last executing test programs:

20.002371444s ago: executing program 0 (id=2540):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d"], 0x1a)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_complete={{0x3, 0xb}, {0x3, 0xc9, @none, 0x0, 0x3}}}, 0xe)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0))
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x0, 0xc8}}}, 0x6)
preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RTC_UIE_ON(r4, 0x7003)
ioctl$RTC_SET_TIME(r4, 0x4024700a, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x14, 0x0, 0x4f6})
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
setresuid(0x0, 0xee00, 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x301, 0x0, 0x0, {0x24}}, 0x14}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f0000000180)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x4088}, 0xc, &(0x7f0000001240)={&(0x7f0000000280)=ANY=[@ANYRES32=r6, @ANYRESOCT=r1], 0x84}, 0x1, 0x0, 0x0, 0x48104}, 0x0)

18.083535582s ago: executing program 0 (id=2548):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a"], 0x68}}, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="6400000010000304000000000000000000007400", @ANYRES32=r2, @ANYBLOB="0000000000000000440012800b00010062726964676500"], 0x64}}, 0x0)

17.86372712s ago: executing program 0 (id=2549):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setpriority(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, r1, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1})

17.195758745s ago: executing program 0 (id=2552):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)='0', 0x1}], 0x1}, 0x4040001)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
close(r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r4, &(0x7f0000000080), 0x12)
write$cgroup_int(r5, &(0x7f0000000200), 0x48400)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000100)="c70f7906eb9523ea77dbb6d76dfc5ca7e83365a719f409ada71880f3a988a9468f68", 0x22}, {&(0x7f0000000300)="fbe65e068dba0f9233ed832421562b6b9761b390e47e7d66fe891fc3d9ff4cd138504143641914e7e1b284f715dfba10b96f023c49d72e454f2b1805c7e3bbf6000000b9c775bb657574a5c99e9dd0100e24c0f3b57933f144944dc8046e12", 0x5f}], 0x2)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendfile(r7, r3, 0x0, 0xfacf)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x345a0000}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x884)
r12 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r13 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r13, 0x0)
sendmsg$TCPDIAG_GETSOCK(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES16=r13, @ANYRES32=0x0, @ANYBLOB="4008004e590601"], 0x58}}, 0x0)
recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/126, 0x7e}], 0x1}, 0x12163)
recvmsg(r0, &(0x7f0000000a80)={&(0x7f0000000800)=@qipcrtr, 0x80, &(0x7f0000000540)=[{&(0x7f0000000880)=""/208, 0xd0}], 0x1, &(0x7f0000000980)=""/232, 0xe8}, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

16.262412782s ago: executing program 3 (id=2555):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e0009"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8}]}], {0x14, 0x10}}, 0x64}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$loop(0x0, 0x75f, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x80}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = syz_genetlink_get_family_id$batadv(0x0, r2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r9, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="190000001000850600c6", @ANYRESHEX=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x14)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000380)={0x1, @pix_mp={0x0, 0x4, 0x30364d54, 0x6, 0x4, [{0x7, 0x2}, {0x1, 0x200}, {0x31186a54, 0x5}, {0x8000, 0x1000}, {0x7, 0xfa}, {0x10, 0xffff0fbd}, {0x3, 0x20d}, {0x5, 0xd4}], 0x0, 0x7, 0x8, 0x1, 0x7}})
sendmsg$nl_route(r7, 0x0, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x3c, r6, 0x300, 0x70bd28, 0x0, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8001}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xb}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44890}, 0x40)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x11af, 0xdfd2, 0x1, 0x0, 0x0)

15.43808877s ago: executing program 0 (id=2558):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1}, 0x48)
r5 = socket$kcm(0x29, 0x5, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000140)={'full'}, 0xfffffdef)

12.811484846s ago: executing program 1 (id=2568):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)='0', 0x1}], 0x1}, 0x4040001)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
close(r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r4, &(0x7f0000000080), 0x12)
write$cgroup_int(r5, &(0x7f0000000200), 0x48400)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000100)="c70f7906eb9523ea77dbb6d76dfc5ca7e83365a719f409ada71880f3a988a9468f68", 0x22}, {&(0x7f0000000300)="fbe65e068dba0f9233ed832421562b6b9761b390e47e7d66fe891fc3d9ff4cd138504143641914e7e1b284f715dfba10b96f023c49d72e454f2b1805c7e3bbf6000000b9c775bb657574a5c99e9dd0100e24c0f3b57933f144944dc8046e12", 0x5f}], 0x2)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendfile(r7, r3, 0x0, 0xfacf)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x345a0000}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x884)
r12 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r13 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r13, 0x0)
sendmsg$TCPDIAG_GETSOCK(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES16=r13, @ANYRES32=0x0, @ANYBLOB="4008004e590601"], 0x58}}, 0x0)
recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/126, 0x7e}], 0x1}, 0x12163)
recvmsg(r0, &(0x7f0000000a80)={&(0x7f0000000800)=@qipcrtr, 0x80, &(0x7f0000000540)=[{&(0x7f0000000880)=""/208, 0xd0}], 0x1, &(0x7f0000000980)=""/232, 0xe8}, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

11.195105519s ago: executing program 1 (id=2569):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000200)='./bus\x00', 0x2010000, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172640000008000200000ff5f78617474722c646973636172642c7768696e745f6d6f64653d757365722d626173651a9603642c6e6f696e6c696e48c8b8bd9db81b403801c199ffba3691ebc17570972cb0aab560ecd4a62772a15b05a04f8812838b6d154a85515cf6a313e8043c58707a92ff4e0d69fdd8fd380734190ccaff409ba8953c23b0c6f1c09d49447f1e1d0cedb97bb4daf266dcc2cec17b92cbbe1303abfc278ad789ffe0f34862de20f795a4b968385446d1964503b1815a337e284216bd6809000000000004000000d593d55b7516ceab7cd6f2aebee0e3b4e72511cc77b8aeb6cb60fe02009fbd67bd8d700393ec17bc2e14a4811bdefdda2f5f5ebead17e18e7fa077c6bf2fe6d11ac484b13898ad0c52acbc155d3426"], 0x1, 0x54f8, &(0x7f0000010140)="$eJzs3LtvW1UcB/DjpGn6okSIga1XqpASqbbiPCrYArTiIVJFPAYmcGzHcmv7RrHjhEwMjIiB/wSBxMTI38DAzIYYQGxIIN9zQpvyWOLECfl8pOvvvcfXv3uOVVX6XUc3ABfWXPbbL6VwM1wNIUyHEG6EUOyX0lZYi/FCCOFWCGHqia2Uxv8auBxCuBZCuJkKJqO3vrgzvL3681u/fvv97KXrX37zwwSWC5wRL4YQuttxf68bM2/FfJjGa8N2kd2VYcr4RvdROs5j7jU3iwp7tcPzakUut+L5+fZuf5RbnVp9lK32VjG+3YsX7A9bh3WKDzys7RTHjeZmke1+XmTrIM5r/yD+93bQH8Q6jVTv46J8GAwOM44395txPduPiqz3Bmk81s0bzf1RDlOmy4V63mkU89g8zjd9tr3d7u3uZ8PmTr+d97LVSvWlSvVuubqTN5qD5kq51m3cXcnmW53RaeVBs9Zda+V5q9Os1PPuQjbfqtfL1Wo2f6+52a71smq1slxZLK8upL072esP3s86jWx+lK+2e7uDdqefbeU7WfzEQrZUWX55Ibtdzd5d38g23rl/f33jvQ/vffDglfU3X0sn/W1a2fzS4tJSubpYXqouXKD1f5omPcb1w7GUJj0BgPPnRPv/uVizpP8HnnLe+/+g/x+Lc9X/XvT+/wTWD8ei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLB+nPnqjWJnLh5fT+PPpKHn0nEphDAVQvjjH0yHy0dqTqc6M/9y/sxTc1gLoagwusZs2q6l8dH2+7Mn/S0AAADA/9fXn9z6PHbr8WVu0hPiNMWbNlM3PhpTvVIIYWbupzFVmxq9PD+mYsW/70thf0zVihtYV8ZULN5yuzSuav/h8X236SNx5YkoxZg6hekAAACn7GgncBpdCAAAAJPx2aQnwGSUwuPfBNMf8M/GSD8IXj1yBAAAAJxDpUlPAAAAADhxRf9/Fp7/913J8/8AAADgpMTn/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf7NxPTsJAFAfg10IF/0Vi3HsVd3AMj+DSpeEAXoIj4BW8AGfAnUcwYGhLtAYTkw7FkO9L2jIT8uOVsHkzpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD69FfPJy9Ptc9uc1bqdNHcDAAAA7LIs5pPyxagan9fzl/XUdT3OIiKPiF29ey9OGpm9Oqf45f3FjxpeI8qEzWcM6uMsIu7q4+Nq398CAAAAHK/FdDauuvXqNDp0QXSpWrTJL+4T5WURUYzeE6Xlm9NNorDy992Px0Rp5QLWMFFYteTWT5X2J73GZfjtklWXvNNyAACATjQ7gW67EAAAALr0cOgCOIwstluZ273g8p/3XxuCp40RAAAA8L8Ndk1m3dcBAAAAdKzs/z3/DwAAAI5b9fw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9mlZzCeL6WzcNme1bifN3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfLI/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8+d1f/k9MjTPJ3Gtj6XkkWTs1tk6NvXPj6A/j69cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/0u1/+T0yNM8ncaWPpeCRZu2psXTX2HjSOHoy3fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79+8ZNxQEAf7bPF1pAHAFlCEIgMcBCr9fS0pUBFDHwJyBF6bUErvxoM9CqQsrChjJ3QTAihAQKW/6HzImUJWwZbggSc5B9duL8kDgIsa/J5yM9v+9Z1nvf50RRvn5OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDS8L2DOMkOnVEcF+c2dh8vZP3mkT6ztrI1m7UsjupM+unwavVDNNNcIgAAAFwcSVnfhxC209W5rI87ef2fltdkNf8Pz4/isp4/WveXfVn7Z+3333Ze3p+oM5onG/TO4qB/9XgqrbNb5WR74R+vaOV3Pn/2kuRfkPjD5ZeGaX4/o+/W199v5+FUHdkCAP/FlbIvgvL3oazvNZkYABdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6DJfDs2UchRBmWwdxZnP38cJJ/drK1mzZbj55slIdMxsiDSHcWRz0r9a4lkn34OGjz+YHg/79+oPXQgjNzV4EH49xTQhNZig4bRAX3+v/48h70QSs62yDhn8wAQBw7qRFy+r67XR1LjsXTYew9+Ph+v/NShzGrP93Prm5UZ2rWv/3alvh5Osu3fuy++Dho7cX783f7d/tf/7Otd67veu3bty41c2flXQ9MQEAAOB02kWr1v/x9PH9/8uVOIxZ/3/1fe+b6lyJ+v9EB5t+TWcCAABwsb34+l9/Riecj9rt8PX80tL93ui4//na6NhAqv/aVNGq9X8y3XRWAAAAQB2Gy9Gh/f/blTiMuf//3E+v/FIdMwkhXCr2/68sfDG4Xd9yJlodf07c9BoBAABo1qWiVff/0/z9/3j/lYc4hPDWG6O4+DeAY9X/yQff/lydq/r+//X6ljiR4pnR/cj7qRBaM01nBAAAwHn2TNGyYv+PdHXu018vf9T2/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3f4OAAD//xwcQP8=")
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
r1 = creat(&(0x7f0000000100)='./file1\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
write$cgroup_freezer_state(r0, &(0x7f0000000380)='FREEZING\x00', 0x9)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x0, 0x0, 0x3)

8.86638031s ago: executing program 1 (id=2571):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r3, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0xb4, 0x30, 0x1, 0x0, 0x0, {}, [{0xa0, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x10, 0x0, 0x0, {0x1f}, {0x0, 0x2}, 0x0, 0x4}}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb4}}, 0x0)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x0, 0x2, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x18, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00008f0a000000000000000007010000f8ffffffbfa400000200000007040000f0ffffffb70200000000000018230000", @ANYRESOCT=r3, @ANYRES32=r3, @ANYRES8=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x3}, 0x90)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
pwritev(r4, &(0x7f0000000600)=[{&(0x7f0000000240)="01000000", 0x4}, {&(0x7f0000000280)="f697079a161cfb7702311e629acda76933ddd0c24174eb4d4d28f9", 0x1b}, {0x0}], 0x3, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x26, 0x0, 0x0)

8.340315384s ago: executing program 3 (id=2573):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x40000ffff, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, 0x0)

8.166605078s ago: executing program 3 (id=2574):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000240)=""/214, 0xd6}, {&(0x7f0000001140)=""/4055, 0xfd7}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f00000007c0)=""/191, 0xbf}, {&(0x7f0000000040)=""/20, 0x14}, {&(0x7f00000000c0)=""/42, 0x2a}, {&(0x7f0000000b00)=""/210, 0xd2}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000c00)=""/130, 0x82}, {&(0x7f0000000180)=""/59, 0x3b}, {&(0x7f00000008c0)=""/54, 0x36}], 0xb}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)

7.209995827s ago: executing program 3 (id=2578):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)='0', 0x1}], 0x1}, 0x4040001)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
close(r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r4, &(0x7f0000000080), 0x12)
write$cgroup_int(r5, &(0x7f0000000200), 0x48400)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000100)="c70f7906eb9523ea77dbb6d76dfc5ca7e83365a719f409ada71880f3a988a9468f68", 0x22}, {&(0x7f0000000300)="fbe65e068dba0f9233ed832421562b6b9761b390e47e7d66fe891fc3d9ff4cd138504143641914e7e1b284f715dfba10b96f023c49d72e454f2b1805c7e3bbf6000000b9c775bb657574a5c99e9dd0100e24c0f3b57933f144944dc8046e12", 0x5f}], 0x2)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendfile(r7, r3, 0x0, 0xfacf)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x345a0000}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x884)
r12 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r13 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r13, 0x0)
sendmsg$TCPDIAG_GETSOCK(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES16=r13, @ANYRES32=0x0, @ANYBLOB="4008004e590601"], 0x58}}, 0x0)
recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/126, 0x7e}], 0x1}, 0x12163)
recvmsg(r0, &(0x7f0000000a80)={&(0x7f0000000800)=@qipcrtr, 0x80, &(0x7f0000000540)=[{&(0x7f0000000880)=""/208, 0xd0}], 0x1, &(0x7f0000000980)=""/232, 0xe8}, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

5.821000971s ago: executing program 1 (id=2582):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000200)='./bus\x00', 0x2010000, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172640000008000200000ff5f78617474722c646973636172642c7768696e745f6d6f64653d757365722d626173651a9603642c6e6f696e6c696e48c8b8bd9db81b403801c199ffba3691ebc17570972cb0aab560ecd4a62772a15b05a04f8812838b6d154a85515cf6a313e8043c58707a92ff4e0d69fdd8fd380734190ccaff409ba8953c23b0c6f1c09d49447f1e1d0cedb97bb4daf266dcc2cec17b92cbbe1303abfc278ad789ffe0f34862de20f795a4b968385446d1964503b1815a337e284216bd6809000000000004000000d593d55b7516ceab7cd6f2aebee0e3b4e72511cc77b8aeb6cb60fe02009fbd67bd8d700393ec17bc2e14a4811bdefdda2f5f5ebead17e18e7fa077c6bf2fe6d11ac484b13898ad0c52acbc155d3426"], 0x1, 0x54f8, &(0x7f0000010140)="$eJzs3LtvW1UcB/DjpGn6okSIga1XqpASqbbiPCrYArTiIVJFPAYmcGzHcmv7RrHjhEwMjIiB/wSBxMTI38DAzIYYQGxIIN9zQpvyWOLECfl8pOvvvcfXv3uOVVX6XUc3ABfWXPbbL6VwM1wNIUyHEG6EUOyX0lZYi/FCCOFWCGHqia2Uxv8auBxCuBZCuJkKJqO3vrgzvL3681u/fvv97KXrX37zwwSWC5wRL4YQuttxf68bM2/FfJjGa8N2kd2VYcr4RvdROs5j7jU3iwp7tcPzakUut+L5+fZuf5RbnVp9lK32VjG+3YsX7A9bh3WKDzys7RTHjeZmke1+XmTrIM5r/yD+93bQH8Q6jVTv46J8GAwOM44395txPduPiqz3Bmk81s0bzf1RDlOmy4V63mkU89g8zjd9tr3d7u3uZ8PmTr+d97LVSvWlSvVuubqTN5qD5kq51m3cXcnmW53RaeVBs9Zda+V5q9Os1PPuQjbfqtfL1Wo2f6+52a71smq1slxZLK8upL072esP3s86jWx+lK+2e7uDdqefbeU7WfzEQrZUWX55Ibtdzd5d38g23rl/f33jvQ/vffDglfU3X0sn/W1a2fzS4tJSubpYXqouXKD1f5omPcb1w7GUJj0BgPPnRPv/uVizpP8HnnLe+/+g/x+Lc9X/XvT+/wTWD8ei/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLB+nPnqjWJnLh5fT+PPpKHn0nEphDAVQvjjH0yHy0dqTqc6M/9y/sxTc1gLoagwusZs2q6l8dH2+7Mn/S0AAADA/9fXn9z6PHbr8WVu0hPiNMWbNlM3PhpTvVIIYWbupzFVmxq9PD+mYsW/70thf0zVihtYV8ZULN5yuzSuav/h8X236SNx5YkoxZg6hekAAACn7GgncBpdCAAAAJPx2aQnwGSUwuPfBNMf8M/GSD8IXj1yBAAAAJxDpUlPAAAAADhxRf9/Fp7/913J8/8AAADgpMTn/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf7NxPTsJAFAfg10IF/0Vi3HsVd3AMj+DSpeEAXoIj4BW8AGfAnUcwYGhLtAYTkw7FkO9L2jIT8uOVsHkzpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD69FfPJy9Ptc9uc1bqdNHcDAAAA7LIs5pPyxagan9fzl/XUdT3OIiKPiF29ey9OGpm9Oqf45f3FjxpeI8qEzWcM6uMsIu7q4+Nq398CAAAAHK/FdDauuvXqNDp0QXSpWrTJL+4T5WURUYzeE6Xlm9NNorDy992Px0Rp5QLWMFFYteTWT5X2J73GZfjtklWXvNNyAACATjQ7gW67EAAAALr0cOgCOIwstluZ273g8p/3XxuCp40RAAAA8L8Ndk1m3dcBAAAAdKzs/z3/DwAAAI5b9fw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9mlZzCeL6WzcNme1bifN3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfLI/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8+d1f/k9MjTPJ3Gtj6XkkWTs1tk6NvXPj6A/j69cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/0u1/+T0yNM8ncaWPpeCRZu2psXTX2HjSOHoy3fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79+8ZNxQEAf7bPF1pAHAFlCEIgMcBCr9fS0pUBFDHwJyBF6bUErvxoM9CqQsrChjJ3QTAihAQKW/6HzImUJWwZbggSc5B9duL8kDgIsa/J5yM9v+9Z1nvf50RRvn5OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDS8L2DOMkOnVEcF+c2dh8vZP3mkT6ztrI1m7UsjupM+unwavVDNNNcIgAAAFwcSVnfhxC209W5rI87ef2fltdkNf8Pz4/isp4/WveXfVn7Z+3333Ze3p+oM5onG/TO4qB/9XgqrbNb5WR74R+vaOV3Pn/2kuRfkPjD5ZeGaX4/o+/W199v5+FUHdkCAP/FlbIvgvL3oazvNZkYABdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6DJfDs2UchRBmWwdxZnP38cJJ/drK1mzZbj55slIdMxsiDSHcWRz0r9a4lkn34OGjz+YHg/79+oPXQgjNzV4EH49xTQhNZig4bRAX3+v/48h70QSs62yDhn8wAQBw7qRFy+r67XR1LjsXTYew9+Ph+v/NShzGrP93Prm5UZ2rWv/3alvh5Osu3fuy++Dho7cX783f7d/tf/7Otd67veu3bty41c2flXQ9MQEAAOB02kWr1v/x9PH9/8uVOIxZ/3/1fe+b6lyJ+v9EB5t+TWcCAABwsb34+l9/Riecj9rt8PX80tL93ui4//na6NhAqv/aVNGq9X8y3XRWAAAAQB2Gy9Gh/f/blTiMuf//3E+v/FIdMwkhXCr2/68sfDG4Xd9yJlodf07c9BoBAABo1qWiVff/0/z9/3j/lYc4hPDWG6O4+DeAY9X/yQff/lydq/r+//X6ljiR4pnR/cj7qRBaM01nBAAAwHn2TNGyYv+PdHXu018vf9T2/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3f4OAAD//xwcQP8=")
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
r1 = creat(&(0x7f0000000100)='./file1\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x2000402)
write$cgroup_freezer_state(r0, &(0x7f0000000380)='FREEZING\x00', 0x9)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x0, 0x0, 0x3)

5.71036946s ago: executing program 3 (id=2583):
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="042c1103c8000000000000000000000000000002d9e2ed8bf6077c57412763e8aa05000000000000000359242051549df872a70a9e5c3e25e810c5f1581c03"], 0x14)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
pipe2(0x0, 0x80000)
write$evdev(0xffffffffffffffff, &(0x7f00000003c0)=[{{0x77359400}, 0x14, 0x9, 0x6}, {{0x0, 0x2710}, 0x0, 0x0, 0x42dbad0d}], 0x30)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
syz_open_pts(0xffffffffffffffff, 0x408b03)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)={0x2, 0x0, [{0x4, 0x1b, &(0x7f0000000000)=""/27}, {0x115001, 0xa3, &(0x7f0000001500)=""/163}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x1)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0xfffffd5c)
write$rfkill(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x0, 0x1}, 0x8)
socket$key(0xf, 0x3, 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0xfffffffb, &(0x7f0000000080)=""/31, 0x0, &(0x7f0000000500)=""/4085, 0x2})
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000080)=ANY=[], 0x14)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000440), 0x0}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500), 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
sync()
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)

5.610839428s ago: executing program 2 (id=2584):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8f", 0xa7d}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.316543253s ago: executing program 2 (id=2585):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000040)='fusectl\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='fusectl\x00', &(0x7f0000000080)='fusectl\x00', 0x0)
r3 = dup2(r2, r2)
read$FUSE(r3, 0x0, 0x27)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r5, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000300))
r6 = socket$packet(0x11, 0x0, 0x300)
r7 = dup(r6)
r8 = syz_open_dev$MSR(&(0x7f0000000100), 0xff, 0x0)
sendfile(r8, r2, &(0x7f0000000200)=0xf, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000040)={0x0, 0x1, 0x0, &(0x7f0000000bc0)=""/116, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000000)={0x0, r7})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000280)={0x1, 0x0, [{0x0, 0x76, &(0x7f0000000000)=""/118}]})
ioctl$VHOST_SET_LOG_BASE(r5, 0x4008af04, &(0x7f0000000080)=0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r9=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000800030003"], 0x68}}, 0x0)
close(r1)
socket$nl_route(0x10, 0x3, 0x0)
splice(r0, 0x0, r1, 0x0, 0x10500, 0x0)

5.147547627s ago: executing program 2 (id=2586):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x18, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@private}, {@multicast1}, {@remote}, {@broadcast}, {@empty}, {@multicast1, 0xffd300}]}]}}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b)
r1 = dup(r0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.918611475s ago: executing program 2 (id=2587):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x17, @string={0x17, 0x3, "eef294b85700c433b35f0b7a9a6152edf42eb6b2ee"}}, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc}}}, &(0x7f00000009c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)={0x40, 0xb, 0x2, 'Yf'}, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x40, 0x19, 0x2, "6fc1"}, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x40, 0x21, 0x1}})

4.765253188s ago: executing program 3 (id=2588):
syz_mount_image$nilfs2(&(0x7f0000000740), &(0x7f0000000100)='./file1\x00', 0x4800, &(0x7f0000000040)=ANY=[], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
renameat2(r0, &(0x7f0000000380)='./file0\x00', r0, &(0x7f0000000200)='./bus/file0\x00', 0x0)

4.189440235s ago: executing program 1 (id=2590):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000240)=""/214, 0xd6}, {&(0x7f0000001140)=""/4055, 0xfd7}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f00000007c0)=""/191, 0xbf}, {&(0x7f0000000040)=""/20, 0x14}, {&(0x7f00000000c0)=""/42, 0x2a}, {&(0x7f0000000b00)=""/210, 0xd2}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000c00)=""/130, 0x82}, {&(0x7f0000000180)=""/59, 0x3b}, {&(0x7f00000008c0)=""/54, 0x36}], 0xb}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)

2.646572963s ago: executing program 4 (id=2592):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)='0', 0x1}], 0x1}, 0x4040001)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r2}, 0x38)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
close(r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r4, &(0x7f0000000080), 0x12)
write$cgroup_int(r5, &(0x7f0000000200), 0x48400)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58)
writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000100)="c70f7906eb9523ea77dbb6d76dfc5ca7e83365a719f409ada71880f3a988a9468f68", 0x22}, {&(0x7f0000000300)="fbe65e068dba0f9233ed832421562b6b9761b390e47e7d66fe891fc3d9ff4cd138504143641914e7e1b284f715dfba10b96f023c49d72e454f2b1805c7e3bbf6000000b9c775bb657574a5c99e9dd0100e24c0f3b57933f144944dc8046e12", 0x5f}], 0x2)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendfile(r7, r3, 0x0, 0xfacf)
r8 = socket$packet(0x11, 0x3, 0x300)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x345a0000}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211"], 0x398}}, 0x884)
r12 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r13 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r13, 0x0)
sendmsg$TCPDIAG_GETSOCK(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES16=r13, @ANYRES32=0x0, @ANYBLOB="4008004e590601"], 0x58}}, 0x0)
recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/126, 0x7e}], 0x1}, 0x12163)
recvmsg(r0, &(0x7f0000000a80)={&(0x7f0000000800)=@qipcrtr, 0x80, &(0x7f0000000540)=[{&(0x7f0000000880)=""/208, 0xd0}], 0x1, &(0x7f0000000980)=""/232, 0xe8}, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

1.742523397s ago: executing program 1 (id=2593):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc}}}, &(0x7f00000009c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)={0x40, 0xb, 0x2, 'Yf'}, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x40, 0x19, 0x2, "6fc1"}, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x40, 0x21, 0x1}})

1.602461228s ago: executing program 2 (id=2594):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8f", 0xa7d}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.517834015s ago: executing program 4 (id=2595):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000040)='fusectl\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='fusectl\x00', &(0x7f0000000080)='fusectl\x00', 0x0)
r3 = dup2(r2, r2)
read$FUSE(r3, 0x0, 0x27)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r5, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000300))
socket$packet(0x11, 0x3, 0x300)
r6 = dup(0xffffffffffffffff)
r7 = syz_open_dev$MSR(&(0x7f0000000100), 0xff, 0x0)
sendfile(r7, r2, &(0x7f0000000200)=0xf, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000040)={0x0, 0x1, 0x0, &(0x7f0000000bc0)=""/116, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000000)={0x0, r6})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000280)={0x1, 0x0, [{0x0, 0x76, &(0x7f0000000000)=""/118}]})
ioctl$VHOST_SET_LOG_BASE(r5, 0x4008af04, &(0x7f0000000080)=0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000800030003"], 0x68}}, 0x0)
close(r1)
socket$nl_route(0x10, 0x3, 0x0)
splice(r0, 0x0, r1, 0x0, 0x10500, 0x0)

1.292885384s ago: executing program 2 (id=2596):
pipe2(&(0x7f0000000040), 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="03c80096ebc2c66584601f003d5eceea86c5b4e4c22e7d73f8c4023570f400684f05afa738be36eec766c4520117c4509c8aa8113e9030f33d953fabfa1f8be7a4dcf4eacafd3b2610329733906bb2051dfe326329d8fa7e4921add80400000000000000f3fab770fbf828fc7a98b8ef6fc9997c8fad36af4a47805227c0b05145b51fadabcd55be1fd272b82f6dd32f35208d7aac762d4e6de9"], 0x9a)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x0, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x4}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000000000000bfa30000000000001403000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000007c000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a7c31de7910d1ed4065a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dacfeb47479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3de8726c2a61ec45c19f97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9bdce38c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4af05c28308241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5490f6589880ed6eea7b9c670012be05e7de0940313c5870786554df2623d58f5ace92d028f2c71a6ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77962a2cd8a104e16b77d5f7f13b1640d43e11801140caf1a8b1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b905fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf34117a82a96b2ced73abb8e4bb718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000001762e5f5a3a0bc33fdbe28a5ffc83f2f08544eb2794e7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f85d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d801002653c4d9818708e27c89b552d3fcd11ebce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff2a8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782ae57773e0d8b0ab900edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0bd91e328b6a6f732a91f0e2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c2d0836395fe39f0e11c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc71300000000000021000000b12f0ec0412268860027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b50f3ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861ddb54684cb73e7aeefae47fa09fd88e6043bd52ae84c1bb0c8a6b769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e81163bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4c4b51b1f922a44ec675203bf8d1548e49262727c3de6daab3b4ed15aa99802e45d0620617e839b5237ddfcf103c91e61d174e3be6c9fd47398797e3b814e751ff31ecb42de6dd9d6b88121aaa680c236a303914e00150e1ec3f144ebc28287d5b51cfb8cabb844d12b140767d0fc24425590024b2e431722392489e3d43b3e31438a0138988083c47c61384d54e9a40fba01cac6e59ec82edc764840fe551c1d57442970cd8e59b9f41094e158c0a1ee855d8515599685486c2a21fa1c107531a0db8306441e8408b34aa90e9736e672d74cb8e78f8bdb93a23d024fc200796836ab396911a56231e953efad6cd83db32ffc595d970108e9547ea0000002730d5d1b70fe8b458ac1651135037b6cb9c8053299f77ab84c5b9fd2f764c3caa9c69377c397d310ddc7bc4bfa165def7b49e28ef196ae263b6829a8419d8860f56c86c288964ac4bc19839d96ff24b"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000007111ab00000000008510000002000000850000000700000095000000000000009500a50500000000d86f894ddd8ca6ff240a54d810057bb4b9e974dfdc1217c7306fa9c1697d91424e6d4249f617e13229998cf6bef567cc3704aae2f47a6b8c921e40c2fe45003ec86aa697187fe8d6646dd363a5cf9175691ebcb28b38f794ca6fe9846379c5cfac7100dc5a37fcc756451d39"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
syz_emit_ethernet(0x540, &(0x7f0000002040)={@local, @local, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x4, 0x6, "e290bc", 0x506, 0x3a, 0x1, @dev={0xfe, 0x80, '\x00', 0x27}, @loopback, {[@srh={0x3b, 0x8, 0x4, 0x4, 0x0, 0x8, 0x5, [@private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x36}, @loopback, @empty]}, @fragment={0x33, 0x0, 0x8, 0x0, 0x0, 0x6, 0x68}, @fragment={0x2e, 0x0, 0x94, 0x1, 0x0, 0x1d, 0x64}, @routing={0x67, 0x12, 0x0, 0x0, 0x0, [@loopback, @empty, @empty, @loopback, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, @loopback, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}]}, @routing={0x92, 0x6, 0x1, 0x3, 0x0, [@private1, @loopback, @mcast2]}], @time_exceed={0x3, 0x1, 0x0, 0xbb, '\x00', {0x4, 0x6, "dd8af2", 0x2, 0x3b, 0xff, @local, @empty, [@hopopts={0x1d, 0x1, '\x00', [@padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @srh={0x89, 0x2, 0x4, 0x1, 0x5, 0x8, 0x6, [@mcast2]}, @fragment={0x5c, 0x0, 0x10, 0x0, 0x0, 0x8, 0x65}, @fragment={0x3a, 0x0, 0xf7, 0x1, 0x0, 0xf, 0x65}, @dstopts={0xff, 0x1, '\x00', [@jumbo, @ra={0x5, 0x2, 0x4}, @padn={0x1, 0x2, [0x0, 0x0]}]}, @srh={0xa2, 0x10, 0x4, 0x8, 0x2, 0x38, 0x6, [@local, @private2, @private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @mcast2]}, @hopopts={0x4, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0x5}]}, @hopopts={0x21, 0x3f, '\x00', [@calipso={0x7, 0x30, {0x2, 0xa, 0x2, 0x6, [0x380, 0x8, 0x49, 0x1, 0x7fff]}}, @generic={0x8, 0x8, "c0dd29e9cc253c22"}, @enc_lim={0x4, 0x1, 0x14}, @generic={0x2, 0xfe, "67183e28272e850d5537ea05a4c38af5943f0ba3709da3410c51345df728f792aedaf100cb1023ddf0217868d3e4f04f3d6ebfb82fb4ad44f58eee95d7dd1affbb4f9a2e2aed62a4d3fe6a81c1028831cc5d8f8694cea1eaa66842c3e979f767b020869d055fa7bf07389ecef7e5e286d260ef4c54694a33759771d2e27bf879e91249e119a612cc43ed74f73ce87840ea0fe6c3cd7a0155df5b282be311d67af39d4804752acbc785e9611fa78d27272dbd14c6d59d4fccb793d61e368a2fbb47e8453a9e4f628cd10f9a5cd5c461291331647285c8c6cc2a06cb62b7f1f5e5e2e8bb1bd41c4cd46d2b40a0fe176979ba893efa27c33881e1fde8bb5399"}, @jumbo={0xc2, 0x4, 0x5f445ced}, @generic={0x3, 0xb1, "26c577002bf04f8daf864c6d9fef88f2e17630ff7657b689e4dfb8a0e2f99ae00e693a7792c9ac56a32f3d329a64670d7d28843f7ace87c7ced39fd51e10a8c943bff7225c91011852e876895a491d97184690e31afce602469793bf9f78346e6e9184161e726bc71794ae58da225dbc856166bb6316db2f127d2438f7190ca7ab17e94d702c6d27ecd78f06810bbfe7b2c8dcded0cdc2e364ad4bfa086fe80dc6298c7a58f138695d6b9b15e5460a0dee"}]}, @srh={0x89, 0x2, 0x4, 0x1, 0x10, 0x8, 0x0, [@ipv4={'\x00', '\xff\xff', @empty}]}, @srh={0x5c, 0x8, 0x4, 0x4, 0x8, 0x30, 0x0, [@private2={0xfc, 0x2, '\x00', 0x1}, @local, @remote, @local]}], "0185c3b12dc5eccdf8d3d9f5d6aff7eb88044b0a5593c7be3bb6858da5eb6c552e2ff9fed3a5e1c1a6e0bbefc4a3c64f924a0497b8ff3eacfa72d7ee392a8535ff3997c0bd6cbd53b7ef1e9a7d6528865b67313b97f7d6742abd940d88554c39f0d025e8a3aa"}}}}}}}, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0xa)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3)
mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x1)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x4, 0xc8, 0x8766}}}, 0x8)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000380), 0x0, r1}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x401, 0xffffffffffffffff, 0x0, 0x100000000000000}, 0x38)
socket$inet6(0xa, 0x0, 0x0)
unshare(0x2c060000)
unshare(0x24020400)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)

1.234489559s ago: executing program 4 (id=2597):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x18, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@private}, {@multicast1}, {@remote}, {@broadcast}, {@empty}, {@multicast1, 0xffd300}]}]}}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b)
r1 = dup(r0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.054672834s ago: executing program 4 (id=2598):
syz_mount_image$nilfs2(&(0x7f0000000740), &(0x7f0000000100)='./file1\x00', 0x4800, &(0x7f0000000040)=ANY=[], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
renameat2(r0, &(0x7f0000000380)='./file0\x00', r0, &(0x7f0000000200)='./bus/file0\x00', 0x0)

465.266992ms ago: executing program 4 (id=2599):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='ext4_ext_remove_space_done\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x80, 0x62d, &(0x7f0000000c40)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNv3szue98dvZ03MzuaAEprKhulEfsi4lwSMdmybCIaC6eK9R5+fft8NiRRr///qySSIq+5/qNiujsbJY3XfHwy4neV9eUu3bx1cbZWb7gTcXj50tXDSzdvHVq8NHth/sL85Zkj/zx6bPpfMx9uTZy7i+mp0//70+svv/iPhU9qh5I4HmdHX5qLtji2ylTj040sxNb8kYg4liU6fC6wnSrF3+NoRPwhJqOSzzVMxuJrA60c0Ff1SmP/VB+rA6WTxKBrAAxGsx/QPLbvx3HwMHtwIhvf6BD/SHH0vjM/Ntr1MGk5MspyI/ZsQfkrEfHj7f1vZ0N0OQ8xsgXldC3/bkT8sdP2T/L49+SRZvGnkba8LktPF+c2svr9ZxN1SFrSvf393dlEaT/3S+Jv3Q5Z/MeLaZZ/ssv7P+0Uz1TbfNnaHwCDsXqi2JFnHZFY2/9lPcNm/yfa+z/19/NrQ+37ro3ovv9Lt+Ddny7v/4102v839/c783142tYPS2Ll2zOd33K0PePzV0+92a38qZb+XzZk5Tf7gj3YdNfwwd2I/W3xv5J/9Mnj7Z906P9mq5zrsYz/fvrlqW7LNhn/ptXvRRzoePyz1ivNUm3XJ5NoXp88OnN4YbE2P90Ydyzjg49eeLdb+YOOP9v+u7rE/6Ttn+Vd7bGM987cu9RI7Vi3bOKp8adfjCVn89RYPl5rXmPJ6WKVxuTG7PLytSNPrktznXw604j/4F87t/8u8ecHH+PNr8weXH3u4sNuyza5/R/Ve1yxmyz+uQ1u/zd6LOO756//uduy9fGvnZMY32hQAAAAAAAAUFJpfg02SauP02laLS68/T52pbUrS8t/W7hy/fJcxMH895CjafNK92RjPsnmZ4rfwzbnj7TN/z0i9kbEW5XxfL56/kptbtDBAwAAAAAAAAAAAAAAAAAAwJDYXdz//6h4Htg3lTStVgddK2Db9PMBc8Bw0/6hvPL2vz3PWwOGjP0/lFfH9u9LAUpBU4fy0v6hvLR/KC/tH8pL+4fy6t7+1y252++6AAAAAABbZu9fVu+PRMTKv8fzITNWLBsdaM2AftPGobwqg64AMDCPL/C7/R9Kp6f+//fFPwfsf3WAAUg6Zeadg/qTG/9qx1cCAAAAAAAAAAAAAH1wYN/q/cT9/1BKbvuD8trY/f+Vjb8UGBqd/vW/x4FAOTjGh5Lr4STAzm4L3P8PAAAAAAAAAAAAANtmIh+StFr8DHgi0rRajfhNROyJ0WRhsTY/HRG/jYjPKqM7svmZQVcaAAAAAAAAAAAAAAAAAAAAnjFLN29dnK3V5q+1Jn5Yl/NsJ5pPPB2W+rQmIul7EWm05YxHxDDE3p/ESEtOErGSbfmteOdk838/MQyfT5EY8BcTAAAAAAAAAAAAAAAAAACUUMu9x53tf2ebawQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA22/t+f/9Sww6RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1+mnAAAA//+EYjvS")

330.834313ms ago: executing program 0 (id=2561):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
r3 = eventfd2(0x0, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3})
io_setup(0x4, &(0x7f00000001c0)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x10000000002, 0x0, 0x1, r3}])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
fchdir(r5)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r6, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r7 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder-control\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r7, 0xc1086201, 0x0)
connect$unix(r6, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25)
r8 = dup(r1)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000200)="0f474800abc4e17a7eaa3c000000440f2012350f000000440f01c58fc97002700d0fc7b51d85cd66b9800000c00f3235000800000f302ef30f015e470f01d10f1ac7"}], 0x1, 0x0, 0x0, 0xfffffffffffffd9e)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406d0434c5000000"], 0x0)
socket(0x1f, 0x6, 0xffffffff)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r10, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x2c, @private=0xa010104, 0x0, 0xfffffffd, 'nq\x00', 0x0, 0x0, 0x2}, 0x2c)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

0s ago: executing program 4 (id=2600):
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x6, 0x7cab, {0xffffffffffffffff}, {<r0=>0xee00}, 0x3, 0x736bb014})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f00000003c0)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@jqfmt_vfsv1}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@jqfmt_vfsv1}, {@errors_remount}, {@user_xattr}, {@noblock_validity}], [{@uid_eq={'uid', 0x3d, r0}}, {@smackfsfloor={'smackfsfloor', 0x3d, '!t!'}}, {@dont_hash}, {@fowner_eq={'fowner', 0x3d, r0}}, {@appraise_type}, {@smackfstransmute={'smackfstransmute', 0x3d, '^\'^:{$y\'/{!'}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@subj_user={'subj_user', 0x3d, 'jqfmt=vfsv1'}}, {@smackfsdef={'smackfsdef', 0x3d, '{+/'}}, {@audit}]}, 0x1, 0x562, &(0x7f0000001080)="$eJzs3c1rHOUfAPDvbHb7/vs1hVJURAI9WKndNIkvFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC+Jd7x6L/4B/RUELRUrQg5fIbGbTbbObt26abffzgWmfZ2aSZ77zzPfJMzu7bAADayT7pxDxckR8k0QcbttWjHzjyMp+Sw+vT2ZLEsvLn/6VRJKva+2f5P8fzCsvRcRvX0WcLKxtt76wOFOpVtO5vD7amL0yWl9YPHVptjKdTqeXxycmzrw9Mf7eu+/0LNY3zv/z/Sd3Pzzz9fGl7365f+R2EmfjUL6tPY6ncKO9MhIj+TkpxdkndhzrQWP9JNntA2BbhvI8L0U2BhwutbIeePF9GRHLwIBKtpj/e40X8IJozQNa9/Y9ug9+bjz4YOUGaG38xZXXRmJf897owFLy2J1Rdr873IP2szZ+/fPO7WyJ3r0OAbChGzcj4nSxuHb8S/Lxb/tOb2KfJ9sw/sGzczeb/7zZaf5TWJ3/RIf5z8EOubsdG+d/4X4Pmukqm/+933H+u/rQangor/2vOecrJRcvVdNsbPt/RJyI0t6svt7znDNL95a7bWuf/2VL1n5rLpgfx/3i3sd/ZqrSqDxNzO0e3Ix4peP8N1nt/6RD/2fn4/wm2ziW3nmt27aN499Zyz9FvN6x/x890UrWfz452rweRltXxVp/3zr2e7f2dzv+rP8PrB//cNL+vLa+9TZ+3Pdv2m3bdq//PclnzfKefN21SqMxNxaxJ/l47frxRz/bqrf2z+I/cXz98a/T9b8/Ij7fZPy3jv786vbj31lZ/FNb6v+tF+599MUP3drfXP+/1SydyNdsZvzb7AE+zbkDAAAAAACAflOIiEORFMqr5UKhXF55f8fROFCo1uqNkxdr85enovlZ2eEoFVpPug+3vR9iLH8/bKs+/kR9IiKORMS3Q/ub9fJkrTq128EDAAAAAAAAAAAAAAAAAABAnzjY5fP/mT+GdvvogB3nK79hcG2Y/734piegL/n7D4NL/sPgkv8wuOQ/DC75D4NL/sPgkv8wuOQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NT5c+eyZXnp4fXJrD51dWF+pnb11FRanynPzk+WJ2tzV8rTtdp0NS1P1mY3+n3VWu3K2HjMXxttpPXGaH1h8cJsbf5y48Kl2cp0eiEtPZOoAAAAAAAAAAAAAAAAAAAA4PlSX1icqVSr6VyPCoWI6OkvVFhTyPrtRrFfznOxPw5DoceF3R6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCR/wIAAP//f14x3A==")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000002c0), &(0x7f0000002340)=ANY=[], 0x361, 0x0)
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000005140)='./file0\x00', 0x816, &(0x7f0000000300), 0x1, 0x50ed, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=")
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
fsopen(0x0, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000000300)='./file0\x00', 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x161040, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvfrom(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x9a, &(0x7f0000000600)={@empty, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x64, 0x3a, 0xff, @remote, @mcast2, {[@fragment={0x67, 0x0, 0x4, 0x0, 0x0, 0x7, 0x66}], @mlv2_query={0x82, 0x0, 0x0, 0x8, 0x4, @private1, 0x0, 0x1, 0x9, 0x8, 0x4, [@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1={0xfc, 0x1, '\x00', 0x1}, @empty]}}}}}}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x7fffffe, 0x360, 0x160, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x2b8, 0x20a, 0x278, 0x2b8, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x7a, 0xd8, 0x138, 0x0, {}, [@common=@inet=@tcp={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
write$binfmt_elf64(r6, &(0x7f0000000000)=ANY=[], 0xfd14)

kernel console output (not intermixed with test programs):

out
[  789.455908][ T3594] usb usb14-port1: unable to enumerate USB device
[  789.808301][ T3560] Bluetooth: hci5: unexpected event 0x2f length: 1017 > 260
[  791.675870][ T3549] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  791.695281][ T3549] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  791.705216][ T3549] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  791.713429][ T3549] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  791.748124][ T3549] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  791.757577][ T3549] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  792.043536][T13864] ip6gretap0 speed is unknown, defaulting to 1000
[  792.176288][T13741] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  792.415310][T13741] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  792.439042][T13741] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  792.568446][ T5301] device hsr_slave_0 left promiscuous mode
[  792.604034][ T5301] device hsr_slave_1 left promiscuous mode
[  792.624946][ T5301] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  792.677028][ T5301] batman_adv: batadv0: Removing interface: batadv_slave_0
[  792.754904][ T5301] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  792.775695][ T5301] batman_adv: batadv0: Removing interface: batadv_slave_1
[  792.811346][ T5301] device bridge_slave_1 left promiscuous mode
[  792.841937][ T5301] bridge0: port 2(bridge_slave_1) entered disabled state
[  792.910362][ T5301] device bridge_slave_0 left promiscuous mode
[  792.916696][ T5301] bridge0: port 1(bridge_slave_0) entered disabled state
[  792.980932][T13885] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  792.987497][T13885] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  793.007589][ T5301] device veth1_macvtap left promiscuous mode
[  793.016408][T13885] vhci_hcd vhci_hcd.0: Device attached
[  793.018116][ T5301] device veth0_macvtap left promiscuous mode
[  793.050016][ T5301] device veth1_vlan left promiscuous mode
[  793.055944][ T5301] device veth0_vlan left promiscuous mode
[  793.067807][T13889] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  793.074815][T13889] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  793.096025][T13889] vhci_hcd vhci_hcd.0: Device attached
[  793.120494][T13890] vhci_hcd: connection closed
[  793.120710][  T102] vhci_hcd: stop threads
[  793.137028][T13886] vhci_hcd: connection closed
[  793.155466][  T102] vhci_hcd: release socket
[  793.166169][  T102] vhci_hcd: disconnect device
[  793.182832][  T102] vhci_hcd: stop threads
[  793.197516][  T102] vhci_hcd: release socket
[  793.209980][  T102] vhci_hcd: disconnect device
[  794.306166][ T3549] Bluetooth: hci2: command tx timeout
[  794.686213][ T4292] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  794.941922][ T5301] team0 (unregistering): Port device team_slave_1 removed
[  795.013798][ T5301] team0 (unregistering): Port device team_slave_0 removed
[  795.074712][ T5301] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  795.095498][ T4292] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.140243][ T5301] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  795.279420][ T4292] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  795.288648][ T4292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.297639][ T4292] usb 4-1: Product: syz
[  795.301915][ T4292] usb 4-1: Manufacturer: syz
[  795.306963][ T4292] usb 4-1: SerialNumber: syz
[  795.798984][ T5301] bond0 (unregistering): Released all slaves
[  795.926798][T13741] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  795.973312][T13901] ip6gretap0 speed is unknown, defaulting to 1000
[  796.101697][T13905] ip6gretap0 speed is unknown, defaulting to 1000
[  796.528666][ T3549] Bluetooth: hci2: command tx timeout
[  796.539151][ T4292] cdc_ncm 4-1:1.0: failed to get mac address
[  796.777367][ T4292] cdc_ncm 4-1:1.0: bind() failure
[  796.825705][T13864] chnl_net:caif_netlink_parms(): no params data found
[  796.834012][ T4292] cdc_ncm: probe of 4-1:1.1 failed with error -71
[  796.851630][T13741] 8021q: adding VLAN 0 to HW filter on device bond0
[  796.907704][ T4292] cdc_mbim: probe of 4-1:1.1 failed with error -71
[  796.929573][ T4292] usbtest: probe of 4-1:1.1 failed with error -71
[  796.974882][ T4292] usb 4-1: USB disconnect, device number 27
[  797.202673][T13741] 8021q: adding VLAN 0 to HW filter on device team0
[  797.241175][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  797.253400][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  797.282147][T13864] bridge0: port 1(bridge_slave_0) entered blocking state
[  797.289609][T13864] bridge0: port 1(bridge_slave_0) entered disabled state
[  797.297964][ T3594] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  797.306509][T13864] device bridge_slave_0 entered promiscuous mode
[  797.316833][T13864] bridge0: port 2(bridge_slave_1) entered blocking state
[  797.324291][T13864] bridge0: port 2(bridge_slave_1) entered disabled state
[  797.332765][T13864] device bridge_slave_1 entered promiscuous mode
[  797.355380][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  797.389020][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  797.408997][ T3626] bridge0: port 1(bridge_slave_0) entered blocking state
[  797.416101][ T3626] bridge0: port 1(bridge_slave_0) entered forwarding state
[  797.522669][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  797.533880][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  797.570162][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  797.590367][ T3993] bridge0: port 2(bridge_slave_1) entered blocking state
[  797.597599][ T3993] bridge0: port 2(bridge_slave_1) entered forwarding state
[  797.633544][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  797.674822][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  797.687438][ T3594] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping
[  797.697153][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  797.729153][ T3594] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  797.730385][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  797.768519][ T3594] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.817191][ T3594] usb 3-1: config 0 descriptor??
[  797.850567][T13864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  797.888566][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  797.902591][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  797.914855][ T3549] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  797.923702][ T3549] Bluetooth: hci3: Injecting HCI hardware error event
[  797.933375][ T3560] Bluetooth: hci3: hardware error 0x00
[  797.943623][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  797.966547][T13741] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  797.981009][T13741] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  797.998437][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  798.007278][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  798.016109][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  798.024924][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  798.040435][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  798.062278][T13864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  798.151531][T13929] netlink: 'syz.3.2216': attribute type 12 has an invalid length.
[  798.215637][T13864] team0: Port device team_slave_0 added
[  798.285420][T13864] team0: Port device team_slave_1 added
[  798.316738][T13919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  798.344152][T13919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  798.380696][ T3594] ath6kl: Failed to read usb control message: -71
[  798.391406][ T3594] ath6kl: Unable to read the bmi data from the device: -71
[  798.409687][ T3594] ath6kl: Unable to recv target info: -71
[  798.457553][ T3594] ath6kl: Failed to init ath6kl core: -71
[  798.557651][T13864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  798.567067][ T3594] ath6kl_usb: probe of 3-1:0.0 failed with error -71
[  798.573906][T13864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  798.617317][ T3594] usb 3-1: USB disconnect, device number 23
[  798.911661][ T3549] Bluetooth: hci2: command tx timeout
[  799.147622][T13864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  799.326799][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  799.345863][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  799.368547][T13864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  799.375905][T13864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  799.567727][T13864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  799.990898][T13741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  800.255057][ T3560] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  800.714718][T13949] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  800.721264][T13949] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  800.729866][T13864] device hsr_slave_0 entered promiscuous mode
[  800.742579][T13949] vhci_hcd vhci_hcd.0: Device attached
[  800.758271][T13864] device hsr_slave_1 entered promiscuous mode
[  800.800111][T13864] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  800.810896][T13864] Cannot create hsr debugfs directory
[  800.840367][T13949] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  800.846924][T13949] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  800.885356][T13949] vhci_hcd vhci_hcd.0: Device attached
[  800.910091][T13952] vhci_hcd: connection closed
[  800.910290][T13950] vhci_hcd: connection closed
[  800.915265][ T4056] vhci_hcd: stop threads
[  800.926859][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  800.958083][ T4056] vhci_hcd: release socket
[  800.969517][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  800.977797][ T4056] vhci_hcd: disconnect device
[  801.003759][ T4056] vhci_hcd: stop threads
[  801.008068][ T4056] vhci_hcd: release socket
[  801.039373][ T4056] vhci_hcd: disconnect device
[  801.059122][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  801.078443][ T4292] usb 14-1: enqueue for inactive port 0
[  801.089642][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  801.108724][T13741] device veth0_vlan entered promiscuous mode
[  801.121852][ T3561] Bluetooth: hci2: command tx timeout
[  801.137530][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  801.161094][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  801.235316][T13741] device veth1_vlan entered promiscuous mode
[  801.408998][T13864] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.454347][T13741] device veth0_macvtap entered promiscuous mode
[  801.486893][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  801.496179][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  801.511529][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  801.561233][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  801.581721][T13741] device veth1_macvtap entered promiscuous mode
[  801.649969][T13864] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.674923][ T4292] usb usb14-port1: attempt power cycle
[  801.701654][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  801.714900][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  801.732912][T13957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2222'.
[  801.797895][T13864] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  801.878612][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  801.911146][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  801.955248][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  801.988185][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.020341][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  802.074840][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.090212][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  802.113910][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.137701][T13741] batman_adv: batadv0: Interface activated: batadv_slave_0
[  802.194861][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  802.211485][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  802.251270][T13864] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.274591][T13969] netlink: 'syz.3.2225': attribute type 12 has an invalid length.
[  802.355413][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  802.376923][ T4292] usb usb14-port1: unable to enumerate USB device
[  802.390313][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.405988][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  802.442195][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.472775][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  802.497580][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.507432][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  802.508496][ T3560] Bluetooth: hci3: Opcode 0x206c failed: -110
[  802.550157][T13973] loop3: detected capacity change from 0 to 4096
[  802.562422][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  802.602001][T13741] batman_adv: batadv0: Interface activated: batadv_slave_1
[  802.638168][T13973] NILFS (loop3): invalid segment: Checksum error in segment payload
[  802.654266][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  802.673181][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  802.713960][T13973] NILFS (loop3): trying rollback from an earlier position
[  802.725380][T13741] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  802.734109][T13741] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  802.750684][T13741] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  802.760052][T13741] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  802.770720][T13973] NILFS (loop3): recovery complete
[  802.798001][T13974] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  803.117113][ T1254] ieee802154 phy0 wpan0: encryption failed: -22
[  803.123444][ T1254] ieee802154 phy1 wpan1: encryption failed: -22
[  804.128402][T13864] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  804.135775][ T3710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  804.151160][ T3710] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  804.231676][T13864] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  804.354434][T13864] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  804.848856][ T3560] Bluetooth: hci3: Opcode 0x2046 failed: -110
[  805.208158][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  805.282498][T13864] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  805.320983][ T4056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.379568][ T4056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  805.441473][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  805.606384][T13989] loop1: detected capacity change from 0 to 8
[  805.620729][T13989] cramfs: Unknown parameter 'cramfs'
[  805.702867][ T3561] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  805.710718][T13056] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  805.732869][ T3561] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  805.746623][ T3561] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  805.757450][ T3549] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  805.776107][ T3549] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  805.785704][ T3549] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  805.843039][T13993] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2231'.
[  805.878201][T13864] 8021q: adding VLAN 0 to HW filter on device bond0
[  805.970235][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  805.970803][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  805.994212][T13864] 8021q: adding VLAN 0 to HW filter on device team0
[  805.994667][T13990] ip6gretap0 speed is unknown, defaulting to 1000
[  806.164714][T14004] loop2: detected capacity change from 0 to 4096
[  806.185603][T14005] netlink: 'syz.3.2234': attribute type 12 has an invalid length.
[  806.215927][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  806.243169][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  806.243194][T14004] NILFS (loop2): invalid segment: Checksum error in segment payload
[  806.279083][T14004] NILFS (loop2): trying rollback from an earlier position
[  806.300673][ T3549] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260
[  806.303393][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state
[  806.309761][T14004] NILFS (loop2): recovery complete
[  806.310673][ T4292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  806.365524][T14010] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  806.490249][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  806.509573][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  806.539595][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  806.582935][   T14] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.590145][   T14] bridge0: port 2(bridge_slave_1) entered forwarding state
[  806.643004][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  807.539150][T14030] loop2: detected capacity change from 0 to 1024
[  807.553894][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  807.563550][T14030] ext4: Unknown parameter 'uid'
[  807.570272][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  807.584171][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  807.595626][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  807.615069][T14027] siw: device registration error -23
[  807.716485][ T5301] device hsr_slave_0 left promiscuous mode
[  807.735896][ T5301] device hsr_slave_1 left promiscuous mode
[  807.768346][ T5301] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  807.795923][ T5301] batman_adv: batadv0: Removing interface: batadv_slave_0
[  807.826368][ T5301] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  807.853968][ T5301] batman_adv: batadv0: Removing interface: batadv_slave_1
[  807.878012][ T5301] device bridge_slave_1 left promiscuous mode
[  807.897484][ T5301] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.939065][ T5301] device bridge_slave_0 left promiscuous mode
[  807.947480][ T5301] bridge0: port 1(bridge_slave_0) entered disabled state
[  808.055676][ T3549] Bluetooth: hci1: command tx timeout
[  808.097809][ T5301] device veth1_macvtap left promiscuous mode
[  808.105235][ T5301] device veth0_macvtap left promiscuous mode
[  808.136143][ T5301] device veth1_vlan left promiscuous mode
[  808.169335][ T5301] device veth0_vlan left promiscuous mode
[  808.438187][T14030] loop2: detected capacity change from 0 to 32768
[  808.456069][T14030] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.2240 (14030)
[  808.516511][T14030] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  808.532332][T14030] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  808.541095][T14030] BTRFS info (device loop2): using free space tree
[  808.781522][T14030] BTRFS info (device loop2): enabling ssd optimizations
[  809.764624][T13337] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  809.896739][T14061] loop3: detected capacity change from 0 to 8
[  809.912697][T14061] cramfs: Unknown parameter 'cramfs'
[  809.998231][T13056] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  810.133392][ T5301] team0 (unregistering): Port device team_slave_1 removed
[  810.184196][ T5301] team0 (unregistering): Port device team_slave_0 removed
[  810.226520][ T5301] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  810.284676][ T5301] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  810.309310][ T3549] Bluetooth: hci1: command tx timeout
[  810.675582][ T5301] bond0 (unregistering): Released all slaves
[  810.794213][T13864] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  810.805521][T13864] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  810.817141][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  810.826610][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  810.836144][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  810.844783][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  810.853525][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  810.862929][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  810.873778][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  810.971059][T14070] netlink: 'syz.1.2245': attribute type 12 has an invalid length.
[  811.158082][T13990] chnl_net:caif_netlink_parms(): no params data found
[  811.237041][T14074] loop3: detected capacity change from 0 to 4096
[  811.246251][ T3549] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260
[  811.269526][T14074] NILFS (loop3): invalid segment: Checksum error in segment payload
[  811.338468][T14074] NILFS (loop3): trying rollback from an earlier position
[  811.355614][ T3549] Bluetooth: hci5: unexpected event 0x2f length: 1017 > 260
[  811.408109][T14074] NILFS (loop3): recovery complete
[  811.457320][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  811.474104][ T5068] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  811.482256][T14091] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  811.518036][T13864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  811.536579][T13990] bridge0: port 1(bridge_slave_0) entered blocking state
[  811.544783][T13990] bridge0: port 1(bridge_slave_0) entered disabled state
[  811.579963][T13990] device bridge_slave_0 entered promiscuous mode
[  811.611044][T13990] bridge0: port 2(bridge_slave_1) entered blocking state
[  811.618166][T13990] bridge0: port 2(bridge_slave_1) entered disabled state
[  811.697163][T13990] device bridge_slave_1 entered promiscuous mode
[  811.979691][T13990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  812.029966][T13990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  812.110687][T14107] loop2: detected capacity change from 0 to 1024
[  812.173332][T13990] team0: Port device team_slave_0 added
[  812.180790][T14107] ext4: Unknown parameter 'uid'
[  812.238440][T13990] team0: Port device team_slave_1 added
[  812.283392][T13056] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  812.364083][T13990] batman_adv: batadv0: Adding interface: batadv_slave_0
[  812.382287][T13990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.408302][    C1] vkms_vblank_simulate: vblank timer overrun
[  812.481844][T13990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  812.500687][T13990] batman_adv: batadv0: Adding interface: batadv_slave_1
[  812.508159][T13990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.534107][    C1] vkms_vblank_simulate: vblank timer overrun
[  812.562733][ T3549] Bluetooth: hci1: command tx timeout
[  812.576871][T13990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  812.729362][T13990] device hsr_slave_0 entered promiscuous mode
[  812.761363][T13990] device hsr_slave_1 entered promiscuous mode
[  812.798182][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  812.848445][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  812.923480][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  812.954017][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  812.986667][T13864] device veth0_vlan entered promiscuous mode
[  813.071409][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  813.090759][ T5069] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  813.132609][T13864] device veth1_vlan entered promiscuous mode
[  813.212213][T14107] loop2: detected capacity change from 0 to 32768
[  813.284125][T14107] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.2252 (14107)
[  813.315618][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  813.325244][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  813.349050][T13864] device veth0_macvtap entered promiscuous mode
[  813.369361][T14107] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  813.384150][T13864] device veth1_macvtap entered promiscuous mode
[  813.397965][T14107] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  813.406706][T14107] BTRFS info (device loop2): using free space tree
[  813.477996][T13990] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.575529][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  813.649831][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  813.664920][T14107] BTRFS info (device loop2): enabling ssd optimizations
[  813.761788][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  813.786941][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  813.825153][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  813.846708][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  813.868709][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  813.890872][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  813.924747][T13864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  813.949888][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  813.971878][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  814.037305][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  814.101017][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  814.122195][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  814.244346][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  814.298496][T13864] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  814.385854][T13864] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  814.450321][T13864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  814.863820][ T3549] Bluetooth: hci1: command tx timeout
[  814.895010][T13990] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.914641][T13337] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  815.268112][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  815.316627][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  815.386048][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  815.415345][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  815.442759][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  815.470923][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  815.492285][T13864] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  815.543752][T13864] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  815.552505][T13864] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  815.573082][ T3560] Bluetooth: hci0: unexpected event 0x2f length: 1017 > 260
[  815.708675][T13864] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  815.782864][T13990] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.821259][T14150] netlink: 'syz.2.2255': attribute type 12 has an invalid length.
[  815.950241][ T3560] Bluetooth: hci5: unexpected event 0x2f length: 763 > 260
[  815.974924][T13990] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  816.094227][T14166] netlink: 'syz.1.2261': attribute type 29 has an invalid length.
[  816.134098][ T4056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  816.149476][ T4056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  816.164513][T14166] netlink: 'syz.1.2261': attribute type 29 has an invalid length.
[  816.181824][T14169] netlink: 'syz.1.2261': attribute type 29 has an invalid length.
[  816.221058][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  816.234871][T14166] netlink: 'syz.1.2261': attribute type 29 has an invalid length.
[  816.286336][T14164] Bluetooth: MGMT ver 1.22
[  816.292961][ T4056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  816.316437][ T4056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  816.373585][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  816.519731][T14177] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2264'.
[  816.554501][T13990] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  816.566626][T14177] siw: device registration error -23
[  816.649340][T13990] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  816.820713][T13990] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  816.877372][T13990] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  817.106549][T13990] 8021q: adding VLAN 0 to HW filter on device bond0
[  817.260975][T13990] 8021q: adding VLAN 0 to HW filter on device team0
[  817.294436][T14191] netlink: 'syz.3.2267': attribute type 12 has an invalid length.
[  817.339697][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  817.360479][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  817.574663][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  817.594783][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  817.624813][ T3902] bridge0: port 1(bridge_slave_0) entered blocking state
[  817.632003][ T3902] bridge0: port 1(bridge_slave_0) entered forwarding state
[  817.658212][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  817.680735][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  817.695197][ T3902] bridge0: port 2(bridge_slave_1) entered blocking state
[  817.702380][ T3902] bridge0: port 2(bridge_slave_1) entered forwarding state
[  817.749736][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  817.789729][ T3902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  817.811180][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  817.913151][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  817.964075][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  817.981165][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  817.999961][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  818.010700][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  818.019837][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  818.146767][T13990] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  818.189738][T13990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  818.255455][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  818.294873][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  818.332786][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  819.278598][T14211] netlink: 'syz.1.2272': attribute type 29 has an invalid length.
[  819.335193][T14211] netlink: 'syz.1.2272': attribute type 29 has an invalid length.
[  819.388815][T14213] netlink: 'syz.1.2272': attribute type 29 has an invalid length.
[  819.467100][T14211] netlink: 'syz.1.2272': attribute type 29 has an invalid length.
[  819.637935][T14217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  819.985601][ T3560] Bluetooth: hci5: unexpected event 0x2f length: 1017 > 260
[  820.121237][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  820.149146][ T3594] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  820.199387][T13990] 8021q: adding VLAN 0 to HW filter on device batadv0
[  820.339904][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  820.361886][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  820.606235][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  820.625706][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  820.627207][T14239] loop1: detected capacity change from 0 to 1024
[  820.637713][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  820.655990][ T3993] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  820.877788][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  821.175057][T14239] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  821.198072][ T3993] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  821.290741][T14239] EXT4-fs (loop1): orphan cleanup on readonly fs
[  821.392948][T14239] EXT4-fs error (device loop1): ext4_free_blocks:6213: comm syz.1.2281: Freeing blocks not in datazone - block = 0, count = 4096
[  821.414180][ T3993] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  821.416012][T13990] device veth0_vlan entered promiscuous mode
[  821.442629][T14239] EXT4-fs (loop1): 1 orphan inode deleted
[  821.451192][T14239] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  821.504287][T14247] loop4: detected capacity change from 0 to 2048
[  821.531922][T13741] EXT4-fs (loop1): unmounting filesystem.
[  821.586686][T14247] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  821.599053][ T3993] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  821.608162][ T3993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.621203][ T5301] device hsr_slave_0 left promiscuous mode
[  821.629971][T14252] netlink: 'syz.1.2283': attribute type 29 has an invalid length.
[  821.640342][ T5301] device hsr_slave_1 left promiscuous mode
[  821.647755][ T5301] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  821.656185][ T5301] batman_adv: batadv0: Removing interface: batadv_slave_0
[  821.665410][ T5301] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  821.673875][ T5301] batman_adv: batadv0: Removing interface: batadv_slave_1
[  821.692773][ T3993] usb 3-1: Product: syz
[  821.696497][ T5301] device bridge_slave_1 left promiscuous mode
[  821.697463][ T3993] usb 3-1: Manufacturer: syz
[  821.718402][ T5301] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.734763][ T3993] usb 3-1: SerialNumber: syz
[  821.762307][ T5301] device bridge_slave_0 left promiscuous mode
[  821.768576][ T5301] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.805299][T13864] EXT4-fs (loop4): unmounting filesystem.
[  821.856580][ T5301] device veth1_macvtap left promiscuous mode
[  821.865644][ T5301] device veth0_macvtap left promiscuous mode
[  821.886785][ T5301] device veth1_vlan left promiscuous mode
[  821.894295][ T5301] device veth0_vlan left promiscuous mode
[  822.570087][ T3993] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  822.576559][ T3993] cdc_ncm 3-1:1.0: bind() failure
[  822.596510][ T3993] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  822.603433][ T3993] cdc_ncm 3-1:1.1: bind() failure
[  822.786699][ T5301] team0 (unregistering): Port device team_slave_1 removed
[  822.880941][ T5301] team0 (unregistering): Port device team_slave_0 removed
[  822.959436][ T5301] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  823.034674][ T5301] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  823.716886][ T3993] usb 3-1: USB disconnect, device number 24
[  824.808211][ T5301] bond0 (unregistering): Released all slaves
[  824.969295][T14281] loop2: detected capacity change from 0 to 4096
[  824.987060][T14281] NILFS (loop2): invalid segment: Checksum error in segment payload
[  824.995255][T14281] NILFS (loop2): trying rollback from an earlier position
[  825.025347][T14281] NILFS (loop2): recovery complete
[  825.049031][T14252] netlink: 'syz.1.2283': attribute type 29 has an invalid length.
[  825.063525][T14286] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  825.074445][T14267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2287'.
[  825.129812][T14267] netlink: 'syz.4.2287': attribute type 5 has an invalid length.
[  825.139555][T14281] overlayfs: failed to resolve './file1': -2
[  825.157139][T14267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2287'.
[  825.191375][T13990] device veth1_vlan entered promiscuous mode
[  825.204233][T14289] loop1: detected capacity change from 0 to 2048
[  825.284688][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  825.294175][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  825.306419][T13990] device veth0_macvtap entered promiscuous mode
[  825.319992][T13990] device veth1_macvtap entered promiscuous mode
[  825.337565][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.348944][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.357358][T14289] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  825.358816][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.358833][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.358848][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.358860][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.358875][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.358885][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.360293][T13990] batman_adv: batadv0: Interface activated: batadv_slave_0
[  825.439550][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  825.449684][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  825.458026][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  825.466854][ T3905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  825.478584][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.490409][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.507444][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.518200][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.528568][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.539563][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.549457][T13990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.569677][T13990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.587446][T13741] EXT4-fs (loop1): unmounting filesystem.
[  825.596315][T13990] batman_adv: batadv0: Interface activated: batadv_slave_1
[  825.604378][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  825.614158][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  825.628485][T13990] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  825.649776][T13990] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  825.670799][T13990] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  825.703671][T13990] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  825.716018][ T3560] Bluetooth: Wrong link type (-57)
[  825.757204][ T3560] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  826.029305][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  826.068435][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  826.107953][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  826.132210][T14309] loop1: detected capacity change from 0 to 1764
[  826.221708][ T4056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  826.241191][ T4056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  826.698960][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  827.004069][T14320] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  827.010620][T14320] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  827.869190][T14320] vhci_hcd vhci_hcd.0: Device attached
[  827.882483][T14316] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  827.889036][T14316] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  827.948729][T14316] vhci_hcd vhci_hcd.0: Device attached
[  827.981802][T14321] vhci_hcd: connection closed
[  827.982196][   T46] vhci_hcd: stop threads
[  828.015505][T14323] vhci_hcd: connection closed
[  828.042480][   T46] vhci_hcd: release socket
[  828.128367][   T46] vhci_hcd: disconnect device
[  828.147507][   T46] vhci_hcd: stop threads
[  828.162683][   T27] audit: type=1107 audit(1721415505.757:34): pid=14329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='›–H«=†ÙÐÇ+äó,œk¬c¸�´e*M›½M;_ÝûÒê)Jñ~$±ìCß¾	¸ÆÄfXêHuAg’,î8XÙ¯‹mHåzü|/…?ÕŸSZk²�¦¯QÓK(�~ù´åµIAÏ(Ý•ZðŠRbôÅ^†Ê¤<�öƒ=Vƒ‡L§Pþ¶{Y�Ÿ§X€À”•}\Zd;é—‘"ŒíƒÈ(¶œÈ_3�U!�@#Z&wéâj'
[  828.231966][   T46] vhci_hcd: release socket
[  828.255621][T14331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2304'.
[  828.309389][   T46] vhci_hcd: disconnect device
[  828.738302][ T4294] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  829.019827][ T3902] vhci_hcd: vhci_device speed not set
[  829.051669][T14343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2307'.
[  829.074394][T14343] netlink: 'syz.0.2307': attribute type 5 has an invalid length.
[  829.082181][T14343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2307'.
[  829.314894][ T4294] usb 2-1: config 0 has no interfaces?
[  829.331074][ T4294] usb 2-1: New USB device found, idVendor=12d1, idProduct=1c1f, bcdDevice=63.46
[  829.374593][ T4294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  829.429233][ T4294] usb 2-1: config 0 descriptor??
[  830.320045][ T3594] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  830.336338][T14353] netlink: 'syz.0.2310': attribute type 12 has an invalid length.
[  830.742698][ T3594] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping
[  830.764120][ T3594] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  830.784975][ T3594] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.812059][ T3594] usb 4-1: config 0 descriptor??
[  831.325049][T14348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  831.353280][T14348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  831.364364][ T5069] usb 2-1: USB disconnect, device number 27
[  831.425366][ T3594] ath6kl: Failed to read usb control message: -71
[  831.451351][ T3594] ath6kl: Unable to read the bmi data from the device: -71
[  831.469132][ T3594] ath6kl: Unable to recv target info: -71
[  831.501453][ T3594] ath6kl: Failed to init ath6kl core: -71
[  831.596257][ T3594] ath6kl_usb: probe of 4-1:0.0 failed with error -71
[  831.635695][ T3594] usb 4-1: USB disconnect, device number 28
[  832.727744][T14377] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  832.734293][T14377] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  832.806668][T14383] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2318'.
[  832.836310][T14377] vhci_hcd vhci_hcd.0: Device attached
[  832.878707][T14379] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  832.885351][T14379] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  832.898267][T14383] netlink: 'syz.3.2318': attribute type 5 has an invalid length.
[  832.930297][T14383] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2318'.
[  832.954452][T14379] vhci_hcd vhci_hcd.0: Device attached
[  833.015761][T14386] vhci_hcd: connection closed
[  833.015997][T14380] vhci_hcd: connection closed
[  833.025577][ T4056] vhci_hcd: stop threads
[  833.082484][ T4056] vhci_hcd: release socket
[  833.110893][ T4056] vhci_hcd: disconnect device
[  833.136545][ T4056] vhci_hcd: stop threads
[  833.157868][ T4056] vhci_hcd: release socket
[  833.170133][ T3991] usb 14-1: SetAddress Request (23) to port 0
[  833.179048][ T3991] usb 14-1: new SuperSpeed USB device number 23 using vhci_hcd
[  833.195724][ T4056] vhci_hcd: disconnect device
[  833.256107][ T3991] usb 14-1: enqueue for inactive port 0
[  833.262878][T14389] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  833.712745][ T3991] usb usb14-port1: attempt power cycle
[  833.787751][T14394] netlink: 'syz.4.2321': attribute type 12 has an invalid length.
[  833.807762][ T3594] vhci_hcd: vhci_device speed not set
[  834.788604][T14407] loop1: detected capacity change from 0 to 4096
[  834.852377][T14407] NILFS (loop1): invalid segment: Checksum error in segment payload
[  834.870280][T14407] NILFS (loop1): trying rollback from an earlier position
[  834.910325][T14407] NILFS (loop1): recovery complete
[  834.924048][T14408] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  834.977960][T14407] overlayfs: upper fs does not support tmpfile.
[  834.993408][T14407] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  835.005326][T14407] overlayfs: failed to set xattr on upper
[  835.024473][T14407] overlayfs: ...falling back to index=off,metacopy=off.
[  835.036305][T14407] overlayfs: failed to resolve './file0': -2
[  835.291908][ T3991] usb usb14-port1: unable to enumerate USB device
[  835.295842][T14413] loop0: detected capacity change from 0 to 1024
[  835.580647][T14413] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  835.590809][T14413] EXT4-fs (loop0): orphan cleanup on readonly fs
[  835.597614][T14413] EXT4-fs error (device loop0): ext4_free_blocks:6213: comm syz.0.2326: Freeing blocks not in datazone - block = 0, count = 4096
[  835.611894][T14413] EXT4-fs (loop0): 1 orphan inode deleted
[  835.618140][T14413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  836.132434][T13990] EXT4-fs (loop0): unmounting filesystem.
[  837.595396][T14434] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  837.602050][T14434] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  837.628958][T14434] vhci_hcd vhci_hcd.0: Device attached
[  837.673039][T14434] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  837.679699][T14434] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  837.724580][T14434] vhci_hcd vhci_hcd.0: Device attached
[  837.765225][T14438] vhci_hcd: connection closed
[  837.765458][ T6704] vhci_hcd: stop threads
[  837.765724][T14435] vhci_hcd: connection closed
[  837.770167][ T6704] vhci_hcd: release socket
[  837.770189][ T6704] vhci_hcd: disconnect device
[  837.798206][T14441] netlink: 'syz.2.2333': attribute type 12 has an invalid length.
[  837.830075][ T6704] vhci_hcd: stop threads
[  837.834360][ T6704] vhci_hcd: release socket
[  837.850036][ T6704] vhci_hcd: disconnect device
[  838.137291][T14450] 9pnet_virtio: no channels available for device 
[  838.154901][T14450] loop2: detected capacity change from 0 to 512
[  838.161661][T14450] ext3: Unknown parameter 'fsname'
[  838.198437][T13056] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  838.368586][T14432] loop1: detected capacity change from 0 to 40427
[  838.401064][T14432] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  838.421450][T14432] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  838.438941][T14454] loop4: detected capacity change from 0 to 4096
[  838.447001][T14432] F2FS-fs (loop1): invalid crc value
[  838.529132][T14432] F2FS-fs (loop1): Found nat_bits in checkpoint
[  838.560233][T14454] NILFS (loop4): invalid segment: Checksum error in segment payload
[  838.603647][T14454] NILFS (loop4): trying rollback from an earlier position
[  838.606060][T14458] ip6gretap0 speed is unknown, defaulting to 1000
[  838.636284][T14454] NILFS (loop4): recovery complete
[  838.668589][T14460] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  838.700073][T14454] overlayfs: upper fs does not support tmpfile.
[  838.735228][T14432] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  838.735252][T14454] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  838.750284][T14454] overlayfs: failed to set xattr on upper
[  838.757199][T14432] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  838.759004][T14454] overlayfs: ...falling back to index=off,metacopy=off.
[  838.775954][T14454] overlayfs: overlapping lowerdir path
[  838.844762][   T27] audit: type=1800 audit(1721415515.615:35): pid=14432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2331" name="bus" dev="loop1" ino=10 res=0 errno=0
[  838.845450][T14432] syz.1.2331: attempt to access beyond end of device
[  838.845450][T14432] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  838.868261][T14464] loop3: detected capacity change from 0 to 1024
[  838.968256][T13741] syz-executor: attempt to access beyond end of device
[  838.968256][T13741] loop1: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  839.022526][T14464] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  839.099864][T14464] EXT4-fs (loop3): orphan cleanup on readonly fs
[  839.160912][T14464] EXT4-fs error (device loop3): ext4_free_blocks:6213: comm syz.3.2340: Freeing blocks not in datazone - block = 0, count = 4096
[  839.207731][T14464] EXT4-fs (loop3): 1 orphan inode deleted
[  839.222487][T14464] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  839.305906][ T8640] EXT4-fs (loop3): unmounting filesystem.
[  839.689916][T14478] netlink: 'syz.4.2345': attribute type 12 has an invalid length.
[  840.517885][T14472] loop3: detected capacity change from 0 to 1764
[  840.955377][ T3560] Bluetooth: hci0: unexpected event 0x2f length: 1017 > 260
[  841.244365][T14497] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  841.258243][T14497] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  841.428213][T14497] vhci_hcd vhci_hcd.0: Device attached
[  841.522557][T14501] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  841.529112][T14501] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  841.663870][T14501] vhci_hcd vhci_hcd.0: Device attached
[  841.678175][T14502] vhci_hcd: connection closed
[  841.678536][ T5301] vhci_hcd: stop threads
[  841.690368][T14499] vhci_hcd: connection closed
[  841.695974][ T5301] vhci_hcd: release socket
[  841.739657][ T5301] vhci_hcd: disconnect device
[  841.773930][ T5301] vhci_hcd: stop threads
[  841.798391][ T5301] vhci_hcd: release socket
[  841.804313][ T4294] usb 10-1: SetAddress Request (18) to port 0
[  841.812718][ T4294] usb 10-1: new SuperSpeed USB device number 18 using vhci_hcd
[  841.853745][ T5301] vhci_hcd: disconnect device
[  841.893996][ T4294] usb 10-1: enqueue for inactive port 0
[  842.346655][ T4294] usb usb10-port1: attempt power cycle
[  842.455814][T14513] loop0: detected capacity change from 0 to 4096
[  842.561571][T14513] NILFS (loop0): invalid segment: Checksum error in segment payload
[  842.584096][T14513] NILFS (loop0): trying rollback from an earlier position
[  842.636882][T14513] NILFS (loop0): recovery complete
[  842.732181][T14516] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  843.040472][ T4294] usb usb10-port1: unable to enumerate USB device
[  843.577683][ T3549] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  843.603929][ T3561] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  843.612619][ T3561] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  843.635722][ T3561] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  843.644206][ T3561] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  843.651841][ T3561] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  843.711004][T14529] netlink: 'syz.3.2357': attribute type 12 has an invalid length.
[  843.789349][T14524] ip6gretap0 speed is unknown, defaulting to 1000
[  843.999294][ T3560] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  844.348730][T14545] loop2: detected capacity change from 0 to 1764
[  844.410111][T14524] chnl_net:caif_netlink_parms(): no params data found
[  844.660653][T14524] bridge0: port 1(bridge_slave_0) entered blocking state
[  844.688734][T14524] bridge0: port 1(bridge_slave_0) entered disabled state
[  844.711744][T14524] device bridge_slave_0 entered promiscuous mode
[  844.754097][T14524] bridge0: port 2(bridge_slave_1) entered blocking state
[  844.778072][T14524] bridge0: port 2(bridge_slave_1) entered disabled state
[  844.826053][T14524] device bridge_slave_1 entered promiscuous mode
[  844.921735][T14524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  845.021391][T14524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  845.262232][T14524] team0: Port device team_slave_0 added
[  845.275758][T14524] team0: Port device team_slave_1 added
[  845.423986][T14524] batman_adv: batadv0: Adding interface: batadv_slave_0
[  845.437038][T14524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.521811][T14524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  845.552856][T14524] batman_adv: batadv0: Adding interface: batadv_slave_1
[  845.560112][T14524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.691124][T14524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  845.932767][ T3560] Bluetooth: hci2: command tx timeout
[  846.726183][ T6704] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  846.836816][T14524] device hsr_slave_0 entered promiscuous mode
[  846.864894][T14524] device hsr_slave_1 entered promiscuous mode
[  846.873096][T14524] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  846.995774][T14524] Cannot create hsr debugfs directory
[  847.003727][T14573] netlink: 'syz.3.2369': attribute type 12 has an invalid length.
[  847.033477][ T6704] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  847.128736][ T6704] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  847.263817][ T3560] Bluetooth: hci5: unexpected event 0x2f length: 1017 > 260
[  847.310513][ T6704] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  847.488555][ T3560] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  847.792101][T14593] loop1: detected capacity change from 0 to 1764
[  848.131433][ T5068] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  848.186251][ T3560] Bluetooth: hci2: command tx timeout
[  848.533835][ T5068] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping
[  848.545877][ T5068] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  848.555900][ T5068] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  848.585456][ T5068] usb 4-1: config 0 descriptor??
[  848.857488][ T4291] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  848.868558][T14619] loop0: detected capacity change from 0 to 1024
[  848.901726][T14619] ext4: Unknown parameter 'uid'
[  848.973518][ T3625] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  849.012908][T14617] siw: device registration error -23
[  849.097485][T14596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  849.110013][T14596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  849.135256][ T4291] usb 2-1: Using ep0 maxpacket: 16
[  849.160805][ T5068] ath6kl: Failed to read usb control message: -71
[  849.171519][ T5068] ath6kl: Unable to read the bmi data from the device: -71
[  849.219837][ T5068] ath6kl: Unable to recv target info: -71
[  849.239174][ T5068] ath6kl: Failed to init ath6kl core: -71
[  849.251856][T14524] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  849.303313][T14524] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  849.310598][ T5068] ath6kl_usb: probe of 4-1:0.0 failed with error -71
[  849.326454][ T5068] usb 4-1: USB disconnect, device number 29
[  849.337673][T14524] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  849.365157][T14524] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  849.464783][ T4291] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  849.484774][ T4291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.504242][ T4291] usb 2-1: Product: syz
[  849.521361][ T6704] device hsr_slave_0 left promiscuous mode
[  849.525135][ T4291] usb 2-1: Manufacturer: syz
[  849.537360][ T6704] device hsr_slave_1 left promiscuous mode
[  849.544647][ T4291] usb 2-1: SerialNumber: syz
[  849.555498][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  849.570497][ T4291] usb 2-1: config 0 descriptor??
[  849.574116][ T6704] batman_adv: batadv0: Removing interface: batadv_slave_0
[  849.594540][ T6704] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  849.616191][ T6704] batman_adv: batadv0: Removing interface: batadv_slave_1
[  849.627462][ T6704] device bridge_slave_1 left promiscuous mode
[  849.634031][ T6704] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.654255][T14619] loop0: detected capacity change from 0 to 32768
[  849.662094][ T6704] device bridge_slave_0 left promiscuous mode
[  849.670861][T14619] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.2379 (14619)
[  849.679369][ T6704] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.730508][T14619] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  849.746255][ T6704] device veth1_macvtap left promiscuous mode
[  849.752342][ T6704] device veth0_macvtap left promiscuous mode
[  849.765751][T14619] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  849.778335][ T6704] device veth1_vlan left promiscuous mode
[  849.784205][T14619] BTRFS info (device loop0): using free space tree
[  849.809713][ T6704] device veth0_vlan left promiscuous mode
[  849.865056][ T4291] usb 2-1: Limiting number of CPorts to U8_MAX
[  849.871600][ T4291] usb 2-1: Not enough endpoints found in device, aborting!
[  849.996688][T14619] BTRFS info (device loop0): enabling ssd optimizations
[  850.176328][T14609] nbd: must specify a device to reconfigure
[  850.247863][ T4291] usb 2-1: USB disconnect, device number 28
[  851.809126][ T3560] Bluetooth: hci2: command tx timeout
[  851.962971][T13990] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  852.515750][ T6704] team0 (unregistering): Port device team_slave_1 removed
[  852.604006][ T3560] Bluetooth: hci0: unexpected event 0x2f length: 1017 > 260
[  852.647114][ T6704] team0 (unregistering): Port device team_slave_0 removed
[  852.740582][T14681] loop0: detected capacity change from 0 to 1764
[  852.786069][ T6704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  853.038135][ T6704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  853.977303][ T6704] bond0 (unregistering): Released all slaves
[  853.997618][ T3560] Bluetooth: hci2: command tx timeout
[  854.085586][T14648] netlink: 'syz.3.2382': attribute type 12 has an invalid length.
[  854.177520][T14524] 8021q: adding VLAN 0 to HW filter on device bond0
[  854.217636][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  854.255075][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  854.289518][T14524] 8021q: adding VLAN 0 to HW filter on device team0
[  854.312263][T14695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2391'.
[  854.326990][T14696] loop1: detected capacity change from 0 to 1024
[  854.344409][T14696] ext4: Unknown parameter 'uid'
[  854.355346][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  854.368732][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  854.377709][ T3626] bridge0: port 1(bridge_slave_0) entered blocking state
[  854.384849][ T3626] bridge0: port 1(bridge_slave_0) entered forwarding state
[  854.393775][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  854.402581][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  854.411457][ T3626] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.418612][ T3626] bridge0: port 2(bridge_slave_1) entered forwarding state
[  854.439396][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  854.447435][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  854.456522][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  854.465436][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  854.475677][ T3991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  854.508431][T13056] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  854.587686][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  854.599147][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  854.631332][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  854.650744][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  854.679154][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  854.693261][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  854.710172][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  854.721416][T14524] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  854.737051][T14700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2394'.
[  854.746995][T14700] netlink: 'syz.0.2394': attribute type 5 has an invalid length.
[  854.755835][T14700] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2394'.
[  855.021995][ T5068] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  855.115127][T14696] loop1: detected capacity change from 0 to 32768
[  855.133074][T14696] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.2392 (14696)
[  855.164428][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  855.171167][T14696] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  855.171903][ T3993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  855.247927][T14696] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  855.256985][T14524] 8021q: adding VLAN 0 to HW filter on device batadv0
[  855.288683][T14696] BTRFS info (device loop1): using free space tree
[  855.316565][ T3560] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  855.412258][ T5068] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  855.424994][ T5068] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  855.441281][ T5068] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.451762][ T5068] usb 4-1: config 0 descriptor??
[  855.530277][T14696] BTRFS info (device loop1): enabling ssd optimizations
[  857.356520][T14726] loop2: detected capacity change from 0 to 1764
[  857.375317][T13741] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  858.149293][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  858.181714][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  858.206473][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  858.248026][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  858.278171][T14524] device veth0_vlan entered promiscuous mode
[  858.371689][T14524] device veth1_vlan entered promiscuous mode
[  858.422102][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  858.438082][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  858.621234][ T3900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  858.651072][ T3900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  858.687871][T14524] device veth0_macvtap entered promiscuous mode
[  858.699682][ T3560] Bluetooth: Wrong link type (-71)
[  858.726696][ T3560] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  858.779254][T14524] device veth1_macvtap entered promiscuous mode
[  858.861941][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  858.875771][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  858.942624][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  859.002051][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.041498][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  859.091371][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.136480][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  859.196706][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.259619][T14524] batman_adv: batadv0: Interface activated: batadv_slave_0
[  859.323750][T14764] netlink: 'syz.1.2400': attribute type 12 has an invalid length.
[  859.373966][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  859.404585][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  859.472129][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  859.485415][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  859.499608][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  859.551770][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.637103][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  859.662251][ T3290] usb 4-1: USB disconnect, device number 30
[  859.714394][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.753818][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  859.789661][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.816698][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  859.870927][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  859.900824][T14524] batman_adv: batadv0: Interface activated: batadv_slave_1
[  859.933038][ T3900] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  859.953096][ T3900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  859.987958][T14524] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  860.011586][T14524] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  860.037087][T14524] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  860.070717][T14524] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  860.330583][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  860.339038][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  860.368506][ T3890] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  860.390068][ T3890] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  860.407956][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  860.433718][ T3900] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  860.676679][T14784] 9pnet_virtio: no channels available for device 
[  860.690168][T14784] loop4: detected capacity change from 0 to 512
[  860.697444][T14784] ext3: Unknown parameter 'fsname'
[  860.740362][T13056] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  861.484192][T14798] netlink: 'syz.0.2412': attribute type 12 has an invalid length.
[  861.566867][T14797] loop3: detected capacity change from 0 to 1764
[  861.849635][T14806] device team_slave_0 entered promiscuous mode
[  861.856343][T14806] device team_slave_1 entered promiscuous mode
[  861.913154][T14806] device vlan2 entered promiscuous mode
[  861.935817][T14806] device team0 entered promiscuous mode
[  861.957308][T14808] loop0: detected capacity change from 0 to 1024
[  861.983577][T14808] ext4: Unknown parameter 'uid'
[  861.989778][T14806] device team0 left promiscuous mode
[  861.999662][T14806] device team_slave_0 left promiscuous mode
[  862.005698][T14806] device team_slave_1 left promiscuous mode
[  862.546177][ T3560] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260
[  862.894573][T14808] loop0: detected capacity change from 0 to 32768
[  862.963949][T14808] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.2415 (14808)
[  863.031549][T14808] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  863.059827][T14808] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  863.100383][T14808] BTRFS info (device loop0): using free space tree
[  863.357222][T14808] BTRFS info (device loop0): enabling ssd optimizations
[  863.948604][ T3593] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  864.343426][ T3593] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  864.364808][ T3593] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  864.395666][ T3593] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  864.429382][ T3593] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  864.439949][ T3900] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  864.472699][ T3593] usb 5-1: config 0 descriptor??
[  864.705382][T14867] netlink: 'syz.3.2424': attribute type 12 has an invalid length.
[  864.913955][ T3900] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  864.974809][ T3900] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  864.988180][ T3593] magicmouse 0003:05AC:0269.0007: item fetching failed at offset 6/7
[  865.008568][ T3593] magicmouse 0003:05AC:0269.0007: magicmouse hid parse failed
[  865.029852][ T3900] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  865.048321][ T3593] magicmouse: probe of 0003:05AC:0269.0007 failed with error -22
[  865.543116][T13990] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  865.591456][ T3560] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  865.639962][ T3900] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  865.653408][ T3900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.662669][ T3900] usb 3-1: Product: syz
[  865.667428][ T3900] usb 3-1: Manufacturer: syz
[  865.684412][ T3900] usb 3-1: SerialNumber: syz
[  865.913619][T14875] loop1: detected capacity change from 0 to 1764
[  866.132221][T14836] netlink: 892 bytes leftover after parsing attributes in process `syz.4.2421'.
[  866.353299][T14885] 9pnet_virtio: no channels available for device 
[  866.365446][T14885] loop0: detected capacity change from 0 to 512
[  866.372168][T14885] ext3: Unknown parameter 'fsname'
[  866.413515][ T3625] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  866.674885][ T3560] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260
[  866.936231][ T3900] cdc_ncm 3-1:1.0: bind() failure
[  866.965284][ T3900] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  866.983175][ T3900] cdc_ncm 3-1:1.1: bind() failure
[  867.163348][ T3900] usb 3-1: USB disconnect, device number 25
[  867.322200][ T3290] usb 5-1: USB disconnect, device number 24
[  867.476699][ T3560] Bluetooth: hci2: unexpected event 0x2f length: 763 > 260
[  867.930441][T14906] loop3: detected capacity change from 0 to 1024
[  868.111043][T14906] ext4: Unknown parameter 'uid'
[  868.272925][T14912] netlink: 'syz.4.2436': attribute type 12 has an invalid length.
[  868.690735][T14918] loop0: detected capacity change from 0 to 1024
[  868.725339][T14918] ext4: Unknown parameter 'uid'
[  869.088873][T14876] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  869.113290][T14903] loop3: detected capacity change from 0 to 32768
[  869.146146][T14903] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2434 (14903)
[  869.214165][T14903] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  869.247117][T14903] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  869.291087][T14903] BTRFS info (device loop3): using free space tree
[  869.507614][T14876] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping
[  869.536133][T14918] loop0: detected capacity change from 0 to 32768
[  869.555053][T14876] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  869.557710][T14918] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz.0.2438 (14918)
[  869.565887][T14903] BTRFS info (device loop3): enabling ssd optimizations
[  869.597197][ T3625] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by udevd (3625)
[  869.634649][T14876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  869.693220][ T1254] ieee802154 phy0 wpan0: encryption failed: -22
[  869.699620][ T1254] ieee802154 phy1 wpan1: encryption failed: -22
[  869.706507][ T3560] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  870.205188][T14876] usb 5-1: config 0 descriptor??
[  872.331058][T14939] loop1: detected capacity change from 0 to 1764
[  872.405475][ T3560] Bluetooth: hci1: unexpected event 0x2f length: 1017 > 260
[  872.475975][T14876] ath6kl: Failed to submit usb control message: -71
[  872.486510][T14876] ath6kl: unable to send the bmi data to the device: -71
[  872.508084][T14876] ath6kl: Unable to send get target info: -71
[  872.554165][T14876] ath6kl: Failed to init ath6kl core: -71
[  872.799392][ T8640] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  872.818254][T14876] ath6kl_usb: probe of 5-1:0.0 failed with error -71
[  872.842653][T14876] usb 5-1: USB disconnect, device number 25
[  873.191151][ T3991] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  873.851949][ T3996] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  873.981853][ T3290] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  874.037309][ T3991] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  874.059717][ T3991] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  874.133588][ T3991] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.144866][ T3991] usb 1-1: config 0 descriptor??
[  874.252735][ T3290] usb 4-1: Using ep0 maxpacket: 16
[  874.605902][ T3996] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  874.620825][ T3996] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  874.630946][ T3996] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  874.640077][ T3996] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.650630][ T3996] usb 5-1: config 0 descriptor??
[  874.664638][ T3290] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  874.690805][ T3290] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  874.776700][ T3290] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  874.828273][ T3290] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.876531][ T3290] usb 4-1: config 0 descriptor??
[  875.371880][ T3996] magicmouse 0003:05AC:0269.0008: item fetching failed at offset 6/7
[  875.396727][ T3996] magicmouse 0003:05AC:0269.0008: magicmouse hid parse failed
[  875.416615][ T3996] magicmouse: probe of 0003:05AC:0269.0008 failed with error -22
[  876.381804][T14958] netlink: 892 bytes leftover after parsing attributes in process `syz.4.2443'.
[  876.815810][T14997] loop3: detected capacity change from 0 to 1024
[  876.830398][T14997] ext4: Unknown parameter 'uid'
[  876.835906][ T3290] usbhid 4-1:0.0: can't add hid device: -71
[  876.842235][ T3290] usbhid: probe of 4-1:0.0 failed with error -71
[  876.862779][ T3290] usb 4-1: USB disconnect, device number 31
[  876.943255][ T3594] usb 1-1: USB disconnect, device number 25
[  877.061927][ T4298] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  877.300540][T15001] loop1: detected capacity change from 0 to 1024
[  877.319666][T15001] ext4: Unknown parameter 'uid'
[  877.351526][ T4298] usb 3-1: Using ep0 maxpacket: 16
[  877.375258][T13056] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  877.406661][T14997] loop3: detected capacity change from 0 to 32768
[  877.433205][T14997] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2451 (14997)
[  877.481115][T14997] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  877.491581][T14997] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  877.506109][T14997] BTRFS info (device loop3): using free space tree
[  877.637900][T14997] BTRFS info (device loop3): enabling ssd optimizations
[  877.685874][ T3997] usb 5-1: USB disconnect, device number 26
[  877.709133][ T4298] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  877.719798][ T4298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.727994][ T4298] usb 3-1: Product: syz
[  877.743748][ T4298] usb 3-1: Manufacturer: syz
[  877.754120][ T4298] usb 3-1: SerialNumber: syz
[  877.928122][T15001] loop1: detected capacity change from 0 to 32768
[  877.928337][ T4298] usb 3-1: config 0 descriptor??
[  877.965822][T15001] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz.1.2453 (15001)
[  877.976467][ T3560] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260
[  877.990629][ T4772] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by udevd (4772)
[  880.480026][ T4298] usb 3-1: Limiting number of CPorts to U8_MAX
[  880.512530][ T4298] usb 3-1: Not enough endpoints found in device, aborting!
[  880.540357][ T8640] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  880.549723][ T4298] usb 3-1: USB disconnect, device number 26
[  880.958695][T15043] loop2: detected capacity change from 0 to 4096
[  881.109272][T15043] NILFS (loop2): invalid segment: Checksum error in segment payload
[  881.183475][T15043] NILFS (loop2): trying rollback from an earlier position
[  881.291670][T15043] NILFS (loop2): recovery complete
[  881.319396][T15049] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  881.379861][T15043] overlayfs: missing 'lowerdir'
[  881.697709][ T3560] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  881.934215][  T153] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  882.433468][  T153] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping
[  882.459550][  T153] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  882.493039][  T153] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.527256][  T153] usb 4-1: config 0 descriptor??
[  882.675452][T15066] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  882.682087][T15066] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  882.703547][T15066] vhci_hcd vhci_hcd.0: Device attached
[  882.875060][T15066] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  882.881857][T15066] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  882.898588][T15066] vhci_hcd vhci_hcd.0: Device attached
[  883.081647][T15053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  883.196811][T15072] vhci_hcd: connection closed
[  883.197166][T15067] vhci_hcd: connection closed
[  883.202656][ T3890] vhci_hcd: stop threads
[  883.215524][ T3890] vhci_hcd: release socket
[  883.220443][ T3890] vhci_hcd: disconnect device
[  883.223759][T15053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  883.233245][ T3890] vhci_hcd: stop threads
[  883.240732][ T3890] vhci_hcd: release socket
[  883.248541][ T3890] vhci_hcd: disconnect device
[  883.288651][  T153] ath6kl: Failed to read usb control message: -71
[  883.296034][  T153] ath6kl: Unable to read the bmi data from the device: -71
[  883.321044][  T153] ath6kl: Unable to recv target info: -71
[  883.327785][  T153] ath6kl: Failed to init ath6kl core: -71
[  883.372900][  T153] ath6kl_usb: probe of 4-1:0.0 failed with error -71
[  883.440299][  T153] usb 4-1: USB disconnect, device number 32
[  884.010579][T15084] loop1: detected capacity change from 0 to 1024
[  884.011104][T15081] loop0: detected capacity change from 0 to 1024
[  884.017835][T15084] ext4: Unknown parameter 'uid'
[  884.099835][T15081] ext4: Unknown parameter 'uid'
[  884.680526][T15081] loop0: detected capacity change from 0 to 32768
[  884.708097][T15081] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.2466 (15081)
[  884.727818][T15081] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  884.739233][T15081] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  884.749013][T15081] BTRFS info (device loop0): using free space tree
[  884.957068][T15081] BTRFS info (device loop0): enabling ssd optimizations
[  885.199960][T15084] loop1: detected capacity change from 0 to 32768
[  885.373750][T15084] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz.1.2467 (15084)
[  885.976525][T13056] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by udevd (13056)
[  887.466965][T15128] loop3: detected capacity change from 0 to 1024
[  887.526412][T15128] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  887.546174][T15128] EXT4-fs (loop3): orphan cleanup on readonly fs
[  887.556589][T15128] EXT4-fs error (device loop3): ext4_free_blocks:6213: comm syz.3.2474: Freeing blocks not in datazone - block = 0, count = 4096
[  887.593297][T15128] EXT4-fs (loop3): 1 orphan inode deleted
[  887.599107][T15128] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  887.690503][   T27] audit: type=1326 audit(1721415560.704:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15126 comm="syz.4.2473" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f59d7975b59 code=0x0
[  887.966995][ T8640] EXT4-fs (loop3): unmounting filesystem.
[  888.204741][T13990] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  888.424058][ T3991] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  888.487248][T15141] netlink: 780 bytes leftover after parsing attributes in process `syz.1.2478'.
[  888.739015][ T3991] usb 5-1: no configurations
[  888.744585][ T3991] usb 5-1: can't read configurations, error -22
[  888.780925][T15144] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  888.787455][T15144] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  888.835890][T15144] vhci_hcd vhci_hcd.0: Device attached
[  888.890042][T15144] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  888.896683][T15144] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  888.923864][T15144] vhci_hcd vhci_hcd.0: Device attached
[  888.933248][ T3991] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  888.944951][T15149] vhci_hcd: connection closed
[  888.946596][T15147] vhci_hcd: connection closed
[  888.951654][ T3710] vhci_hcd: stop threads
[  888.961174][ T3710] vhci_hcd: release socket
[  888.965966][ T3710] vhci_hcd: disconnect device
[  888.970863][ T3710] vhci_hcd: stop threads
[  888.982134][ T3710] vhci_hcd: release socket
[  888.989495][ T3710] vhci_hcd: disconnect device
[  889.236870][ T3991] usb 5-1: no configurations
[  889.241552][ T3991] usb 5-1: can't read configurations, error -22
[  889.265723][ T3991] usb usb5-port1: attempt power cycle
[  889.713278][ T3991] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  889.854122][ T3991] usb 5-1: no configurations
[  889.858762][ T3991] usb 5-1: can't read configurations, error -22
[  889.885734][T15165] loop3: detected capacity change from 0 to 40427
[  889.893337][T15165] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  889.905868][T15165] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  889.917129][T15165] F2FS-fs (loop3): invalid crc value
[  889.956792][T15165] F2FS-fs (loop3): Found nat_bits in checkpoint
[  890.015441][T15176] loop0: detected capacity change from 0 to 1024
[  890.034420][T15176] ext4: Unknown parameter 'uid'
[  890.038364][ T3991] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  890.078417][T15165] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  890.085631][T15165] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  890.093471][T13056] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  890.121304][   T27] audit: type=1800 audit(1721415562.946:37): pid=15165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2482" name="bus" dev="loop3" ino=10 res=0 errno=0
[  890.193510][ T8640] syz-executor: attempt to access beyond end of device
[  890.193510][ T8640] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  890.201527][ T3991] usb 5-1: no configurations
[  890.218673][ T3991] usb 5-1: can't read configurations, error -22
[  890.227516][ T3991] usb usb5-port1: unable to enumerate USB device
[  890.619679][T15176] loop0: detected capacity change from 0 to 32768
[  890.683069][T15176] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.2485 (15176)
[  890.828447][T15176] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  890.853367][T15176] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  890.904802][T15176] BTRFS info (device loop0): using free space tree
[  890.966975][ T3560] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3
[  891.063934][T15193] netlink: 780 bytes leftover after parsing attributes in process `syz.1.2490'.
[  891.272641][T15202] 9pnet_virtio: no channels available for device 
[  891.293334][T15202] loop3: detected capacity change from 0 to 512
[  891.300377][T15202] ext3: Unknown parameter 'fsname'
[  891.317164][T15207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2491'.
[  891.348727][ T3625] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  891.358470][T15207] netlink: 'syz.2.2491': attribute type 5 has an invalid length.
[  891.370867][T15207] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2491'.
[  891.414595][T15213] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  891.421144][T15213] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  891.432086][T15213] vhci_hcd vhci_hcd.0: Device attached
[  891.437758][T15176] BTRFS info (device loop0): enabling ssd optimizations
[  891.472090][T15213] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  891.478680][T15213] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  891.505805][T15213] vhci_hcd vhci_hcd.0: Device attached
[  891.516758][T15220] usbip_core: unknown command
[  891.521479][T15220] vhci_hcd: unknown pdu 0
[  891.530693][T15220] usbip_core: unknown command
[  891.538066][T15145] vhci_hcd: stop threads
[  891.542352][T15145] vhci_hcd: release socket
[  891.563735][T15145] vhci_hcd: disconnect device
[  891.641764][T15215] vhci_hcd: connection closed
[  891.675714][ T3710] vhci_hcd: stop threads
[  891.693239][ T3710] vhci_hcd: release socket
[  891.698040][ T3710] vhci_hcd: disconnect device
[  892.356348][T13990] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  892.609200][ T3902] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  892.958383][T15233] loop3: detected capacity change from 0 to 40427
[  893.017851][ T3902] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  893.034882][T15233] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  893.049084][T15233] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  893.058226][ T3902] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  893.076332][T15233] F2FS-fs (loop3): invalid crc value
[  893.081884][ T3902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.108292][ T3902] usb 2-1: config 0 descriptor??
[  893.284348][T15233] F2FS-fs (loop3): Found nat_bits in checkpoint
[  893.301151][   T27] audit: type=1326 audit(1721415565.882:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15249 comm="syz.0.2499" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b75175b59 code=0x0
[  893.350648][T15233] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  893.362216][ T3560] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3
[  893.364312][T15233] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  893.476360][ T8640] syz-executor: attempt to access beyond end of device
[  893.476360][ T8640] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  893.733797][T14876] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  893.835751][T15267] 9pnet_virtio: no channels available for device 
[  893.848470][T15267] loop3: detected capacity change from 0 to 512
[  893.855345][T15267] ext3: Unknown parameter 'fsname'
[  893.906486][T13056] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  893.970178][T15272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2507'.
[  894.028639][T15274] loop4: detected capacity change from 0 to 1024
[  894.041473][T14876] usb 1-1: no configurations
[  894.046366][T14876] usb 1-1: can't read configurations, error -22
[  894.056866][T15274] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  894.066569][T15274] EXT4-fs (loop4): orphan cleanup on readonly fs
[  894.074938][T15274] EXT4-fs error (device loop4): ext4_free_blocks:6213: comm syz.4.2508: Freeing blocks not in datazone - block = 0, count = 4096
[  894.089103][T15274] EXT4-fs (loop4): 1 orphan inode deleted
[  894.096934][T15274] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  894.125210][T14524] EXT4-fs (loop4): unmounting filesystem.
[  894.209592][T14876] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  894.588908][T14876] usb 1-1: no configurations
[  894.593544][T14876] usb 1-1: can't read configurations, error -22
[  894.645155][T14876] usb usb1-port1: attempt power cycle
[  895.086938][T14876] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  895.238800][T14876] usb 1-1: no configurations
[  895.248316][T14876] usb 1-1: can't read configurations, error -22
[  895.411990][T14876] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  895.563908][T14876] usb 1-1: no configurations
[  895.573087][T14876] usb 1-1: can't read configurations, error -22
[  895.606414][T14876] usb usb1-port1: unable to enumerate USB device
[  895.671129][ T3991] usb 2-1: USB disconnect, device number 29
[  896.216273][T15301] 9pnet_virtio: no channels available for device 
[  896.242113][T15301] loop1: detected capacity change from 0 to 512
[  896.248927][T15301] ext3: Unknown parameter 'fsname'
[  896.293653][T13056] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  896.432328][T15290] loop4: detected capacity change from 0 to 40427
[  896.473354][T15290] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  896.481765][T15309] loop1: detected capacity change from 0 to 4096
[  896.496901][T15290] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  896.535073][T15309] NILFS (loop1): invalid segment: Checksum error in segment payload
[  896.555983][T15290] F2FS-fs (loop4): invalid crc value
[  896.565610][T15313] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2522'.
[  896.571580][T15309] NILFS (loop1): trying rollback from an earlier position
[  896.604595][T15309] NILFS (loop1): recovery complete
[  896.614235][T15316] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  896.626939][T15290] F2FS-fs (loop4): Found nat_bits in checkpoint
[  896.664474][T15309] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  896.675609][T15290] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  896.682997][T15309] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  896.691967][T15290] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  896.743480][T15314] f2fs_ckpt-7:4: attempt to access beyond end of device
[  896.743480][T15314] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  897.623994][ T3560] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3
[  897.755047][T15337] loop3: detected capacity change from 0 to 1764
[  898.060926][ T3560] Bluetooth: hci0: unexpected event 0x2f length: 1017 > 260
[  898.510955][T15347] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2532'.
[  898.684686][T15347] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2532'.
[  898.775407][   T27] audit: type=1326 audit(1721415570.940:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15352 comm="syz.2.2533" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff718d75b59 code=0x0
[  899.291079][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2538'.
[  899.334142][ T3991] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  899.532356][T15358] loop0: detected capacity change from 0 to 40427
[  899.573299][T15358] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  899.583144][T15358] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  899.606061][T15358] F2FS-fs (loop0): invalid crc value
[  899.621210][T15358] F2FS-fs (loop0): Found nat_bits in checkpoint
[  899.648387][ T3991] usb 3-1: no configurations
[  899.653056][ T3991] usb 3-1: can't read configurations, error -22
[  899.716484][T15358] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  899.728863][T15358] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  899.954434][T13990] syz-executor: attempt to access beyond end of device
[  899.954434][T13990] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  900.129457][ T3991] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  900.493848][ T3991] usb 3-1: no configurations
[  900.499509][ T3991] usb 3-1: can't read configurations, error -22
[  900.506691][ T3991] usb usb3-port1: attempt power cycle
[  901.121491][ T3560] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3
[  901.165116][ T3991] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  901.490777][ T3991] usb 3-1: no configurations
[  901.512848][ T3991] usb 3-1: can't read configurations, error -22
[  901.706824][ T3991] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  901.811706][ T3560] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  901.880191][ T3991] usb 3-1: no configurations
[  901.885506][ T3991] usb 3-1: can't read configurations, error -22
[  901.900231][ T3991] usb usb3-port1: unable to enumerate USB device
[  901.950413][T15409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2548'.
[  901.985228][T15409] netlink: 'syz.0.2548': attribute type 5 has an invalid length.
[  902.004688][T15407] loop4: detected capacity change from 0 to 1764
[  902.017238][T15409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2548'.
[  902.069567][ T3991] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  902.528115][ T3991] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping
[  902.540986][ T3991] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  902.553883][ T3991] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.576786][ T3991] usb 2-1: config 0 descriptor??
[  903.067033][T15414] loop3: detected capacity change from 0 to 40427
[  903.078425][T15427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2552'.
[  903.116363][T15402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.136303][T15414] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  903.156731][T15402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  903.205072][T15414] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  903.248170][ T3991] ath6kl: Failed to read usb control message: -71
[  903.254670][ T3991] ath6kl: Unable to read the bmi data from the device: -71
[  903.263265][ T3991] ath6kl: Unable to recv target info: -71
[  903.269882][T15414] F2FS-fs (loop3): invalid crc value
[  903.273331][ T3991] ath6kl: Failed to init ath6kl core: -71
[  903.300262][ T3991] ath6kl_usb: probe of 2-1:0.0 failed with error -71
[  903.312356][ T3991] usb 2-1: USB disconnect, device number 30
[  903.328139][T15414] F2FS-fs (loop3): Found nat_bits in checkpoint
[  903.458921][T15414] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  903.472165][T15414] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  903.637056][   T27] audit: type=1804 audit(1721415575.425:40): pid=15414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2550" name="/newroot/317/bus/bus" dev="loop3" ino=10 res=1 errno=0
[  903.665600][ T8640] syz-executor: attempt to access beyond end of device
[  903.665600][ T8640] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  904.538112][ T3560] Bluetooth: Wrong link type (-57)
[  906.000793][ T3560] Bluetooth: hci2: unexpected event 0x2f length: 1017 > 260
[  906.219159][ T3560] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  906.491919][T15467] loop1: detected capacity change from 0 to 1764
[  906.503207][T15469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2565'.
[  906.517233][T15469] netlink: 'syz.4.2565': attribute type 5 has an invalid length.
[  906.544982][T15469] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2565'.
[  906.551936][ T3549] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  906.567922][ T3549] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  906.588496][ T3549] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  906.613529][ T3549] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  906.622862][ T3549] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  906.632082][ T3549] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  906.672160][T15477] loop4: detected capacity change from 0 to 1024
[  906.693840][T15477] ext4: Unknown parameter 'uid'
[  906.793130][ T3902] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  906.841376][T15145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  906.869678][T15474] ip6gretap0 speed is unknown, defaulting to 1000
[  906.944039][T15145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.043862][T15145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.237117][T15145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.259877][ T3902] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  907.275544][ T3902] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  907.295739][ T3902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.324610][ T3902] usb 4-1: config 0 descriptor??
[  907.334620][T15483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2568'.
[  907.340297][T15477] loop4: detected capacity change from 0 to 32768
[  907.367127][T15477] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.2566 (15477)
[  907.420864][T15477] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  907.443774][T15477] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  907.452776][T15477] BTRFS info (device loop4): using free space tree
[  907.468196][T15474] chnl_net:caif_netlink_parms(): no params data found
[  907.650365][T15477] BTRFS info (device loop4): enabling ssd optimizations
[  908.804761][T15474] bridge0: port 1(bridge_slave_0) entered blocking state
[  908.826485][T15474] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.870217][T15474] device bridge_slave_0 entered promiscuous mode
[  908.890381][ T3560] Bluetooth: hci1: command tx timeout
[  908.966256][T15474] bridge0: port 2(bridge_slave_1) entered blocking state
[  908.973766][T15474] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.010732][T15474] device bridge_slave_1 entered promiscuous mode
[  909.211415][T15474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  909.247158][T15474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  910.085391][T14524] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  910.121007][T15474] team0: Port device team_slave_0 added
[  910.346828][T15474] team0: Port device team_slave_1 added
[  910.466881][T15474] batman_adv: batadv0: Adding interface: batadv_slave_0
[  910.478192][T15474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  910.595787][T15474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  910.630541][T15517] loop1: detected capacity change from 0 to 40427
[  910.652018][T15517] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  910.664767][T15474] batman_adv: batadv0: Adding interface: batadv_slave_1
[  910.665263][T15517] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  910.695877][T15517] F2FS-fs (loop1): invalid crc value
[  910.703284][T15474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  910.730678][T15474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  910.744842][T15517] F2FS-fs (loop1): Found nat_bits in checkpoint
[  910.863647][T15517] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  910.879880][T15517] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  910.888017][ T3594] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  910.940397][T15474] device hsr_slave_0 entered promiscuous mode
[  910.955931][   T27] audit: type=1804 audit(1721415582.173:41): pid=15517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2569" name="/newroot/68/bus/bus" dev="loop1" ino=10 res=1 errno=0
[  910.996540][T15474] device hsr_slave_1 entered promiscuous mode
[  911.021615][T15474] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  911.048204][T13741] syz-executor: attempt to access beyond end of device
[  911.048204][T13741] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  911.066703][T15474] Cannot create hsr debugfs directory
[  911.110963][ T3549] Bluetooth: hci1: command tx timeout
[  911.327882][ T3594] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  911.359483][ T3594] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  911.576734][ T3594] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  911.592704][ T3594] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.606708][T14876] usb 4-1: USB disconnect, device number 33
[  911.622920][ T3594] usb 5-1: Product: syz
[  911.636676][ T3594] usb 5-1: Manufacturer: syz
[  911.652153][ T3594] usb 5-1: SerialNumber: syz
[  912.144491][T15555] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2575'.
[  912.313239][T15145] device hsr_slave_0 left promiscuous mode
[  912.349070][T15145] device hsr_slave_1 left promiscuous mode
[  912.361430][T15145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  912.383362][T15145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  912.391853][T15145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  912.399313][T15145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  912.474977][T15145] device bridge_slave_1 left promiscuous mode
[  912.503798][T15145] bridge0: port 2(bridge_slave_1) entered disabled state
[  912.528024][T15145] device bridge_slave_0 left promiscuous mode
[  912.536011][T15145] bridge0: port 1(bridge_slave_0) entered disabled state
[  912.670102][T15145] device veth1_macvtap left promiscuous mode
[  912.676700][T15145] device veth0_macvtap left promiscuous mode
[  912.683411][T15145] device veth1_vlan left promiscuous mode
[  912.689358][T15145] device veth0_vlan left promiscuous mode
[  912.820721][T15574] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2578'.
[  912.922214][ T3594] cdc_ncm 5-1:1.0: bind() failure
[  912.929493][ T3594] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  912.938012][ T3594] cdc_ncm 5-1:1.1: bind() failure
[  913.142735][ T3995] usb 5-1: USB disconnect, device number 31
[  913.299869][T15145] team0 (unregistering): Port device team_slave_1 removed
[  913.344456][T15145] team0 (unregistering): Port device team_slave_0 removed
[  913.367732][ T3549] Bluetooth: hci1: command tx timeout
[  913.393993][T15145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  913.442169][T15145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  914.015809][T15145] bond0 (unregistering): Released all slaves
[  914.140534][T15581] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2580'.
[  914.171585][T15581] netlink: 'syz.2.2580': attribute type 5 has an invalid length.
[  914.210130][T15581] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2580'.
[  914.688473][T15599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2585'.
[  915.044832][T15474] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  915.069088][T15474] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  915.103772][T15474] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  915.128350][T15474] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  915.224710][T15587] loop1: detected capacity change from 0 to 40427
[  915.303638][T15587] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  915.322442][T15587] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  915.324239][T15474] 8021q: adding VLAN 0 to HW filter on device bond0
[  915.354780][T15611] loop3: detected capacity change from 0 to 4096
[  915.379569][ T3555] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  915.390516][T15587] F2FS-fs (loop1): invalid crc value
[  915.430631][T15587] F2FS-fs (loop1): Found nat_bits in checkpoint
[  915.431512][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  915.450713][T15611] NILFS (loop3): invalid segment: Checksum error in segment payload
[  915.467923][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  915.475251][T15611] NILFS (loop3): trying rollback from an earlier position
[  915.499817][T15474] 8021q: adding VLAN 0 to HW filter on device team0
[  915.516040][T15611] NILFS (loop3): recovery complete
[  915.522734][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  915.548365][ T3290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  915.562996][T15616] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  915.576895][T15587] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  915.589572][T15587] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  915.609154][T15611] overlayfs: missing 'workdir'
[  915.613949][ T3290] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.614015][ T3290] bridge0: port 1(bridge_slave_0) entered forwarding state
[  915.629436][ T3549] Bluetooth: hci1: command tx timeout
[  915.654463][ T3904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  915.663465][ T3904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  915.672521][ T3904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  915.683759][ T3904] bridge0: port 2(bridge_slave_1) entered blocking state
[  915.690896][ T3904] bridge0: port 2(bridge_slave_1) entered forwarding state
[  915.698509][   T27] audit: type=1804 audit(1721415586.548:42): pid=15587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2582" name="/newroot/70/bus/bus" dev="loop1" ino=10 res=1 errno=0
[  915.739976][ T3904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  915.772108][ T3904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  915.824351][T13741] syz-executor: attempt to access beyond end of device
[  915.824351][T13741] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  915.837544][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  915.846774][ T3555] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  915.877850][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  915.905590][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  915.944515][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  915.986054][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  916.000469][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  916.030507][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  916.051503][ T3555] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  916.082518][ T3555] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.091981][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  916.121730][ T3555] usb 3-1: Product: syz
[  916.126016][ T3555] usb 3-1: Manufacturer: syz
[  916.133792][T15474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  916.165678][ T3555] usb 3-1: SerialNumber: syz
[  916.195635][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  916.399429][ T3549] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  916.410363][ T3549] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  916.420851][ T3549] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  916.428669][ T3549] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  916.436846][ T3549] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  916.445510][ T3549] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  916.912669][T15627] ip6gretap0 speed is unknown, defaulting to 1000
[  917.039587][ T3555] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  917.171906][ T3555] cdc_ncm 3-1:1.0: bind() failure
[  917.263793][ T3555] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  917.328560][ T3555] cdc_ncm 3-1:1.1: bind() failure
[  917.382325][T15474] 8021q: adding VLAN 0 to HW filter on device batadv0
[  917.383663][T15642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2592'.
[  917.431359][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  917.447062][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  917.538632][ T3996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  917.554788][ T3996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  917.621192][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  917.649161][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  917.664863][T15474] device veth0_vlan entered promiscuous mode
[  917.678612][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  917.695123][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  917.725765][T15474] device veth1_vlan entered promiscuous mode
[  917.761837][T15627] chnl_net:caif_netlink_parms(): no params data found
[  917.813670][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  917.823623][ T3555] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  917.843125][T15474] device veth0_macvtap entered promiscuous mode
[  917.878186][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  917.893758][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  917.905536][T15474] device veth1_macvtap entered promiscuous mode
[  917.918767][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  917.927351][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  917.953560][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  917.964603][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  917.975773][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  917.988658][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  917.998773][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.009549][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.020097][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  918.055453][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.085506][T15474] batman_adv: batadv0: Interface activated: batadv_slave_0
[  918.127333][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  918.156020][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  918.197285][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  918.219981][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.239715][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  918.257101][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.287477][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  918.306471][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.320885][T15474] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  918.329343][ T3789] usb 3-1: USB disconnect, device number 31
[  918.333600][T15474] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  918.427438][T15474] batman_adv: batadv0: Interface activated: batadv_slave_1
[  918.455355][T15627] bridge0: port 1(bridge_slave_0) entered blocking state
[  918.470440][T15627] bridge0: port 1(bridge_slave_0) entered disabled state
[  918.488235][T15627] device bridge_slave_0 entered promiscuous mode
[  918.512053][ T3996] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  918.520795][ T3996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  918.544711][T15474] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  918.554489][ T3555] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  918.559629][T15474] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  918.571382][T15474] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  918.581072][T15474] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  918.592874][T15674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2595'.
[  918.609301][T15627] bridge0: port 2(bridge_slave_1) entered blocking state
[  918.616420][T15627] bridge0: port 2(bridge_slave_1) entered disabled state
[  918.641216][T15627] device bridge_slave_1 entered promiscuous mode
[  918.651515][ T3560] Bluetooth: hci3: command tx timeout
[  918.804164][ T3560] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  918.815859][ T5301] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.928811][ T5301] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.957983][T15627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  918.977641][ T3555] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  919.013857][T15627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  919.040211][ T3555] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  919.059755][ T5301] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.099555][T15688] loop4: detected capacity change from 0 to 4096
[  919.177266][ T5301] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  919.190229][T15688] NILFS (loop4): invalid segment: Checksum error in segment payload
[  919.200839][T15688] NILFS (loop4): trying rollback from an earlier position
[  919.229170][T15145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  919.242926][T15627] team0: Port device team_slave_0 added
[  919.270658][T15145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  919.274822][T15627] team0: Port device team_slave_1 added
[  919.310516][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  919.318265][ T3555] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  919.322167][T15688] NILFS (loop4): recovery complete
[  919.348915][T15692] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  919.349799][ T3555] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.363608][T15688] overlayfs: missing 'workdir'
[  919.380781][ T3710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  919.393858][ T3710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  919.429265][T15627] batman_adv: batadv0: Adding interface: batadv_slave_0
[  919.442679][ T3555] usb 2-1: Product: syz
[  919.449956][ T3555] usb 2-1: Manufacturer: syz
[  919.460011][T15627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  919.469458][ T3555] usb 2-1: SerialNumber: syz
[  919.503374][T15627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  919.537908][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  919.591774][T15627] batman_adv: batadv0: Adding interface: batadv_slave_1
[  919.631910][T15627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  919.705910][T15694] loop4: detected capacity change from 0 to 1024
[  919.732511][T15627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  919.744471][T15694] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  919.755989][   T27] audit: type=1326 audit(1721415590.304:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15695 comm="syz.0.2561" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d69775b59 code=0x0
[  919.757461][T15694] EXT4-fs (loop4): orphan cleanup on readonly fs
[  919.786122][T15694] EXT4-fs error (device loop4): ext4_free_blocks:6213: comm syz.4.2599: Freeing blocks not in datazone - block = 0, count = 4096
[  919.800534][T15694] EXT4-fs (loop4): 1 orphan inode deleted
[  919.806304][T15694] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  919.936498][T15627] device hsr_slave_0 entered promiscuous mode
[  919.946850][T15627] device hsr_slave_1 entered promiscuous mode
[  919.970760][T14524] EXT4-fs (loop4): unmounting filesystem.
[  920.103760][T15703] loop4: detected capacity change from 0 to 1024
[  920.144274][T15703] ext4: Unknown parameter 'uid'
[  920.212423][ T4298] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  920.311706][ T3995] ip6gretap0 speed is unknown, defaulting to 1000
[  920.332159][ T3995] ==================================================================
[  920.340261][ T3995] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430
[  920.347481][ T3995] Read of size 4 at addr ffff888042f800e0 by task kworker/1:15/3995
[  920.355560][ T3995] 
[  920.357886][ T3995] CPU: 1 PID: 3995 Comm: kworker/1:15 Not tainted 6.1.100-syzkaller #0
[  920.366128][ T3995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  920.376273][ T3995] Workqueue: infiniband ib_cache_event_task
[  920.382206][ T3995] Call Trace:
[  920.385488][ T3995]  <TASK>
[  920.388432][ T3995]  dump_stack_lvl+0x1e3/0x2cb
[  920.393152][ T3995]  ? nf_tcp_handle_invalid+0x642/0x642
[  920.398637][ T3995]  ? panic+0x764/0x764
[  920.402729][ T3995]  ? _printk+0xd1/0x111
[  920.406991][ T3995]  ? __virt_addr_valid+0x17f/0x530
[  920.412125][ T3995]  ? __virt_addr_valid+0x17f/0x530
[  920.417261][ T3995]  print_report+0x15f/0x4f0
[  920.421770][ T3995]  ? __virt_addr_valid+0x17f/0x530
[  920.426902][ T3995]  ? __virt_addr_valid+0x17f/0x530
[  920.432025][ T3995]  ? __virt_addr_valid+0x45b/0x530
[  920.437151][ T3995]  ? __phys_addr+0xb6/0x170
[  920.441675][ T3995]  ? siw_query_port+0x342/0x430
[  920.446549][ T3995]  kasan_report+0x136/0x160
[  920.451067][ T3995]  ? siw_query_port+0x342/0x430
[  920.455940][ T3995]  siw_query_port+0x342/0x430
[  920.460629][ T3995]  ? ib_query_port+0x344/0x7c0
[  920.465415][ T3995]  ib_cache_update+0x1a8/0xaf0
[  920.470237][ T3995]  ? ib_cache_setup_one+0x5a0/0x5a0
[  920.475449][ T3995]  ? read_lock_is_recursive+0x10/0x10
[  920.480841][ T3995]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  920.486860][ T3995]  ? print_irqtrace_events+0x210/0x210
[  920.492331][ T3995]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  920.498246][ T3995]  ib_cache_event_task+0xef/0x1e0
[  920.503294][ T3995]  ? process_one_work+0x7a9/0x11d0
[  920.508505][ T3995]  process_one_work+0x8a9/0x11d0
[  920.513461][ T3995]  ? worker_detach_from_pool+0x260/0x260
[  920.519109][ T3995]  ? _raw_spin_lock_irqsave+0x120/0x120
[  920.524667][ T3995]  ? kthread_data+0x4e/0xc0
[  920.529188][ T3995]  ? wq_worker_running+0x97/0x190
[  920.534259][ T3995]  worker_thread+0xa47/0x1200
[  920.539010][ T3995]  kthread+0x28d/0x320
[  920.543083][ T3995]  ? worker_clr_flags+0x190/0x190
[  920.548117][ T3995]  ? kthread_blkcg+0xd0/0xd0
[  920.552716][ T3995]  ret_from_fork+0x1f/0x30
[  920.557137][ T3995]  </TASK>
[  920.560137][ T3995] 
[  920.562480][ T3995] Allocated by task 8640:
[  920.566777][ T3995]  kasan_set_track+0x4b/0x70
[  920.571354][ T3995]  __kasan_kmalloc+0x97/0xb0
[  920.575916][ T3995]  __kmalloc_node+0xb3/0x230
[  920.580482][ T3995]  kvmalloc_node+0x6e/0x180
[  920.584960][ T3995]  alloc_netdev_mqs+0x85/0xeb0
[  920.589702][ T3995]  rtnl_create_link+0x2e9/0xa30
[  920.594534][ T3995]  rtnl_newlink+0x1403/0x2050
[  920.599190][ T3995]  rtnetlink_rcv_msg+0x818/0xff0
[  920.604111][ T3995]  netlink_rcv_skb+0x1cd/0x410
[  920.608858][ T3995]  netlink_unicast+0x7d8/0x970
[  920.613601][ T3995]  netlink_sendmsg+0xa26/0xd60
[  920.618337][ T3995]  __sys_sendto+0x480/0x600
[  920.622819][ T3995]  __x64_sys_sendto+0xda/0xf0
[  920.627477][ T3995]  do_syscall_64+0x3b/0xb0
[  920.631876][ T3995]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  920.637750][ T3995] 
[  920.640048][ T3995] Freed by task 5301:
[  920.644004][ T3995]  kasan_set_track+0x4b/0x70
[  920.648574][ T3995]  kasan_save_free_info+0x27/0x40
[  920.653575][ T3995]  ____kasan_slab_free+0xd6/0x120
[  920.658582][ T3995]  __kmem_cache_free+0x25c/0x3c0
[  920.663499][ T3995]  device_release+0x91/0x1c0
[  920.668082][ T3995]  kobject_put+0x224/0x460
[  920.672489][ T3995]  netdev_run_todo+0xe56/0xf40
[  920.677344][ T3995]  ip6gre_exit_batch_net+0x41a/0x460
[  920.682622][ T3995]  cleanup_net+0x763/0xb60
[  920.687019][ T3995]  process_one_work+0x8a9/0x11d0
[  920.691934][ T3995]  worker_thread+0xa47/0x1200
[  920.696589][ T3995]  kthread+0x28d/0x320
[  920.700632][ T3995]  ret_from_fork+0x1f/0x30
[  920.705029][ T3995] 
[  920.707328][ T3995] The buggy address belongs to the object at ffff888042f80000
[  920.707328][ T3995]  which belongs to the cache kmalloc-cg-4k of size 4096
[  920.721627][ T3995] The buggy address is located 224 bytes inside of
[  920.721627][ T3995]  4096-byte region [ffff888042f80000, ffff888042f81000)
[  920.734971][ T3995] 
[  920.737362][ T3995] The buggy address belongs to the physical page:
[  920.743761][ T3995] page:ffffea00010be000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42f80
[  920.753895][ T3995] head:ffffea00010be000 order:3 compound_mapcount:0 compound_pincount:0
[  920.762230][ T3995] memcg:ffff8880217d8941
[  920.764525][ T4298] usb 1-1: no configurations
[  920.766437][ T3995] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  920.778979][ T3995] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff88801244c280
[  920.787546][ T3995] raw: 0000000000000000 0000000000040004 00000001ffffffff ffff8880217d8941
[  920.796104][ T3995] page dumped because: kasan: bad access detected
[  920.802585][ T3995] page_owner tracks the page as allocated
[  920.808276][ T3995] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7594, tgid 7594 (syz-executor), ts 334908338873, free_ts 334695463872
[  920.833030][ T3995]  post_alloc_hook+0x18d/0x1b0
[  920.837795][ T3995]  get_page_from_freelist+0x322e/0x33b0
[  920.843342][ T3995]  __alloc_pages+0x28d/0x770
[  920.847918][ T3995]  alloc_slab_page+0x6a/0x150
[  920.852590][ T3995]  new_slab+0x84/0x2d0
[  920.856660][ T3995]  ___slab_alloc+0xc20/0x1270
[  920.861314][ T3995]  __kmem_cache_alloc_node+0x19f/0x260
[  920.866749][ T3995]  __kmalloc_node+0xa2/0x230
[  920.871313][ T3995]  kvmalloc_node+0x6e/0x180
[  920.875797][ T3995]  alloc_netdev_mqs+0x85/0xeb0
[  920.880570][ T3995]  rtnl_create_link+0x2e9/0xa30
[  920.885403][ T3995]  rtnl_newlink+0x1403/0x2050
[  920.890058][ T3995]  rtnetlink_rcv_msg+0x818/0xff0
[  920.894986][ T3995]  netlink_rcv_skb+0x1cd/0x410
[  920.899842][ T3995]  netlink_unicast+0x7d8/0x970
[  920.904684][ T3995]  netlink_sendmsg+0xa26/0xd60
[  920.909429][ T3995] page last free stack trace:
[  920.914080][ T3995]  free_unref_page_prepare+0xf63/0x1120
[  920.919607][ T3995]  free_unref_page+0x33/0x3e0
[  920.924265][ T3995]  __unfreeze_partials+0x1b7/0x210
[  920.929359][ T3995]  put_cpu_partial+0x17b/0x250
[  920.934102][ T3995]  qlist_free_all+0x76/0xe0
[  920.938754][ T3995]  kasan_quarantine_reduce+0x156/0x170
[  920.944190][ T3995]  __kasan_slab_alloc+0x1f/0x70
[  920.949019][ T3995]  slab_post_alloc_hook+0x52/0x3a0
[  920.954115][ T3995]  __kmem_cache_alloc_node+0x137/0x260
[  920.959549][ T3995]  __kmalloc+0xa1/0x230
[  920.963691][ T3995]  tomoyo_encode+0x26b/0x530
[  920.968276][ T3995]  tomoyo_path_perm+0x3b6/0x710
[  920.973115][ T3995]  tomoyo_path_symlink+0xda/0x110
[  920.978116][ T3995]  security_path_symlink+0xd9/0x130
[  920.983294][ T3995]  do_symlinkat+0x132/0x390
[  920.987779][ T3995]  __x64_sys_symlink+0x7a/0x90
[  920.992521][ T3995] 
[  920.994822][ T3995] Memory state around the buggy address:
[  921.000427][ T3995]  ffff888042f7ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  921.008460][ T3995]  ffff888042f80000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  921.016495][ T3995] >ffff888042f80080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  921.024536][ T3995]                                                        ^
[  921.031702][ T3995]  ffff888042f80100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  921.039744][ T3995]  ffff888042f80180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  921.047867][ T3995] ==================================================================
[  921.067622][ T3560] Bluetooth: hci3: command tx timeout
[  921.077788][ T3555] cdc_ncm 2-1:1.0: bind() failure
[  921.089121][ T4298] usb 1-1: can't read configurations, error -22
[  921.092927][T15703] loop4: detected capacity change from 0 to 32768
[  921.103510][T15703] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.2600 (15703)
[  921.120153][ T3555] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  921.127258][ T3995] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  921.134465][ T3995] CPU: 1 PID: 3995 Comm: kworker/1:15 Not tainted 6.1.100-syzkaller #0
[  921.142712][ T3995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  921.152774][ T3995] Workqueue: infiniband ib_cache_event_task
[  921.158692][ T3995] Call Trace:
[  921.161985][ T3995]  <TASK>
[  921.164948][ T3995]  dump_stack_lvl+0x1e3/0x2cb
[  921.169731][ T3995]  ? nf_tcp_handle_invalid+0x642/0x642
[  921.174559][ T3555] cdc_ncm 2-1:1.1: bind() failure
[  921.180228][ T3995]  ? panic+0x764/0x764
[  921.184312][ T3995]  ? preempt_schedule_common+0xa6/0xd0
[  921.189784][ T3995]  ? vscnprintf+0x59/0x80
[  921.194127][ T3995]  panic+0x318/0x764
[  921.198035][ T3995]  ? check_panic_on_warn+0x1d/0xa0
[  921.203156][ T3995]  ? memcpy_page_flushcache+0xfc/0xfc
[  921.208544][ T3995]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  921.214560][ T3995]  ? _raw_spin_unlock+0x40/0x40
[  921.219422][ T3995]  ? print_report+0x4a3/0x4f0
[  921.224114][ T3995]  check_panic_on_warn+0x7e/0xa0
[  921.229064][ T3995]  ? siw_query_port+0x342/0x430
[  921.233929][ T3995]  end_report+0x66/0x110
[  921.238275][ T3995]  kasan_report+0x143/0x160
[  921.242791][ T3995]  ? siw_query_port+0x342/0x430
[  921.247656][ T3995]  siw_query_port+0x342/0x430
[  921.252347][ T3995]  ? ib_query_port+0x344/0x7c0
[  921.257125][ T3995]  ib_cache_update+0x1a8/0xaf0
[  921.261908][ T3995]  ? ib_cache_setup_one+0x5a0/0x5a0
[  921.267139][ T3995]  ? read_lock_is_recursive+0x10/0x10
[  921.272615][ T3995]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  921.278611][ T3995]  ? print_irqtrace_events+0x210/0x210
[  921.284101][ T3995]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  921.290006][ T3995]  ib_cache_event_task+0xef/0x1e0
[  921.295050][ T3995]  ? process_one_work+0x7a9/0x11d0
[  921.300222][ T3995]  process_one_work+0x8a9/0x11d0
[  921.305189][ T3995]  ? worker_detach_from_pool+0x260/0x260
[  921.310840][ T3995]  ? _raw_spin_lock_irqsave+0x120/0x120
[  921.316494][ T3995]  ? kthread_data+0x4e/0xc0
[  921.321011][ T3995]  ? wq_worker_running+0x97/0x190
[  921.326048][ T3995]  worker_thread+0xa47/0x1200
[  921.330745][ T3995]  kthread+0x28d/0x320
[  921.334836][ T3995]  ? worker_clr_flags+0x190/0x190
[  921.339868][ T3995]  ? kthread_blkcg+0xd0/0xd0
[  921.344560][ T3995]  ret_from_fork+0x1f/0x30
[  921.349090][ T3995]  </TASK>
[  921.352373][ T3995] Kernel Offset: disabled
[  921.356684][ T3995] Rebooting in 86400 seconds..