   96.549602][  T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.561415][  T787] usb 2-1: Product: syz
[   96.571875][  T787] usb 2-1: Manufacturer: syz
[   96.578284][  T787] usb 2-1: SerialNumber: syz
[   96.603475][  T787] usb 2-1: config 0 descriptor??
[   96.784203][ T2116] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.967583][ T2116] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.124799][  T787] usb 2-1: USB disconnect, device number 8
[   97.254582][ T2116] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.284905][ T5797] udevd[5797]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.454723][ T2116] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.517499][ T6478] syzkaller1: entered promiscuous mode
[   97.532905][ T6478] syzkaller1: entered allmulticast mode
[   97.817704][ T5785] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   97.825622][ T6475] loop2: detected capacity change from 0 to 32768
[   97.833470][ T5785] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   97.841471][ T5785] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   97.863364][ T6475] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.187 (6475)
[   97.876341][ T5785] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   97.893299][ T5785] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   97.900677][ T5785] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   97.906223][ T6475] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   97.947212][ T6475] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[   97.996993][ T6475] BTRFS info (device loop2): using free space tree
[   98.181747][ T6475] BTRFS info (device loop2): enabling ssd optimizations
[   98.196478][ T6475] BTRFS info (device loop2): auto enabling async discard
[   99.491643][    C0] sched: RT throttling activated
[   99.597945][ T5782] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  100.023464][ T5791] Bluetooth: hci1: command tx timeout
[  100.209116][ T6528] netlink: 'syz.3.195': attribute type 6 has an invalid length.
[  100.245654][ T6528] netlink: 32 bytes leftover after parsing attributes in process `syz.3.195'.
[  100.293796][ T6517] loop1: detected capacity change from 0 to 262144
[  100.334455][ T6517] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 scanned by syz.1.192 (6517)
[  100.354073][ T6517] BTRFS info (device loop1): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  100.365036][ T6517] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  100.374378][ T6517] BTRFS info (device loop1): using free space tree
[  100.552383][ T6517] BTRFS info (device loop1): enabling ssd optimizations
[  100.627287][ T6482] chnl_net:caif_netlink_parms(): no params data found
[  101.054151][ T5780] BTRFS info (device loop1): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  101.291802][ T5784] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  101.503635][ T5784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  101.516948][ T5784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.517063][ T6482] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.529074][ T5784] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  101.545804][ T5784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.558285][ T6482] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.568344][ T6482] bridge_slave_0: entered allmulticast mode
[  101.577489][ T5784] usb 4-1: config 0 descriptor??
[  101.599377][ T5784] hub 4-1:0.0: USB hub found
[  101.601893][ T6482] bridge_slave_0: entered promiscuous mode
[  101.616673][ T6482] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.624461][ T6482] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.632331][ T6482] bridge_slave_1: entered allmulticast mode
[  101.640184][ T6482] bridge_slave_1: entered promiscuous mode
[  101.704975][ T6482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.735560][ T2116] hsr_slave_0: left promiscuous mode
[  101.749409][ T2116] hsr_slave_1: left promiscuous mode
[  101.757842][ T2116] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.766047][ T2116] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.777917][ T2116] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.785993][ T2116] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.812270][ T5784] hub 4-1:0.0: 1 port detected
[  101.817618][ T2116] bridge_slave_1: left allmulticast mode
[  101.823765][ T2116] bridge_slave_1: left promiscuous mode
[  101.834162][ T2116] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.848141][ T2116] bridge_slave_0: left allmulticast mode
[  101.856437][ T2116] bridge_slave_0: left promiscuous mode
[  101.862551][ T2116] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.921569][ T2116] veth1_macvtap: left promiscuous mode
[  101.931957][ T2116] veth0_macvtap: left promiscuous mode
[  101.937673][ T2116] veth1_vlan: left promiscuous mode
[  101.954760][ T2116] veth0_vlan: left promiscuous mode
[  102.092128][ T5791] Bluetooth: hci1: command tx timeout
[  102.715184][ T5784] hub 4-1:0.0: activate --> -90
[  102.964006][ T2116] team0 (unregistering): Port device team_slave_1 removed
[  103.068108][ T2116] team0 (unregistering): Port device team_slave_0 removed
[  103.129345][  T787] usb 4-1: USB disconnect, device number 3
[  103.217149][ T2116] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.297482][ T2116] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.997253][ T6587] loop1: detected capacity change from 0 to 131072
[  104.014023][ T6587] F2FS-fs (loop1): invalid crc value
[  104.034970][ T6587] F2FS-fs (loop1): Found nat_bits in checkpoint
[  104.101388][ T6587] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  104.172838][ T5791] Bluetooth: hci1: command tx timeout
[  104.425700][ T2116] bond0 (unregistering): Released all slaves
[  104.540250][ T6482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.641409][ T6482] team0: Port device team_slave_0 added
[  104.664964][ T6482] team0: Port device team_slave_1 added
[  104.811019][ T6482] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.845836][ T6482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.873089][ T6482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.923480][ T6599] netlink: 'syz.3.206': attribute type 1 has an invalid length.
[  104.995420][ T6599] bond1: entered promiscuous mode
[  105.007976][ T6599] 8021q: adding VLAN 0 to HW filter on device bond1
[  105.047703][ T6602] netlink: 3 bytes leftover after parsing attributes in process `syz.3.206'.
[  105.173513][ T6602] batadv1: entered promiscuous mode
[  105.206122][ T6602] batadv1: entered allmulticast mode
[  105.239757][ T6602] 8021q: adding VLAN 0 to HW filter on device batadv1
[  105.288799][ T6602] bond1: (slave batadv1): making interface the new active one
[  105.311269][ T6602] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  105.333012][ T6482] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.351830][ T6482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.417334][ T6482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.698514][ T6482] hsr_slave_0: entered promiscuous mode
[  105.720170][ T6482] hsr_slave_1: entered promiscuous mode
[  105.730003][ T6482] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.746919][ T6482] Cannot create hsr debugfs directory
[  105.811810][  T787] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  105.922602][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  106.002192][  T787] usb 4-1: Using ep0 maxpacket: 16
[  106.013234][  T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.042339][  T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.077438][  T787] usb 4-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  106.100342][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.131000][  T787] usb 4-1: config 0 descriptor??
[  106.131767][    T9] usb 2-1: Using ep0 maxpacket: 16
[  106.163744][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.191713][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.199278][ T6482] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  106.220962][ T6482] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  106.221723][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  106.251122][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.255217][ T5791] Bluetooth: hci1: command tx timeout
[  106.268895][ T6482] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  106.291311][    T9] usb 2-1: config 0 descriptor??
[  106.318205][ T6482] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  106.573228][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.585990][ T6482] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.613624][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.620549][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.621116][ T6482] 8021q: adding VLAN 0 to HW filter on device team0
[  106.652831][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.659754][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.666235][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.673786][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.677054][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.706341][  T787] ntrig 0003:1B96:0008.0002: unknown main item tag 0x0
[  106.720580][    T9] apple 0003:05AC:024B.0003: fixing up MacBook JIS keyboard report descriptor
[  106.721542][  T787] ntrig 0003:1B96:0008.0002: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.3-1/input0
[  106.756731][    T9] apple 0003:05AC:024B.0003: unknown global tag 0xe
[  106.766374][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.773592][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.796872][    T9] apple 0003:05AC:024B.0003: item 0 1 1 14 parsing failed
[  106.830533][    T9] apple 0003:05AC:024B.0003: parse failed
[  106.842982][    T9] apple: probe of 0003:05AC:024B.0003 failed with error -22
[  107.049256][    T9] usb 2-1: USB disconnect, device number 9
[  107.120232][ T5173] usb 4-1: USB disconnect, device number 4
[  107.337575][ T6482] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.984073][ T6482] veth0_vlan: entered promiscuous mode
[  108.035921][ T6482] veth1_vlan: entered promiscuous mode
[  108.159652][ T6482] veth0_macvtap: entered promiscuous mode
[  108.215012][ T6482] veth1_macvtap: entered promiscuous mode
[  108.362677][ T6482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.397635][ T6482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.427729][ T6482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.509508][ T6482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.548636][ T6482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.584798][ T6482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.652886][ T6482] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.704716][ T6682] netlink: 124 bytes leftover after parsing attributes in process `syz.3.213'.
[  108.721030][ T6482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  108.746608][ T6682] nbd: device at index 0 is going down
[  108.760021][ T6482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.790341][ T6482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  108.819040][ T6482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.875070][ T6482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  108.976030][ T6482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  109.066639][ T6482] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.162072][ T6482] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.208069][ T6482] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.256681][ T6482] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.300423][ T6482] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.357757][ T6692] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  109.382081][ T6692] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  109.535982][ T3475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.586484][ T3475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.736670][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.763284][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.536087][ T6696] loop3: detected capacity change from 0 to 32768
[  110.594377][ T6696] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  110.668266][   T27] audit: type=1800 audit(1761256665.593:7): pid=6696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.216" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  110.911177][ T5783] ocfs2: Unmounting device (7,3) on (node local)
[  111.440099][ T6744] block device autoloading is deprecated and will be removed.
[  111.817766][ T6733] loop3: detected capacity change from 0 to 40427
[  111.850388][ T6733] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  111.867248][ T6733] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  111.890658][ T6733] F2FS-fs (loop3): invalid crc value
[  111.913933][ T6733] F2FS-fs (loop3): Found nat_bits in checkpoint
[  112.061380][ T6733] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  112.082052][ T6733] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  112.191850][   T27] audit: type=1804 audit(1761256667.113:8): pid=6733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.224" name="/newroot/65/file1/file0" dev="loop3" ino=10 res=1 errno=0
[  112.285810][ T5783] syz-executor: attempt to access beyond end of device
[  112.285810][ T5783] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  112.311777][ T5783] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  112.319253][ T5783] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  112.578868][ T6773] input: syz1 as /devices/virtual/input/input7
[  112.858443][ T6756] loop1: detected capacity change from 0 to 40427
[  112.920465][ T6756] F2FS-fs (loop1): Found nat_bits in checkpoint
[  113.100534][ T6756] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  113.253247][ T6756] syz.1.228: attempt to access beyond end of device
[  113.253247][ T6756] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  113.297254][ T6756] F2FS-fs (loop1): Inconsistent error blkaddr:5633, sit bitmap:0
[  113.306381][ T6756] CPU: 0 PID: 6756 Comm: syz.1.228 Not tainted syzkaller #0
[  113.313693][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  113.324016][ T6756] Call Trace:
[  113.327390][ T6756]  <TASK>
[  113.330318][ T6756]  dump_stack_lvl+0x16c/0x230
[  113.335008][ T6756]  ? show_regs_print_info+0x20/0x20
[  113.340209][ T6756]  ? __lock_acquire+0x1260/0x7c80
[  113.345260][ T6756]  ? f2fs_get_next_page_offset+0x690/0x690
[  113.351069][ T6756]  f2fs_is_valid_blkaddr+0xe39/0x1580
[  113.356441][ T6756]  f2fs_map_blocks+0xda2/0x3da0
[  113.361283][ T6756]  ? verify_lock_unused+0x140/0x140
[  113.366504][ T6756]  ? f2fs_get_block_locked+0xe0/0xe0
[  113.371789][ T6756]  ? __lock_acquire+0x7c80/0x7c80
[  113.376825][ T6756]  ? xas_descend+0x3a4/0x490
[  113.381411][ T6756]  ? xa_load+0x2c0/0x2e0
[  113.385645][ T6756]  ? xa_load+0x64/0x2e0
[  113.389822][ T6756]  ? page_index+0xe7/0x470
[  113.394239][ T6756]  f2fs_mpage_readpages+0x9f5/0x1ec0
[  113.399537][ T6756]  ? detach_page_private+0x4c0/0x4c0
[  113.404821][ T6756]  ? __mod_lruvec_page_state+0xa5/0x420
[  113.410376][ T6756]  ? f2fs_readahead+0x167/0x300
[  113.415218][ T6756]  ? f2fs_dirty_data_folio+0x810/0x810
[  113.420672][ T6756]  read_pages+0x177/0x840
[  113.424999][ T6756]  ? folio_put+0xd0/0xd0
[  113.429245][ T6756]  ? page_cache_ra_unbounded+0x770/0x770
[  113.434885][ T6756]  ? filemap_add_folio+0x192/0x3c0
[  113.439999][ T6756]  page_cache_ra_unbounded+0x692/0x770
[  113.445466][ T6756]  f2fs_readdir+0x44c/0x8c0
[  113.449980][ T6756]  ? f2fs_fill_dentries+0xbb0/0xbb0
[  113.455176][ T6756]  ? mutex_lock_nested+0x20/0x20
[  113.460109][ T6756]  ? end_current_label_crit_section+0x149/0x170
[  113.466349][ T6756]  ? down_read_killable+0x1d0/0x340
[  113.471542][ T6756]  ? fsnotify_perm+0x271/0x5e0
[  113.476305][ T6756]  iterate_dir+0x1c2/0x580
[  113.480717][ T6756]  __se_sys_getdents+0xe9/0x260
[  113.485560][ T6756]  ? __x64_sys_getdents+0x80/0x80
[  113.490571][ T6756]  ? fillonedir+0x430/0x430
[  113.495070][ T6756]  ? lockdep_hardirqs_on+0x98/0x150
[  113.500258][ T6756]  do_syscall_64+0x55/0xb0
[  113.504667][ T6756]  ? clear_bhb_loop+0x40/0x90
[  113.509332][ T6756]  ? clear_bhb_loop+0x40/0x90
[  113.513999][ T6756]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  113.519887][ T6756] RIP: 0033:0x7f3d00f8efc9
[  113.524303][ T6756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.543921][ T6756] RSP: 002b:00007f3d01da5038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  113.552342][ T6756] RAX: ffffffffffffffda RBX: 00007f3d011e5fa0 RCX: 00007f3d00f8efc9
[  113.560312][ T6756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  113.568277][ T6756] RBP: 00007f3d01011f91 R08: 0000000000000000 R09: 0000000000000000
[  113.576243][ T6756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  113.584208][ T6756] R13: 00007f3d011e6038 R14: 00007f3d011e5fa0 R15: 00007fff91739fe8
[  113.592193][ T6756]  </TASK>
[  113.643958][ T6794] syz.1.228: attempt to access beyond end of device
[  113.643958][ T6794] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  113.650502][ T6756] F2FS-fs (loop1): Inconsistent error blkaddr:5633, sit bitmap:0
[  113.668549][ T6756] CPU: 1 PID: 6756 Comm: syz.1.228 Not tainted syzkaller #0
[  113.675873][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  113.685942][ T6756] Call Trace:
[  113.689239][ T6756]  <TASK>
[  113.689650][ T6794] syz.1.228: attempt to access beyond end of device
[  113.689650][ T6794] loop1: rw=2049, sector=45112, nr_sectors = 48 limit=40427
[  113.692166][ T6756]  dump_stack_lvl+0x16c/0x230
[  113.692198][ T6756]  ? show_regs_print_info+0x20/0x20
[  113.692219][ T6756]  ? f2fs_get_next_page_offset+0x690/0x690
[  113.721628][ T6756]  ? __asan_memset+0x22/0x40
[  113.726253][ T6756]  ? __lookup_extent_tree+0xba0/0xba0
[  113.731665][ T6756]  f2fs_is_valid_blkaddr+0xe39/0x1580
[  113.737075][ T6756]  f2fs_get_read_data_page+0x3a4/0x5c0
[  113.742567][ T6756]  ? f2fs_reserve_block+0x240/0x240
[  113.747813][ T6756]  f2fs_find_data_page+0x9f/0x3a0
[  113.752873][ T6756]  f2fs_readdir+0x464/0x8c0
[  113.757433][ T6756]  ? f2fs_fill_dentries+0xbb0/0xbb0
[  113.762663][ T6756]  ? mutex_lock_nested+0x20/0x20
[  113.767609][ T6756]  ? end_current_label_crit_section+0x149/0x170
[  113.773851][ T6756]  ? down_read_killable+0x1d0/0x340
[  113.779054][ T6756]  ? fsnotify_perm+0x271/0x5e0
[  113.783819][ T6756]  iterate_dir+0x1c2/0x580
[  113.788247][ T6756]  __se_sys_getdents+0xe9/0x260
[  113.793116][ T6756]  ? __x64_sys_getdents+0x80/0x80
[  113.798250][ T6756]  ? fillonedir+0x430/0x430
[  113.802852][ T6756]  ? lockdep_hardirqs_on+0x98/0x150
[  113.808068][ T6756]  do_syscall_64+0x55/0xb0
[  113.812490][ T6756]  ? clear_bhb_loop+0x40/0x90
[  113.817165][ T6756]  ? clear_bhb_loop+0x40/0x90
[  113.821842][ T6756]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  113.827823][ T6756] RIP: 0033:0x7f3d00f8efc9
[  113.832240][ T6756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.851878][ T6756] RSP: 002b:00007f3d01da5038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  113.860284][ T6756] RAX: ffffffffffffffda RBX: 00007f3d011e5fa0 RCX: 00007f3d00f8efc9
[  113.868248][ T6756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  113.876217][ T6756] RBP: 00007f3d01011f91 R08: 0000000000000000 R09: 0000000000000000
[  113.884264][ T6756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  113.892222][ T6756] R13: 00007f3d011e6038 R14: 00007f3d011e5fa0 R15: 00007fff91739fe8
[  113.900196][ T6756]  </TASK>
[  114.081199][ T5780] syz-executor: attempt to access beyond end of device
[  114.081199][ T5780] loop1: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  114.097429][ T5780] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  114.900681][ T6803] loop4: detected capacity change from 0 to 32768
[  114.935180][ T6803] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[  114.945911][ T6803] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  115.039406][ T6803] XFS (loop4): Ending clean mount
[  115.091252][ T6803] XFS (loop4): Quotacheck needed: Please wait.
[  115.108353][  T787] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 
[  115.128102][  T787] XFS (loop4): Unmount and run xfs_repair
[  115.134406][  T787] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  115.142099][  T787] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  115.150960][  T787] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  115.160149][  T787] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  115.170159][  T787] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[  115.179707][  T787] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  115.201246][  T787] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[  115.210545][  T787] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  115.219496][  T787] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  115.229980][   T59] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x10 len 8 error 74
[  115.301773][ T6803] XFS (loop4): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  115.429881][ T6803] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  115.835455][ T6835] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  116.155124][ T6845] loop4: detected capacity change from 0 to 764
[  116.215957][ T6845] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[  117.836195][ T6850] loop3: detected capacity change from 0 to 131072
[  117.872536][ T6850] F2FS-fs (loop3): invalid crc value
[  117.923468][ T6850] F2FS-fs (loop3): Found nat_bits in checkpoint
[  117.977051][ T6850] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  119.021309][ T6839] warning: `syz.4.244' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  119.501342][ T6867] syzkaller1: entered promiscuous mode
[  119.511816][ T6867] syzkaller1: entered allmulticast mode
[  119.716914][ T6858] loop3: detected capacity change from 0 to 32768
[  119.752326][ T6858] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.248 (6858)
[  119.788918][ T6858] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  119.809106][ T6858] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  119.810217][ T6875] syzkaller1: entered promiscuous mode
[  119.833216][ T6875] syzkaller1: entered allmulticast mode
[  119.839949][ T6858] BTRFS info (device loop3): force clearing of disk cache
[  119.855232][ T6858] BTRFS info (device loop3): disabling tree log
[  119.861935][ T6858] BTRFS info (device loop3): enabling disk space caching
[  119.870239][ T6858] BTRFS info (device loop3): enabling auto defrag
[  119.894462][ T6858] BTRFS info (device loop3): max_inline at 0
[  119.911789][ T6858] BTRFS info (device loop3): disk space caching is enabled
[  119.976607][ T6858] BTRFS info (device loop3): enabling ssd optimizations
[  119.994406][ T6858] BTRFS info (device loop3): auto enabling async discard
[  120.016445][ T6858] BTRFS info (device loop3): rebuilding free space tree
[  120.063643][ T6858] BTRFS info (device loop3): disabling free space tree
[  120.070655][ T6858] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  120.086780][ T6858] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  120.408991][ T6858] BTRFS info (device loop3): balance: start -d -m
[  120.449696][ T6858] BTRFS info (device loop3): relocating block group 6881280 flags data|metadata
[  120.571575][ T6858] BTRFS info (device loop3): relocating block group 5242880 flags data|metadata
[  120.682405][ T6858] BTRFS info (device loop3): balance: canceled
[  120.774940][ T5783] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  121.021743][ T5848] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  121.243542][ T5848] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  121.262474][ T5848] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  121.283271][ T5848] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  121.293991][ T5848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  121.302701][ T5848] usb 2-1: SerialNumber: syz
[  121.535405][ T5848] usb 2-1: 0:2 : does not exist
[  121.556555][ T5848] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  121.560811][ T6931] loop3: detected capacity change from 0 to 256
[  121.586910][ T6931] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d)
[  121.590208][ T5848] usb 2-1: 5:0: cannot get min/max values for control 4 (id 5)
[  121.643878][ T5848] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5)
[  121.648624][   T27] audit: type=1800 audit(1761256676.573:9): pid=6931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.262" name="file1" dev="loop3" ino=1048597 res=0 errno=0
[  121.707985][ T5848] usb 2-1: USB disconnect, device number 10
[  121.753865][ T6931] exFAT-fs (loop3): error, invalid access to FAT (entry 0xffffffff)
[  121.767445][ T6931] exFAT-fs (loop3): Filesystem has been set read-only
[  121.800256][ T6933] exFAT-fs (loop3): error, broken FAT chain.
[  121.804646][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  121.827054][ T6933] exFAT-fs (loop3): error, failed to bmap (inode : ffff8880752007e0 iblock : 8, err : -5)
[  122.060434][ T6941] netlink: 44 bytes leftover after parsing attributes in process `syz.3.263'.
[  122.069657][ T6941] netlink: 9 bytes leftover after parsing attributes in process `syz.3.263'.
[  122.324461][    T9] kernel write not supported for file /vcs (pid: 9 comm: kworker/0:1)
[  123.114345][ T6974] kvm: apic: phys broadcast and lowest prio
[  123.344391][ T6965] loop3: detected capacity change from 0 to 40427
[  123.397622][ T6965] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  123.417558][ T6965] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  123.475042][ T6965] F2FS-fs (loop3): Found nat_bits in checkpoint
[  123.521158][ T6987] loop2: detected capacity change from 0 to 7
[  123.565495][ T6987] Dev loop2: unable to read RDB block 7
[  123.567078][ T6965] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  123.588690][ T6965] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  123.617795][ T6987]  loop2: unable to read partition table
[  123.639739][ T6987] loop2: partition table beyond EOD, truncated
[  123.661898][ T6987] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  124.173720][ T6982] loop4: detected capacity change from 0 to 40427
[  124.215709][ T6982] F2FS-fs (loop4): invalid crc value
[  124.236057][ T6982] F2FS-fs (loop4): Found nat_bits in checkpoint
[  124.362943][ T6982] F2FS-fs (loop4): Start checkpoint disabled!
[  124.378625][ T7005] capability: warning: `syz.1.274' uses 32-bit capabilities (legacy support in use)
[  124.398632][ T6982] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  124.856772][   T12] kworker/u4:1: attempt to access beyond end of device
[  124.856772][   T12] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  124.893920][   T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  124.911957][   T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  125.746244][ T7039] kvm: emulating exchange as write
[  125.921224][ T7021] loop1: detected capacity change from 0 to 32768
[  126.036584][ T7021] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  126.145508][ T7021] XFS (loop1): Ending clean mount
[  126.173718][ T7021] XFS (loop1): Quotacheck needed: Please wait.
[  126.260867][ T7051] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3303861288 (422894244864 ns) > initial count (241705619456 ns). Using initial count to start timer.
[  126.356655][ T7021] XFS (loop1): Quotacheck: Done.
[  126.482252][ T5780] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  126.503113][ T5785] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  126.513452][ T5785] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  126.521389][ T5785] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  126.530250][ T5785] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  126.554472][ T5785] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  126.562912][ T5785] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  126.674076][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.868839][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.885195][ T7066] loop1: detected capacity change from 0 to 512
[  126.908652][ T7066] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.992993][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.002424][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.090407][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.447871][ T7056] chnl_net:caif_netlink_parms(): no params data found
[  128.401047][ T7056] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.437566][ T7056] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.455177][ T7056] bridge_slave_0: entered allmulticast mode
[  128.472559][ T7056] bridge_slave_0: entered promiscuous mode
[  128.490851][ T7056] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.512145][ T7056] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.519471][ T7056] bridge_slave_1: entered allmulticast mode
[  128.530193][ T7056] bridge_slave_1: entered promiscuous mode
[  128.654091][ T5785] Bluetooth: hci2: command tx timeout
[  128.761455][ T7056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  128.807203][ T7056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.034967][ T7056] team0: Port device team_slave_0 added
[  129.053429][  T787] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  129.061450][ T7056] team0: Port device team_slave_1 added
[  129.089163][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  129.100736][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  129.110853][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  129.121250][ T5791] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  129.153753][ T5791] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  129.163557][ T5173] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  129.184619][ T5791] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  129.261761][  T787] usb 5-1: Using ep0 maxpacket: 8
[  129.274473][  T787] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  129.283046][  T787] usb 5-1: config 179 has no interface number 0
[  129.289382][  T787] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  129.291323][ T7056] batman_adv: batadv0: Adding interface: batadv_slave_0
[  129.303270][  T787] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  129.320820][  T787] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  129.329261][ T7056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.342089][  T787] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  129.358431][ T7056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  129.405195][ T5173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.412766][  T787] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  129.417520][ T5173] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.467355][ T5173] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  129.469835][  T787] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  129.481477][ T5173] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  129.507746][ T7056] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.515251][ T7056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.519334][  T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.548321][ T5173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.567018][ T7056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.579134][ T5173] usb 2-1: config 0 descriptor??
[  129.583112][ T7106] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  129.827341][ T7056] hsr_slave_0: entered promiscuous mode
[  129.834430][ T7056] hsr_slave_1: entered promiscuous mode
[  129.840949][ T7056] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  129.850029][ T7056] Cannot create hsr debugfs directory
[  129.903603][   T12] hsr_slave_0: left promiscuous mode
[  129.910259][   T12] hsr_slave_1: left promiscuous mode
[  129.922827][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.930314][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.958825][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.967701][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.977598][   T12] bridge_slave_1: left allmulticast mode
[  129.991798][   T12] bridge_slave_1: left promiscuous mode
[  129.997649][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.003674][  T787] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input8
[  130.014875][ T5173] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  130.037277][ T5173] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  130.046716][   T12] bridge_slave_0: left allmulticast mode
[  130.075591][   T12] bridge_slave_0: left promiscuous mode
[  130.100849][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.122889][ T5173] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  130.292457][   T12] veth1_macvtap: left promiscuous mode
[  130.298039][   T12] veth0_macvtap: left promiscuous mode
[  130.306904][ T7106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.333251][   T12] veth1_vlan: left promiscuous mode
[  130.338634][   T12] veth0_vlan: left promiscuous mode
[  130.352924][ T7106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.735521][ T5785] Bluetooth: hci2: command tx timeout
[  130.842339][ T5173] usb 5-1: USB disconnect, device number 2
[  130.842438][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  130.856802][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  130.865941][    C1] ==================================================================
[  130.874021][    C1] BUG: KASAN: slab-use-after-free in register_lock_class+0x7fc/0x890
[  130.882124][    C1] Read of size 1 at addr ffff888078adc891 by task kworker/u4:5/2116
[  130.890121][    C1] 
[  130.892460][    C1] CPU: 1 PID: 2116 Comm: kworker/u4:5 Not tainted syzkaller #0
[  130.899998][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  130.910033][    C1] Workqueue: bat_events batadv_nc_worker
[  130.915662][    C1] Call Trace:
[  130.918922][    C1]  <IRQ>
[  130.921754][    C1]  dump_stack_lvl+0x16c/0x230
[  130.926411][    C1]  ? __lock_acquire+0x7c80/0x7c80
[  130.931412][    C1]  ? show_regs_print_info+0x20/0x20
[  130.936587][    C1]  ? load_image+0x3b0/0x3b0
[  130.941070][    C1]  ? __virt_addr_valid+0x469/0x540
[  130.946155][    C1]  print_report+0xac/0x220
[  130.950547][    C1]  ? register_lock_class+0x7fc/0x890
[  130.955811][    C1]  kasan_report+0x117/0x150
[  130.960294][    C1]  ? register_lock_class+0x7fc/0x890
[  130.965567][    C1]  register_lock_class+0x7fc/0x890
[  130.970661][    C1]  ? __down_timeout+0x10/0x10
[  130.975317][    C1]  ? is_dynamic_key+0x260/0x260
[  130.980147][    C1]  ? prb_read_valid+0x3d/0x60
[  130.984804][    C1]  __lock_acquire+0x17a/0x7c80
[  130.989547][    C1]  ? __lock_acquire+0x1334/0x7c80
[  130.994547][    C1]  ? mark_lock+0x94/0x320
[  130.998852][    C1]  ? __lock_acquire+0x1334/0x7c80
[  131.004043][    C1]  ? verify_lock_unused+0x140/0x140
[  131.009235][    C1]  lock_acquire+0x197/0x410
[  131.013739][    C1]  ? __wake_up+0xf8/0x190
[  131.018055][    C1]  ? read_lock_is_recursive+0x20/0x20
[  131.023413][    C1]  _raw_spin_lock_irqsave+0xa8/0xf0
[  131.028593][    C1]  ? __wake_up+0xf8/0x190
[  131.032906][    C1]  ? _raw_spin_lock+0x40/0x40
[  131.037566][    C1]  __wake_up+0xf8/0x190
[  131.041703][    C1]  ? __wake_up_bit+0x1e0/0x1e0
[  131.046455][    C1]  __usb_hcd_giveback_urb+0x396/0x520
[  131.051809][    C1]  dummy_timer+0x88a/0x3140
[  131.056295][    C1]  ? mark_lock+0x94/0x320
[  131.060604][    C1]  ? lock_chain_count+0x20/0x20
[  131.065427][    C1]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  131.071295][    C1]  ? dummy_free_streams+0x530/0x530
[  131.076478][    C1]  ? debug_object_deactivate+0x67/0x350
[  131.082649][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  131.087840][    C1]  ? dummy_free_streams+0x530/0x530
[  131.093023][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  131.098116][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  131.104169][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  131.109266][    C1]  handle_softirqs+0x280/0x820
[  131.114012][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  131.118761][    C1]  ? do_softirq+0x180/0x180
[  131.123243][    C1]  __irq_exit_rcu+0xc7/0x190
[  131.127813][    C1]  ? irq_exit_rcu+0x20/0x20
[  131.132299][    C1]  irq_exit_rcu+0x9/0x20
[  131.136522][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  131.142137][    C1]  </IRQ>
[  131.145048][    C1]  <TASK>
[  131.147954][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  131.153910][    C1] RIP: 0010:lock_acquire+0x1f2/0x410
[  131.159175][    C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00
[  131.178768][    C1] RSP: 0000:ffffc900057a7a40 EFLAGS: 00000206
[  131.184813][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 462dd8957a8fd500
[  131.192762][    C1] RDX: 0000000000000000 RSI: ffffffff8aaacee0 RDI: ffffffff8afc6a80
[  131.200709][    C1] RBP: ffffc900057a7b48 R08: dffffc0000000000 R09: 1ffffffff21b50a0
[  131.208655][    C1] R10: dffffc0000000000 R11: fffffbfff21b50a1 R12: 1ffff92000af4f54
[  131.216605][    C1] R13: ffffffff8cd2ff20 R14: 0000000000000246 R15: dffffc0000000000
[  131.224562][    C1]  ? batadv_nc_worker+0xd2/0x610
[  131.229488][    C1]  ? read_lock_is_recursive+0x20/0x20
[  131.234838][    C1]  ? batadv_nc_worker+0xd2/0x610
[  131.239785][    C1]  batadv_nc_worker+0xef/0x610
[  131.244532][    C1]  ? batadv_nc_worker+0xd2/0x610
[  131.249444][    C1]  ? process_scheduled_works+0x957/0x15b0
[  131.255144][    C1]  process_scheduled_works+0xa45/0x15b0
[  131.260674][    C1]  ? assign_work+0x400/0x400
[  131.265246][    C1]  ? assign_work+0x39e/0x400
[  131.269814][    C1]  worker_thread+0xa55/0xfc0
[  131.274494][    C1]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  131.280371][    C1]  ? _raw_spin_unlock+0x40/0x40
[  131.285196][    C1]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  131.291067][    C1]  kthread+0x2fa/0x390
[  131.295116][    C1]  ? pr_cont_work+0x560/0x560
[  131.299771][    C1]  ? kthread_blkcg+0xd0/0xd0
[  131.304340][    C1]  ret_from_fork+0x48/0x80
[  131.308734][    C1]  ? kthread_blkcg+0xd0/0xd0
[  131.313326][    C1]  ret_from_fork_asm+0x11/0x20
[  131.318072][    C1]  </TASK>
[  131.321069][    C1] 
[  131.323383][    C1] Allocated by task 787:
[  131.327604][    C1]  kasan_set_track+0x4e/0x70
[  131.332170][    C1]  __kasan_kmalloc+0x8f/0xa0
[  131.336885][    C1]  xpad_probe+0x41c/0x1ec0
[  131.341288][    C1]  usb_probe_interface+0x5a4/0xb00
[  131.346380][    C1]  really_probe+0x25b/0xb40
[  131.350859][    C1]  __driver_probe_device+0x18c/0x330
[  131.356116][    C1]  driver_probe_device+0x4f/0x420
[  131.361117][    C1]  __device_attach_driver+0x2ca/0x520
[  131.366468][    C1]  bus_for_each_drv+0x24b/0x2d0
[  131.371300][    C1]  __device_attach+0x2b5/0x400
[  131.376045][    C1]  bus_probe_device+0x180/0x260
[  131.380868][    C1]  device_add+0x85b/0xc20
[  131.385183][    C1]  usb_set_configuration+0x1a79/0x20c0
[  131.390642][    C1]  usb_generic_driver_probe+0x8d/0x150
[  131.396772][    C1]  usb_probe_device+0x13d/0x280
[  131.401611][    C1]  really_probe+0x25b/0xb40
[  131.406090][    C1]  __driver_probe_device+0x18c/0x330
[  131.411348][    C1]  driver_probe_device+0x4f/0x420
[  131.416352][    C1]  __device_attach_driver+0x2ca/0x520
[  131.421706][    C1]  bus_for_each_drv+0x24b/0x2d0
[  131.426531][    C1]  __device_attach+0x2b5/0x400
[  131.431268][    C1]  bus_probe_device+0x180/0x260
[  131.436100][    C1]  device_add+0x85b/0xc20
[  131.440405][    C1]  usb_new_device+0xa31/0x1630
[  131.445144][    C1]  hub_event+0x2962/0x49c0
[  131.449537][    C1]  process_scheduled_works+0xa45/0x15b0
[  131.455062][    C1]  worker_thread+0xa55/0xfc0
[  131.459626][    C1]  kthread+0x2fa/0x390
[  131.463669][    C1]  ret_from_fork+0x48/0x80
[  131.468061][    C1]  ret_from_fork_asm+0x11/0x20
[  131.472803][    C1] 
[  131.475114][    C1] Freed by task 5173:
[  131.479069][    C1]  kasan_set_track+0x4e/0x70
[  131.483644][    C1]  kasan_save_free_info+0x2e/0x50
[  131.488642][    C1]  ____kasan_slab_free+0x126/0x1e0
[  131.493731][    C1]  slab_free_freelist_hook+0x130/0x1b0
[  131.499253][    C1]  __kmem_cache_free+0xba/0x1f0
[  131.504082][    C1]  xpad_disconnect+0x350/0x480
[  131.508820][    C1]  usb_unbind_interface+0x1f2/0x870
[  131.513996][    C1]  device_release_driver_internal+0x4cb/0x7a0
[  131.520036][    C1]  bus_remove_device+0x342/0x400
[  131.524954][    C1]  device_del+0x50b/0x900
[  131.529327][    C1]  usb_disable_device+0x3e9/0x8a0
[  131.534350][    C1]  usb_disconnect+0x34c/0x8a0
[  131.539025][    C1]  hub_event+0x1cef/0x49c0
[  131.543430][    C1]  process_scheduled_works+0xa45/0x15b0
[  131.548957][    C1]  worker_thread+0xa55/0xfc0
[  131.553529][    C1]  kthread+0x2fa/0x390
[  131.557575][    C1]  ret_from_fork+0x48/0x80
[  131.561973][    C1]  ret_from_fork_asm+0x11/0x20
[  131.566720][    C1] 
[  131.569026][    C1] Last potentially related work creation:
[  131.574732][    C1]  kasan_save_stack+0x3e/0x60
[  131.579400][    C1]  __kasan_record_aux_stack+0xaf/0xc0
[  131.584763][    C1]  insert_work+0x3d/0x310
[  131.589084][    C1]  __queue_work+0xc39/0x1020
[  131.593668][    C1]  queue_work_on+0x121/0x1e0
[  131.598259][    C1]  xpad_irq_in+0xb13/0x25a0
[  131.602756][    C1]  __usb_hcd_giveback_urb+0x35f/0x520
[  131.608114][    C1]  dummy_timer+0x88a/0x3140
[  131.612600][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  131.617780][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  131.622871][    C1]  handle_softirqs+0x280/0x820
[  131.627615][    C1]  __irq_exit_rcu+0xc7/0x190
[  131.632184][    C1]  irq_exit_rcu+0x9/0x20
[  131.636404][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  131.642027][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  131.647982][    C1] 
[  131.650288][    C1] Second to last potentially related work creation:
[  131.656846][    C1]  kasan_save_stack+0x3e/0x60
[  131.661509][    C1]  __kasan_record_aux_stack+0xaf/0xc0
[  131.666861][    C1]  insert_work+0x3d/0x310
[  131.671168][    C1]  __queue_work+0xc39/0x1020
[  131.675734][    C1]  queue_work_on+0x121/0x1e0
[  131.680311][    C1]  xpad_irq_in+0xb13/0x25a0
[  131.684805][    C1]  __usb_hcd_giveback_urb+0x35f/0x520
[  131.690156][    C1]  dummy_timer+0x88a/0x3140
[  131.694636][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  131.699813][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  131.704904][    C1]  handle_softirqs+0x280/0x820
[  131.709653][    C1]  __irq_exit_rcu+0xc7/0x190
[  131.714233][    C1]  irq_exit_rcu+0x9/0x20
[  131.718491][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  131.724109][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  131.730075][    C1] 
[  131.732385][    C1] The buggy address belongs to the object at ffff888078adc800
[  131.732385][    C1]  which belongs to the cache kmalloc-1k of size 1024
[  131.746430][    C1] The buggy address is located 145 bytes inside of
[  131.746430][    C1]  freed 1024-byte region [ffff888078adc800, ffff888078adcc00)
[  131.760297][    C1] 
[  131.762603][    C1] The buggy address belongs to the physical page:
[  131.769004][    C1] page:ffffea0001e2b600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78ad8
[  131.779143][    C1] head:ffffea0001e2b600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  131.788057][    C1] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  131.796023][    C1] page_type: 0xffffffff()
[  131.800335][    C1] raw: 00fff00000000840 ffff888017841dc0 dead000000000100 dead000000000122
[  131.808902][    C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  131.817464][    C1] page dumped because: kasan: bad access detected
[  131.823861][    C1] page_owner tracks the page as allocated
[  131.829574][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xf2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_MEMALLOC), pid 2116, tgid 2116 (kworker/u4:5), ts 67562683864, free_ts 67399052672
[  131.851600][    C1]  post_alloc_hook+0x1cd/0x210
[  131.856351][    C1]  get_page_from_freelist+0x195c/0x19f0
[  131.861874][    C1]  __alloc_pages+0x1e3/0x460
[  131.866443][    C1]  alloc_slab_page+0x5d/0x170
[  131.871097][    C1]  new_slab+0x87/0x2e0
[  131.875160][    C1]  ___slab_alloc+0xc6d/0x1300
[  131.879830][    C1]  __kmem_cache_alloc_node+0x1a2/0x260
[  131.885285][    C1]  __kmalloc_node_track_caller+0xa2/0x230
[  131.891003][    C1]  kmalloc_reserve+0x117/0x260
[  131.895757][    C1]  __alloc_skb+0x138/0x2c0
[  131.900152][    C1]  __netdev_alloc_skb+0x10c/0x500
[  131.905157][    C1]  batadv_iv_ogm_queue_add+0x73e/0xcf0
[  131.910610][    C1]  batadv_iv_ogm_schedule+0xab3/0xe90
[  131.915975][    C1]  batadv_iv_send_outstanding_bat_ogm_packet+0x731/0x840
[  131.922980][    C1]  process_scheduled_works+0xa45/0x15b0
[  131.928511][    C1]  worker_thread+0xa55/0xfc0
[  131.933085][    C1] page last free stack trace:
[  131.937773][    C1]  free_unref_page_prepare+0x7ce/0x8e0
[  131.943216][    C1]  free_unref_page+0x32/0x2e0
[  131.947877][    C1]  __slab_free+0x35e/0x410
[  131.952275][    C1]  qlist_free_all+0x75/0xe0
[  131.956760][    C1]  kasan_quarantine_reduce+0x143/0x160
[  131.962200][    C1]  __kasan_slab_alloc+0x22/0x80
[  131.967028][    C1]  slab_post_alloc_hook+0x6e/0x4d0
[  131.972119][    C1]  kmem_cache_alloc_node+0x150/0x330
[  131.977401][    C1]  __alloc_skb+0x108/0x2c0
[  131.981796][    C1]  mld_newpack+0x143/0xbf0
[  131.986199][    C1]  add_grhead+0x5a/0x2a0
[  131.990462][    C1]  add_grec+0x13ad/0x1660
[  131.994781][    C1]  mld_ifc_work+0x6e6/0xb40
[  131.999271][    C1]  process_scheduled_works+0xa45/0x15b0
[  132.004891][    C1]  worker_thread+0xa55/0xfc0
[  132.009488][    C1]  kthread+0x2fa/0x390
[  132.013536][    C1] 
[  132.015840][    C1] Memory state around the buggy address:
[  132.021446][    C1]  ffff888078adc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  132.029479][    C1]  ffff888078adc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.037512][    C1] >ffff888078adc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.045542][    C1]                          ^
[  132.050104][    C1]  ffff888078adc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.058140][    C1]  ffff888078adc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.066176][    C1] ==================================================================
[  132.074216][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  132.081393][    C1] CPU: 1 PID: 2116 Comm: kworker/u4:5 Not tainted syzkaller #0
[  132.088908][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  132.098944][    C1] Workqueue: bat_events batadv_nc_worker
[  132.104565][    C1] Call Trace:
[  132.107821][    C1]  <IRQ>
[  132.110644][    C1]  dump_stack_lvl+0x16c/0x230
[  132.115306][    C1]  ? show_regs_print_info+0x20/0x20
[  132.120482][    C1]  ? load_image+0x3b0/0x3b0
[  132.124972][    C1]  panic+0x2c0/0x710
[  132.128840][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  132.133318][    C1]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  132.139186][    C1]  ? _raw_spin_unlock+0x40/0x40
[  132.144012][    C1]  ? print_memory_metadata+0x314/0x400
[  132.149447][    C1]  ? register_lock_class+0x7fc/0x890
[  132.154708][    C1]  check_panic_on_warn+0x84/0xa0
[  132.159624][    C1]  ? register_lock_class+0x7fc/0x890
[  132.164887][    C1]  end_report+0x6f/0x140
[  132.169107][    C1]  kasan_report+0x128/0x150
[  132.173585][    C1]  ? register_lock_class+0x7fc/0x890
[  132.178844][    C1]  register_lock_class+0x7fc/0x890
[  132.183931][    C1]  ? __down_timeout+0x10/0x10
[  132.188591][    C1]  ? is_dynamic_key+0x260/0x260
[  132.193424][    C1]  ? prb_read_valid+0x3d/0x60
[  132.198080][    C1]  __lock_acquire+0x17a/0x7c80
[  132.202820][    C1]  ? __lock_acquire+0x1334/0x7c80
[  132.207819][    C1]  ? mark_lock+0x94/0x320
[  132.212123][    C1]  ? __lock_acquire+0x1334/0x7c80
[  132.217122][    C1]  ? verify_lock_unused+0x140/0x140
[  132.222299][    C1]  lock_acquire+0x197/0x410
[  132.226781][    C1]  ? __wake_up+0xf8/0x190
[  132.231090][    C1]  ? read_lock_is_recursive+0x20/0x20
[  132.236459][    C1]  _raw_spin_lock_irqsave+0xa8/0xf0
[  132.241632][    C1]  ? __wake_up+0xf8/0x190
[  132.245936][    C1]  ? _raw_spin_lock+0x40/0x40
[  132.250588][    C1]  __wake_up+0xf8/0x190
[  132.254720][    C1]  ? __wake_up_bit+0x1e0/0x1e0
[  132.259498][    C1]  __usb_hcd_giveback_urb+0x396/0x520
[  132.264848][    C1]  dummy_timer+0x88a/0x3140
[  132.269334][    C1]  ? mark_lock+0x94/0x320
[  132.273640][    C1]  ? lock_chain_count+0x20/0x20
[  132.278467][    C1]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  132.284337][    C1]  ? dummy_free_streams+0x530/0x530
[  132.289513][    C1]  ? debug_object_deactivate+0x67/0x350
[  132.295039][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  132.300216][    C1]  ? dummy_free_streams+0x530/0x530
[  132.305399][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  132.310486][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  132.316531][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  132.321619][    C1]  handle_softirqs+0x280/0x820
[  132.326706][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  132.331445][    C1]  ? do_softirq+0x180/0x180
[  132.335925][    C1]  __irq_exit_rcu+0xc7/0x190
[  132.340489][    C1]  ? irq_exit_rcu+0x20/0x20
[  132.344964][    C1]  irq_exit_rcu+0x9/0x20
[  132.349180][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  132.354793][    C1]  </IRQ>
[  132.357704][    C1]  <TASK>
[  132.360614][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  132.366570][    C1] RIP: 0010:lock_acquire+0x1f2/0x410
[  132.371831][    C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00
[  132.391418][    C1] RSP: 0000:ffffc900057a7a40 EFLAGS: 00000206
[  132.397460][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 462dd8957a8fd500
[  132.405417][    C1] RDX: 0000000000000000 RSI: ffffffff8aaacee0 RDI: ffffffff8afc6a80
[  132.413367][    C1] RBP: ffffc900057a7b48 R08: dffffc0000000000 R09: 1ffffffff21b50a0
[  132.421314][    C1] R10: dffffc0000000000 R11: fffffbfff21b50a1 R12: 1ffff92000af4f54
[  132.429263][    C1] R13: ffffffff8cd2ff20 R14: 0000000000000246 R15: dffffc0000000000
[  132.437217][    C1]  ? batadv_nc_worker+0xd2/0x610
[  132.442512][    C1]  ? read_lock_is_recursive+0x20/0x20
[  132.447863][    C1]  ? batadv_nc_worker+0xd2/0x610
[  132.452777][    C1]  batadv_nc_worker+0xef/0x610
[  132.457532][    C1]  ? batadv_nc_worker+0xd2/0x610
[  132.462446][    C1]  ? process_scheduled_works+0x957/0x15b0
[  132.468139][    C1]  process_scheduled_works+0xa45/0x15b0
[  132.473666][    C1]  ? assign_work+0x400/0x400
[  132.478240][    C1]  ? assign_work+0x39e/0x400
[  132.482815][    C1]  worker_thread+0xa55/0xfc0
[  132.487383][    C1]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  132.493252][    C1]  ? _raw_spin_unlock+0x40/0x40
[  132.498076][    C1]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  132.503947][    C1]  kthread+0x2fa/0x390
[  132.507989][    C1]  ? pr_cont_work+0x560/0x560
[  132.512647][    C1]  ? kthread_blkcg+0xd0/0xd0
[  132.517210][    C1]  ret_from_fork+0x48/0x80
[  132.521604][    C1]  ? kthread_blkcg+0xd0/0xd0
[  132.526176][    C1]  ret_from_fork_asm+0x11/0x20
[  132.530919][    C1]  </TASK>
[  133.641211][    C1] Shutting down cpus with NMI
[  133.646153][    C1] Kernel Offset: disabled
[  133.650482][    C1] Rebooting in 86400 seconds..