last executing test programs:

10.670046789s ago: executing program 3:
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f0000000080)=ANY=[@ANYBLOB="75737271756f74612c696f636861727365743d69736f383835392d352c696f636861727365743d6575632d6a702c696e746567726974792c71756f74612c6e6f71756f74612c71756f7461006572726f72733d636f6e74696e75652c756d61736b3d3078303030303030303030303030303038312c75737271756f74612c06000000756f74612c756d61736b3d3078303030303030303030303030303030312c67727071756f74612c756d61736b3d3078303030303030303030303032303034352c726f6f74636f6e746578743d7379752c646566636f6e746578743d73797361646d5f752c66736e616d653d003f0000587d5b2d292b2c00a9c1a30bc3207997b7f4e9447ee50b7a7e32bbde0fc9243970c38a6cb5080b2f024c8fa61254ca59336acbf090ea35b6e7e44f4af2c218e937a7689e5f17975998f3ff7c1c7b896131aaf5097320e70b9b3c7424cb12be8a69b44da8d201000000abf6813950c019ae80f2a89a067e768d0c305f77357aaccfbf7dc0503768aaa6b8940e1ccbc41e021e0cf63c2d1c991852b2b84c2d677f2898bde305ce8fa91a7c14e01f5f066af16ae8fa48cdee8bf24677ab469a4f18d640cc"], 0xfe, 0x6233, &(0x7f0000000280)="$eJzs3c9vHGf9B/DP/vSPfttaPVT9Rgi5aflRSpM4KSFQIO0BDlx6QLmiRK5bRaSAkoDSyiKufOHAib8AhMQRIY6IA39AD1y5ceJEJBsJ1BODxn6eeHay23WwvbPxvF6SM/OZZ9b7jN87+yMzs08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPHd73xvrRMR13+aFqxE/F/0IroRS2W9GhFLqyt5/X5EvBB7zfF8RAwWIsrb7/3zbMTrEfHxMxE7u5vr5eKLh+zHt3//1998/6m3//K7wfl//+Fu741J692794t//fH+0bYZAAAA2qYoiqKTPuafSZ/vu013CgCYifz6XyR5+amvf/n3t/80T/1Rq9VqtXoGdVUx3v1qERFb1duU7xkcjgeAJ8xWfNJ0F2iQ/FutHxFPNd0JYK51mu4AJ2Jnd3O9k/LtVF8PVvfb87kgI/lvdR5e3zFpOk39HJNZPb62oxfPTejP0oz6ME9y/t16/tf324dpvZPOf1Ym5T/cv/SpdXL+vXr+Nacn/+7Y/Nsq599/rPx78gcAAAAAgDmW//9/peHjvwtH35RD+bTjv6sz6gMAAAAAAAAAHLejjv/3kPH/AAAAYG6Vn9VLv3rmYNmk72Irl1/rRDxdWx9omXSxzHLT/QAAAAAAAAAAAACANunvn8N7rRMxiIinl5eLoih/qur14zrq7Z90bd9+aLOmn+QBAGDfx8/UruXvRCxGxLX0XX+D5eXlolhcWi6Wi6WF/H52uLBYLFU+1+ZpuWxheIg3xP1hUf6yxcrtqqZ9Xp7WXv995X0Ni94hOnZMBumvOaG5obABINl/NdrxinTKFMWzk958wAj7/ym0EitNP66Yf00/TAEAAICTVxRF0Ulf530mHfPvNt0pAGAm8ut//bjAkeruhPaI4/n9c1sPYr76o1ar1Wr1aF1VjHe/WkTEVvU25XsGw/EDwBNmKz5pugs0SP6t1o+IF5ruBDDXOk13gBOxs7u53kn5dqqvB2l893wuyEj+W5292+Xbj5tOUz/HZFaPr+3oxXMT+vP8jPowT3L+3Xr+1/fbh2m9k85/ViblP9y7ZK59cv69ev41pyf/7tj82yrn33+s/HvyBwAAAACAOZb//3/F8d+9Tb46o34AAAAAAAAAwHHa2d1cz9e95uP/nxmznus/T6ecf+dx819K8/J/ouX8u7X8v1hbr1eZf/DWwf7/z93N9d/e/cf/5+lh81/IM530yOqkR0Qn3VOnn6ZH2bpHbQ96w/KeBp1ur5/O+SkG78bNuBUbcWFk3W76exy0r420lz0djLRfHGnvP9J+aaR9kL53oFjK7ediPX4Ut+KdvfaybWHK9i9OaS+mtOf8e57/Wynn36/8lPkvp/ZObVp68FH3kf2+Oh13P2/e/OzPL5z85ky1Hb2H21ZVbt/ZBvqz9zd5ahg/ubNx+9y9G3fv3l6LNBlZejHS5Jjl/Ad7PwsHz/8v7bfn5/3q/vrgo+Fj5z8vtqM/Mf+XKvPl9r4y4741Iec/TD85/3dS+/j9/0nOf/L+/2oD/QEAAAAAAAAAAAAAAIBPUxTF3iWib0bE5XT9T1PXZgIAs5Vf/4skL1er1Wq1Wn366qpivKvVIiL+XL1N+Z7hZ+N+GQAwz/4TEX9ruhM0Rv4tlr/vr5y+3HRngJm688GHP7hx69bG7TtN9wQAAAAAAAAA+F/l8T9XK+M/vxwRK7X1RsZ/fStWjzr+Zz/PPBxg9JgH+p5guzvsdSvDjb8Ye+Nzn5s0/vfZeHT87zwmbq+6HRMMprQPp7QvTGlfHLv0IK2xF3pU5PxfrIx3XuZ/pjb8ehvGf62Ped8GOf+zlcdzmf8XautV8y9+PXf5bx12xe3ojuR//u77Pz5/54MPX7v5/o33Nt7b+OGltbULly5fvnLlyvl3b97auLD/78n0eg7k/PPY184DbZecf85c/u2S8/9cquXfLjn/z6da/u2S88/v9+TfLjn//NlH/u2S838l1fJvl5z/l1It/3bZ2d1cKPN/NdXyb5e8/3851fJvl5z/a6mWf7vk/M+lWv7tkvM/n+pD5O/r4U+RnH8+wmX/b5ec/1qq5d8uOf+LqZZ/u+T8L6Va/u2S83891fJvl5z/V1It/3bJ+V9OtfzbJef/1VTLv11y/ldSLf92yfl/LdXyb5ec/9dTLf92yfm/kWr5t0vO/xupln+75Py/mWr5t0vO/1upln+75Pyvplr+7XLw/f9mzJgxk2eafmYCAAAAAAAAAAAAAOpmcTpx09sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8F924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYW9e42R66zvB35mb147hBgIwcnfwCYxISRLdm0nvvCviwnXBiiFJBR6wXa9a7PgG167BIpk00CJhFFRRdX0RVtAqI1UVVgVL2hFaV5Uvbwq7Qv6pqKqhNSoCsigIpWKstXMeZ7HM7Nz2fWOvbPn+Xwk+7c7c2bOmTNnZve79ncPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECzO984/5laURT1P42/thbFC+ofb57a2rjsdeu9hQAAAMBa/W/j7yu3pAsOruBGTcv83Sv+8WtLS0tLxftGf3f8C0tL6YqpohjfVBSN66LL//7+WvMywZPFZG2k6fORPqsf7XP9WJ/rx/tcP9Hn+k19rp/sc/2yHbDM5vLnMY0729H4cGu5S4tbi/HGdTs63OrJ2qaRkfiznIZa4zZL48eKheJEMV/MtixfLltrLP+NO+vrelsR1zXStK7t9SPkB584GrehFvbxjpZ1Xb3P6HtvKKZ++INPHP3jc8/f3mn23Q0t91du57131bfzU+GScltrxaa0T+J2jjRt5/YOz8loy3bWGrerf9y+nVdWuJ2jVzfzhmp/zieLkcbH32rsp7HmH+ul/bQ9XPbfdxdFcfHqZrcvs2xdxUixpeWSkavPz2R5RNbvo34ovbgYW9VxeucKjtP6nNvRepy2vybi839nuN1Yl21ofpq+98mJZc/7ao/TqP6ou71W2o/BQb9WhuUYjMfFtxoP+qmOx+CO8Pg/cU/3Y7DjsdPhGEyPu+kYvKvfMTgyMdrY5vQk1Bq3uXoM7mxZfrSxplpjPndP72Nw5tzJMzOLH/v4axdOHjk+f3z+1O6dO2d379mzb9++mWMLJ+Zny7+vcW8Pvy3FSHoN3BX2XXwNvLpt2eZDdelLg3sdTvZ4HW5tW3bQr8Ox9gdXuzEvyOXHdPnaeKy+0ycvjRRdXmON5+e+tb8O0+Nueh2ONb0OO35N6fA6HFvB67C+zJn7VvY9y1jTn07bcL2+FmxtOgbbvx9pPwYH/f3IsByDk+G4+Nf7un8t2B6296np1X4/MrrsGEwPN7z31C9J3+9P7muMTsflHfUrbpoozi/On33giSPnzp3dWYRxQ7yk6VhpP163ND2mYtnxOrLq4/XgwiueuqPD5VvDvpp8bf2vya7PVX2ZBx/o/Vw1vrp13p8tl+4qwhiwG70/O301r+/PlCV77M/6Mp+aWfv34imXNr3/jnd5/425/6fl+tJdPTk6Pla+fkfT3hlveT9ufarGGu9dtca6r8ys7P14PPy50e/Ht/Z4P97Wtuyg34/H2x9cfD+u9ftpx9q0P5+T4Tg5Mdv7/bi+zLZdqz0mx3q+H98dZi3s/9eEpJByUdOx0+24TesaGxsPj2ssrqH1ON3dsvx4yGb1dT2z69qO03vvLu9rND26q27UcTrVtuygj9P0ftXtOK31++nbtWl/PifDcXHr7t7HaX2ZZx9c+3vn5vhh03vnROMYvNL9fsZHJ+rbPJ4OwvL9fmlzPAYfKI4Wp4sTxVzj2onG8VRrrGv6oZUdgxPhz41+r9zW4xi8t23ZQR+D6etYt2OvNrb8wQ9A+/M5GY6Lpx/qfQzWl3nT3sF+73pvuCQt0/S9a/vP17r9zOuOtt10PX/mVd/Ov9nb+2ez9WVO7Fttzuy9n+4Pl9zUYT9NtH0N6faamituzH7aFrbz+X3d91N9e+rLfGH/Co+ng0VRXPjIw42f94Z/X/nz89/+Wsu/u3T6N50LH3n4+zcf+9vVbD8AG99Py7Gl/FrX9C9TK/n3fwAAAGBDiLl/JMxE/gcAAIDKiLk//q/wRP4HAACAyoi5fyzMJJP8v+1Nzy/89EKRmvlLQbw+7YZHyuVix3U2fD61dFX98oe/Mv+jv7ywsnWPFEXxk0d+o+Py2x6J21WaCtt5+c2tly+/4YUVrf/w41eXa+6vfzHcf3w8Kz0MOlVwZ4ui+MYtn2usZ+r9lxrz2UcON+Z7Lj71ZH2ZK/vLz+Ptn3tJufwfhPLvwWNHWm7/XNgP3w1z9u2d90e83VcvvWb73vdeXV+8Xe2uFzYe9tMfKO83/p6czz9ZLh/3c7ft/6vPPvPV+vJPvKrz9l8Y6bz9z4T7/UqYP355uXzzc1D/PN7u02H74/ri7R748jc7bv/lz5TLn3lLudzhMOP67w2f73jL8wvN++uJ2pGWx1W8tVwurn/227/duD7eX7z/9u2fPHSpZX+0Hx/P/nN5PzNty8fL43qiv2hbf/1+mo/PuP5nfutwy37ut/7L73nu5fX7bV///W3Ljbbdvv03Nv3hpz/XcX1xew7+2ZmWx3Pw3eF1HNb/9AfC8Riu/5/Ln2tZb3T43a3vP3H5L2690PJ4orf9sFz/5dcfb8z/mPrR79/0gptfePGV9X1XFN96tLy/fus//kenW7b/S7fd13g+4vWxo9++/m7i+s9+dPrU6cXzC3NNe7Xxu3PeUW7PpsnNW+rbe0t4b23//NDpcx+cPzs1OzVbFFPV/RV61+zLYX6/HBdXe/v7Hg/P5x2/940t9/zTZ+Pl//JYefmlt5dft14dlvt8uHxr+fwt1da4/qfvvK3x+q49W37e0mMfgO07/nPfihYMj7/9+4J4vJ956Qcb+6F+XePrRnxdr3H7vzNX3s/Xw35dCr+Z+a7brq6vefn4uxEuPVq+3te8/8LbXHxe/yQ83+/8bnn/cbvi4/1O+D7mm9ta3+/i8fH1CyPt99/4LR4Xw/tJcbG8Pi4V9/elK7d13Lz4e0iKi7c3Pv+ddD+3r+phdrP4scWZEwunzj8xc25+8dzM4sc+fujk6fOnzh1q/C7PQx/qd/ur709bGu9Pc/N7HixmNxdFcbqYvQFvWNdn++sfrWz7zzx+dG7v7D1z88eOnD927vEz82ePH11cPDo/t3jPkWPH5j/a7/YLcwd27tq/e++u6eMLcwf27d+/e//0wqnT9c0oN6qPPbMfnj519lDjJosHHty/86GHHpydPnl6bv7A3tnZ6fP9bt/42jRdv/WvT5+dP3Hk3MLJ+enFhY/PH9i5f8+eXX1/G+DJM8cWp2bOnj81c35x/uxM+VimzjUurn/t63d7qmnx38rvZ9vVyl/EV7zr/j3p97PWfeWTXe+qXKTtF4g+H34XzT+86My+lXwec/94mEkm+R8AAAByEHP/RJiJ/A8AAACVEXP/pjAT+R8AAAAqI+b+yTCTTPK//r/+/8r6/+X1+v959f/PfKTslW70/n/sz+v/52Gd+/9rXr/+v/5/9fr/K+/Pb/Tt1//X/2e5Yev/x9y/uSiyzP8AAACQg5j7t4SZyP8AAABQGTH33xRmIv8DAABAZcTc/4Iwk0zyv/7/ivr/u/oVrqrf/3f+f/3/YmP2/+OTo/+fjVX379/7WMun+v+B/r/+v/6//r/+P2s23vWa9er/x9x/c5hJJvkfAAAAchBz/wvDTOR/AAAAqIyY+28JM5H/AQAAoDJi7t8aZpJJ/tf/d/5//X/9/979/4mme9qA/f+1nv+/aWP0/zcG5//vTf+/j2vu/0/q/2/E/v/4YLd/uPv/fTdf/5/rYtjO/x9z/4vCTDLJ/wAAAJCDmPtfHGYi/wMAAEBlxNz/kjAT+R8AAAAqI+b+W8NMMsn/+v/6//r/+v+VPv//Wvv/Pc//X36k/z9c9P970//vw/n/8+r/D3j7h7v/P+jz/4+/uf32Xfr/Bwv9/6wNW/8/5v6Xhplkkv8BAAAgBzH33xZmIv8DAABAZcTc/7IwE/kfAAAAKiPm/m1hJpnkf/1//X/9f/1//f/O6+/f/y/p/w8X/f/e9P/70P/X/9f/X1n/v8M3v87/TyfD1v+Puf/2MJNM8j8AAADkIOb+O8JM5H8AAACojJj7/1+YifwPAAAAlRFz//Ywk0zyv/6//r/+f179//sn9P/1/6tN/783/f8+9P/1//X/V3j+/+VW0//f1O/OqIxh6//H3P/yMJNM8j8AAADkIOb+V4SZyP8AAABQGTH3vzLMRP4HAACAyoi5fyrMJJP8r/9frf7/n/71068s9P/1//usv6L9/3gY6P9nTv+/N/3/Pqre/x/pffV69+fXar23X//f+f9p8mj5HdOw9f9j7r8zzCST/A8AAAA5iLn/rjAT+R8AAAAqI+b+u8NM5H8AAACojJj7d4SZVD7/l80H/f9q9f8j/X/9/17rr2j/P9H/z5v+fwdNL1L9/z6q3v/vY73788Ow/TEN5Nv/j9/96v8zGMPW/4+5/1VhJpXP/wAAAJCPmPvvCTOR/wEAAKAyYu5/dZiJ/A8AAACVEXP/vWEmmeR//X/9f/1//X/9/87r1//fmPT/e1tt/39C/1//P7P+v/P/O/8/gzVs/f+Y+18TZpJJ/gcAAIAcxNx/X5iJ/A8AAACVEf//Zvn/XuV/AAAAqKKY+6fDTDLJ/5Xr/48VRaH/r//fpf9f0//X/9f/rzz9/96c/78P/X/9f/1//X8Gatj6/zH3vzbMJJP8DwAAADmIuf+BMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJNM8n/l+v/O/99yO/3/LM//P9bt+NT/1//Pgf5/D8veHXrQ/9f/1/+vRv+/KPT/WVfD1v+PuX9nmEkm+R8AAAByEHP/rjAT+R8AAAAqI+b+3WEm8j8AAABURsz9D4aZZJL/9f/1//X/K9f/d/5//f+s6f/35vz/fej/6/9Xrf/v/P+ss2Hr/8fc/1CYSSb5HwAAAHIQc/+eMBP5HwAAACoj5v69YSYh/3f6f90AAADAxhJz/74wk0z+/V//vyL9/9/8+5Z16//r//dYf7p6bf3/zfr/Yer/D5eK9v/bXxbXTP+/D/1//X/9f/1/BmrY+v8x9+8PM8kk/wMAAEAOYu5/XZiJ/A8AAACVEXP//w8zkf8BAACgMmLu/5kwk0zyv/5/Rfr/bfT/9f97rd/5//X/q6yi/f+BqVT/f0T/X/9/uLZf/1//n+Wuf/8/frSy/n/M/QfCTDLJ/wAAAFAF/X5hbsz9PxtmIv8DAABAZcTc//owE/kfAAAAKiPm/oNhJpnkf/1//X/9f/3/69P/f33Rbhj7//WDR/+/WvT/e6tU/9/5//X/h2z79f/1/1lu2M7/H3P/G8JMMsn/AAAAkIOY+x8OM5H/AQAAoDJi7n9jmIn8DwAAAJURc/+bwkwyyf/6//r/+v/6/87/33n9+v8bk/5/b/r/fej/6//n2v9/Vv+f62PY+v8x9785zCST/A8AAAA5iLn/LWEm8j8AAABURsz9bw0zkf8BAACgMmLuf1uYSSb5X/9f/1//X/9f/7/z+vX/Nyb9/942Qv+/PvX/9f834vZv6P6/8/9znQxb/z/m/p8LM8kk/wMAAEAOYu5/JMxE/gcAAIDKiLn/7WEm8j8AAABURsz97wgzyST/r2//vzZWFPr/+v/6//r/Jf1//f9B0P/vbSP0/53/X/9/o26//r/+P8sNW/8/5v53hplkkv8BAAAgBzH3/3yYifwPAAAAlRFz/7vCTOR/AAAAqIyY+38hzCST/O/8//r/w9X/X7rQfDv9f/3/YlD9//qN9P+zoP/fm/5/Hx36/5v0//X/9f/1/7lmw9b/j7n/3WEmmeR/AAAAyEHM/e8JM5H/AQAAoDJi7n80zET+BwAAgMqIuf+xMJNM8r/+f5b9//SQh6//7/z/+v/O/6//vzb6/73p//fh/P/6//r/+v8M1LD1/2PufzzMJJP8DwAAADmIuf+9YSbyPwAAAFRGzP2/GGYi/wMAAEBlxNz/vjCTTPK//n+W/f8hPv9/1fr/Yy3HR079/8mm5zMdl/r/+v83gP5/bzeg/99yN/r/+v/6/wPs/4ejeXOX2+v/M4yGrf8fc//7w0wyyf8AAACQg5j7fynMRP4HAACAyoi5/5fDTOR/AAAAqIyY+38lzCST/K//r/+v/+/8/87/33n9+v8bk/5/b87/34f+v/7/MPf/+9D/ZxgNW/8/5v5fDTPpGvy+/1+dNqVT/gMAAACGQ8z9HwgzyeTf/wEAACAHMfcfCjOR/wEAAKAyYu4/HGaSSf7X/2/v/8czqur/6//r/+v/6/9vRIPr/7/s5qLQ/9f/1//X/9f/1/9nLYat/x9z/5Ewk0zyPwAAAOQg5v5fCzOR/wEAAKAyYu4/GmYi/wMAAEBlxNw/F2aSSf5fx/7/+HD2/53//1r7/z/R/9f/D4am/7+5KAr9/+w4/39v+v996P/r/+v/6/8zUMPW/4+5fz7MJJP8DwAAABWWfhwcc/+xMBP5HwAAACoj5v7jYSbyPwAAAFRGzP0fDDPJJP87/7/+v/P/r0f/f6xl+XXv//94qZr9f+f/z5L+f2/6/33o/+v/6//r/zNQw9b/j7l/Icwkk/wPAAAAOYi5/0NhJvI/AAAAVEbM/R8OM5H/AQAAoDJi7j8RZpJJ/tf/1//Pvf9fK4qLzv9f0fP/r7T/P9l5/fr/G5P+f2/6/33o/+v/6//r/zNQw9b/j7n/ZJj/x959NNl1VnscPtdXltQj+AYwZsQQRvZHYMqAKqoYk00Otsgmm5yDyTnnZHIOJmdMztFE4ypR7l5rqVt9eu+WeqvP3u/7PFX3LqSSbndft039rfrVWzrZ/wAAANCD3P33iVvsfwAAAGhG7v77xi32PwAAADQjd//94pZO9r/+X//fe/+/2sj7/3t/vf5/h/f/9f9T2Nffn1j/6w6Kwg/s/+98l6vuqf/X/+v/B+n/9f/6f843t/4/d//945ZO9j8AAAD0IHf/A+IW+x8AAACakbv/gXGL/Q8AAADNyN1/VdzSyf7X/8+h/z/3Gej/9f8b7/9v0P/r/5fN+//D9P8j9P/6/yP3/yf0//p/dplb/5+7/0FxSyf7HwAAAHqQu//BcYv9DwAAAM3I3f+QuMX+BwAAgGbk7n9o3NLJ/tf/z6H/9/6//v8w/f9J7/+f9/Xo//X/6+z091v5Q/3/efT/I/T/+n/v/+v/mdTc+v/c/Q+LWzrZ/wAAANCD3P0Pj1vsfwAAAGhG7v5HxC32PwAAADQjd/8j45ZO9r/+X/+v/19K/39M7//r//X/C3f96tw/E/T/++n/R4z0/6uV/n/Iofv59V/ecj7/A+j/9f/sN7f+P3f/o+KWK1erkxf7RQIAAACzkrv/0XFLJ3/+DwAAAD3I3X913GL/AwAAQDNy918Tt3Sy//X/+n/9/6H6//wS9f+76P936P/n5aj9vf4/HNj/3+n2975Xv/2/9/+Hef9/6v7/tu8M/T/LNrf+P3f/mbilk/0PAAAAPcjd/5i4xf4HAACAZuTuf2zcYv8DAABAM3L3Py5u6WT/6/9b6///f8/v29X/b9cu+n/v/+v/9f+t0/8P8/7/iO1/zG3VD/X/+n/v/+v/OZq59f+5+x8ft3Sy/wEAAKAHufufELfY/wAAANCM3P1PjFvsfwAAAGhG7v4nxS2d7H/9f2v9/97f5/1//f+6j6//1/+3TP8/TP8/opX3/y/yu2bT/fxRbfrz1//r/9lvbv1/7v5r45ZO9j8AAAD0IHf/k+MW+x8AAACakbv/KXGL/Q8AAADNyN3/1Lilk/2v/9f/L6P/z4+g/9f/X/r+P+n/l0n/P0z/P6KV/v8ibbqfX/rnP9j/b41//vp/WjS3/j93/9Pilk72PwAAAPQgd//Td+496l8T2/8AAADQjNj9q2fELfY/AAAANCN3/zPjlk72v/5f/7+M/t/7//p/7//r/w9H/z9M/z9C/6//9/6//p9Jza3/z91/XdzSyf4HAACAHuTuf1bcYv8DAABAM3L3Pztusf8BAACgGbn7nxO3dLL/9f/6f/2//l//v/7j6/+XSf8/TP8/Qv+v/9f/H9j/H5xl79D/s86M+v9dv+v06rlxSyf7HwAAAHqQu/95cYv9DwAAAM3I3f/8uMX+BwAAgGbk7n9B3NLJ/tf/z6b/38752ur/t1arlf5/1Wn/v7Xrr2d9X+r/9f/HQP8/TP8/Qv+v/9f/e/+fSc2o/9/+ce7+F8Ytnex/AAAA6EHu/hfFLfY/AAAANCN3/4vjFvsfAAAAmpG7/yVxSyf7X/8/m/5/W1v9//G8/39C/z/L/t/7//vp/4+H/n+Y/n+E/l//r//X/zOpufX/uftfGjedvPyiv0QAAABgZnL3vyxu6eTP/wEAAKAHuftfHrfY/wAAALBQ1+37mdz9r4hbOtn/+v9p+/+Tu35O/388/b/3//X/+n920/8P0/+P0P/r//X/+n8mNbf+P3f/K+OWTvY/AAAA9CB3//Vxi/0PAAAAzcjd/6q4xf4HAACAZuTuf3Xc0sn+1/97/1//r//X/6//+Pr/ZdL/D7vk/X/8A1H/r/9f18/fOvH383F//mMm6P9PnfuP+n/acAH9/9mzZ6++5P1/7v7XxC2d7H8AAADoQe7+18Yt9j8AAAA0I3f/6+IW+x8AAACakbv/9XFLJ/tf/99p/5/f6svq/69ZrfT/vfX/J/T/+v8LpP8f5v3/Efp/7/97/1//z6Qmef9/5x+Sk/T/ufvfELd0sv8BAACgB7n73xi32P8AAADQjNz9b4pb7H8AAABoRu7+N8ctnex//X+n/b/3//X/C+n/V+30/7es9P/HYhH9/9bBH3/u/f8Z/b/+f0B3/f/d7rrnh/p//T/7TdL/x2/Z/t9H7P9z978lbulk/wMAAEAPcve/NW6x/wEAAKAZufvfFrfY/wAAANCM3P1vj5tOdLL/9f/6f/2//l//v/7jH/P7/ydXq5X+fwKL6P8HzL3/n+b9//P/Lj9H/6//X/Lnr//X/7Pf3Pr/3P3viFs62f8AAADQg9z974xb7H8AAABoRu7+d8Ut9j8AAAA0I3f/u+OWTva//l//r//X/zff/59ZRP/v/f+JHG//f0b/3+P7/1fq/w+i/9f/6/85rE31/7n73xO3dLL/AQAAoAe5+98bt9j/AAAA0Izc/e+LW+x/AAAAaEbu/vfHLZ3sf/2//v9C+v/8PPX/bfX/p2bX/5/e83+vk/f/9f8T8f7/MP3/CO//6//1/9fp/5nS3N7/z93/gbilk/0PAAAAPcjd/8G49a9u7X8AAABoRu7+D8Ut9j8AAAA0I3f/h+OWTva//l//7/1//X/z7//r/7ui/x+m/x+h/9f/6/+9/8+k5tb/5+7/SNzSyf4HAACAHuTu/2jcYv8DAABAM3L3fyxusf8BAACgGbn7b4hbOtn/+n/9v/5f/6//3/lrqP9vg/5/2PH0/1v6f/1/9fP/F38X6P/1/2O/nzbNrf/P3f/xuKWT/Q8AAAA9yN3/ibjF/gcAAIBm5O7/ZNxi/wMAAMAinVjzc7n7PxW3dLL/9f/6f/2//l//v/7j6/+XaSP9f35T6P+9/x/66f/vuOdHS3v///z//tL/6/+Z3tz6/9z9n45bOtn/AAAA0IPc/Z+JW+x/AAAAaEbu/s/GLfY/AAAANCN3/+filk72v/5f/6//1//r/9d/fP3/Mnn/f5j+f4T+f6Pv5y/188//PtD/6//Zb279f+7+z8ctnex/AAAA6EHu/i/ELfY/AAAANCN3/xfjFvsfAAAAmrG9+zMu63D/6//1//p//b/+f/3H1/8vk/5/mP5/hP5f/+/9f/0/kzqu/v/0eT8+qP//0mrnV395tepy/wMAAEAPcvd/JW6x/wEAAKAZufu/GrfY/wAAANCM3P1fi1s62f/6f/3/Mvr/s2fPXq3/1//v/XrO9f836f8p+v9h+v8R+n/9v/5f/8+k5vb+f+7+G+OWTvY/AAAA9CB3/9fjFvsfAAAAmpG7/xtxi/0PAAAAzcjd/824pZP9r/+fQf9/Wv/v/X/9/2qW7//v+dbU/y+E/n+Y/n9Ei/3/6cN/+Zvu549q05+//l//z35z6/9z938rbulk/wMAAEAPcvd/O26x/wEAAKAZufu/E7fY/wAAANCM3P3fjVs62f/6/+Pr/2/7/10v7/9vrdZ//vp//f+y+n/v/y+R/n+Y/n9Ei/3/Bdh0P7/0z1//r/9nv7n1/7n7vxe37B1+l1/YVwkAAADMSe7+78ctnfz5PwAAAPQgd/8P4hb7HwAAAJqRu/+HcUsn+1//P4P3/xvs/73/v/77Q/8/6/7/Mv1/G/T/w/T/I5bd/994QV/rGpvu55f++ev/d/f/+d2s/+/d3Pr/3P0/ils62f8AAADQg9z9P45b7H8AAABoRu7+n8Qt9j8AAAA0I3f/TXHLrv2/ru1uhf5f/6//1//r/9d/fP3/Mun/hx22/z+1Olr/n/T/3v/X//fa/3v/nx1z6/9z9/80bvHn/wAAALA4lx/w87n7fxa32P8AAADQjNz9P49b7H8AAABoRu7+X8QtN1+2qU/pWOn/9f/6f/2//n/9x9f/L5P+f9h2/3/+32TreP9f/3/x/fwV+v82+v/VSv/P0c2t/8/d/8u4xZ//AwAAQDNy9/8qbrH/AQAAoBm5+38dt9j/AAAA0Izc/b+JWzrZ//p//f8R+//tNFP/v0P/v0P/v57+/3jo/4cd9v1//b/+3/v/+n/v/zOFufX/uft/G7d0sv8BAACgB7n7fxe32P8AAACwBHc4zC/K3f/7uMX+BwAAgGbk7v9D3NLJ/t9Y/39653/0/4vv/73/r//X/+v/Z0X/P0z/P0L/r//X/+v/mdTc+v/c/X+MWzrZ/wAAANCD3P1/ilvsfwAAAGhG7v4/xy32PwAAADQjd/9f4pZO9r/3//X/+n/9v/5//cefpP8/ce4/6v+Ph/5/mP5/vfoLpf/X/+v/9f9Mam79f+7+v8Ytnex/AAAA6EHu/r/FLfY/AAAANCN3/81xi/0PAAAAzcjd//e4pZP9r//X/+v/9f/6//Uf3/v/y6T/H7bJ/v/utxv/sN7/33j/n5+C/l//r/9nEnPr/3P3/yNu6WT/AwAAQA9y9/8zbrH/AQAAoBm5+/8Vt9j/AAAA0Izc/f+OWzrZ/yP9/6n6hfr/Qfr/vZ+//n/994f+v/r/a+On9P/6/8np/4d5/3+E/t/7//p//T+Tmlv/n7v/P3FLJ/sfAAAAepC7/5a4xf4HAACAZuTu/2/cYv8DAABAM3L33xq3dLL/vf+/pP7/Cv2//r+V/t/7//r/S0b/P0z/P0L/r//X/+v/mdTc+v/c/f8LAAD//xlbQ+4=")
ftruncate(0xffffffffffffffff, 0x8000000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000})

10.265731698s ago: executing program 1:
r0 = syz_open_dev$video(0x0, 0x0, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc0585611, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x60}}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f00000000c0)=0x7, 0x4)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socket$inet(0x2, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)

9.425753719s ago: executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000ec0)=[@in={0x2, 0x0, @loopback}], 0x10)

8.987825813s ago: executing program 0:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'rose0\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @tcp_ip6_spec={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x0, @remote}, @esp_ip4_spec={@multicast1, @broadcast}, {0x0, @random="438d39bbc445"}}}})
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x20000600}}, 0x0)
sendmsg$sock(r0, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f00000008c0)=[@timestamping={{0x14}}], 0x18}, 0x0)
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="003b09b765b040ae4b42889f00ae139228801d870b08000000c7000000d5000000000000", @ANYRES8], 0x1, 0x19c, &(0x7f0000000280)="$eJzs0L9rE2Ecx/H397knv4QqQXGoYA8snheqSa7q4BScIuTAwcUhaEhjU0zU9DLY0kIXKUi1/4JOdVRBJ3FyLm4Oci7dpDcUB3GQyCVPBP8Gn9dwH75fjufh+XSjQZQDfh9ttKkx5nCczwgamJPJTqlJvjfzd5O7k+C6mXdMvjI5G62t32/1ep1V95pL8Z8F8MOlqPm7it5wWpEINeTL0Ua7JXdDRjX6aimk2KD0DKfJwH/OrJ7h1B0cRt4ONxQD8RpwojzsPypHa+sXV/qt5c5y50EQLF6tXK5UrgTleyu9TuUd4j8VxQs28UNyIQV/k0yTJ/v6GAuC+F0VO1JKcJvs7jsXzi0kKP+QkWjwEnIiXVfd4jz5QvrCOieFlzgh8w0KCs34ojpyU73NA/pnRpHfcpxL7Ye9pe3bSn5l92pymJfqARmvSlCqsphWM258O2Y+ph6zF3PwjTn5kNY27VVvpd/XZjrDWcjyuDUcrlaz8El0SOCFBEWYwfxFIz3ho5mmy6+SxbIsy7Isy7Isy/pf/AkAAP//4nFfBQ==")
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = syz_io_uring_complete(0x0)
write$cgroup_subtree(r2, &(0x7f0000000440)={[{0x2b, 'cpuacct'}, {0x2d, 'memory'}, {0x2d, 'net'}, {0x2b, 'net_cls'}, {0x0, 'rdma'}, {0x2b, 'pids'}, {0x2b, 'freezer'}, {0x2d, 'memory'}, {0x2d, 'net'}, {0x2d, 'rlimit'}]}, 0x49)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r3=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)

8.939816797s ago: executing program 4:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)

8.814984417s ago: executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="0100"])
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r3, 0xc048aeca, &(0x7f0000005580)={{0x0, 0x0, 0x80}})

8.416103891s ago: executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
ioctl$SNDCTL_SEQ_RESET(r1, 0x5100)

8.121302694s ago: executing program 1:
r0 = openat$sequencer(0xffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
fcntl$notify(r0, 0x402, 0xb)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xf, &(0x7f0000000080)=@ringbuf, 0x0}, 0x90)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

7.580579587s ago: executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x8870)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bbfe8000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x7})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.559676928s ago: executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000000a4f1c0000000000000000020000000900010073797a300000000008000240000000020900010073797a310000000014000000110001"], 0x5c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x58}}, 0x0)

7.103435944s ago: executing program 2:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x65c}, {@broadcast}, {@multicast1}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

6.633751617s ago: executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000007020608000000000000"], &(0x7f0000000080)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="0503d6fcd3fc03000000478803", 0xd, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)

6.426492561s ago: executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000c80)=@abs={0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000001100)=[{{&(0x7f0000000740)=@xdp, 0x80, &(0x7f00000025c0)=[{&(0x7f00000007c0)=""/65, 0x41}, {&(0x7f00000008c0)=""/175, 0xaf}, {&(0x7f0000000980)=""/179, 0xb3}, {&(0x7f0000000a40)=""/165, 0xa5}, {&(0x7f0000000b00)=""/158, 0x9e}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/9, 0x9}, {&(0x7f0000000bc0)=""/135, 0x87}, {&(0x7f0000001180)=""/145, 0x91}, {&(0x7f0000001240)=""/149, 0x95}, {&(0x7f00000026c0)=""/167, 0xa7}, {&(0x7f00000013c0)=""/226, 0xe2}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/210, 0xd2}], 0xe, &(0x7f0000000d00)=""/98, 0x62}, 0x7fffffff}, {{&(0x7f0000000d80), 0x80, &(0x7f0000001000)=[{&(0x7f0000000840)=""/40, 0x28}, {&(0x7f0000002780)=""/226, 0xe2}, {&(0x7f0000000f00)=""/90, 0x5a}, {&(0x7f0000000f80)=""/119, 0x77}], 0x4, &(0x7f0000001040)=""/162, 0xa2}, 0x9}], 0x2, 0x100, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x0, 0x3)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', <r4=>0x0, 0x2f, 0x3f, 0x40, 0x900, 0x76, @loopback, @loopback, 0x7, 0x8000, 0xff, 0x836}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYRES32], &(0x7f0000000340)='GPL\x00', 0x0, 0xfffffffffffffed0, 0x0, 0x40f00, 0x0, '\x00', r4, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8002, 0x1}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0xb, 0x6}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r7 = creat(&(0x7f0000000100)='./bus\x00', 0x120)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7fffffff})
ioctl$EXT4_IOC_GET_ES_CACHE(r7, 0xc020662a, &(0x7f0000000140)={0x56, 0xfffffffffffff000, 0x5})
ioctl$LOOP_GET_STATUS64(r6, 0x1267, &(0x7f0000000080))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0)
unshare(0x8000000)

6.286655153s ago: executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000ec0)=[@in={0x2, 0x0, @loopback}], 0x10)

5.925731557s ago: executing program 1:
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x9, 0x400, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_writepages_result\x00'}, 0x7be67eb5fec52510)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000300)={0xfffffffffffffebd, 0x0})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r3, 0x0, 0x6, 0x0, 0x0)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
openat$autofs(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
sendmmsg(r3, &(0x7f0000007fc0), 0x2d, 0x4)
r4 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x4)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000000), 0x6, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8afToi3vrmpz/78W++/dYfvvb+35b+cfOHaVq3s/FedQxDu/RSjJ9YvjzS35tiq0IAAB4Hz0bEMxHxYkR8JcoxFmduRgMAAACPoeY3Jq51mgAAAMDlVIiIiUgKlex634koFCqV9jW8X4gnC7X6buOra/W97dV0LGIySoW1jVp1NrtWeDJKSbo812o/WH61a3k+uwb3w/L1dLk1BgAAAIzGYtf+/6fl9v4/AAAAcMn0Phk/NvI8AAAAgIvjYnwAAAC4/Oz/AwAAwKX23XfeSafm/aN7rfsArL63v7dZf+/WanV3s7K1t1JZqe/cqazX6+u1amWA/wio1et3XovtvbszjeJuY2Z3/2Bpq7633Vhq3dd7qfrMCGoCAAAATnr6hY/+kkTE4devt6bUE9lYKdfMgEdIUuzquP3lnDIBhuLcH/IztXcxiQAj1/03Hbg67OMDSXdH14bBeL9NhT92d9z4v7FscwAAQD6mv+j8P1xVhbwTAHLzk7wTAHIz8LH4qYvNAxi9ktv8wZV36vx/l/F+A6fO//fTbJ4rIQAAYOgm2rPDyM4FTkShUKl8dlowWduoVWcj4vMR8edy6Vq6PJdjvgAAAAAAAAAAAAAAAAAAAAAAAADwOGo2k2gCAAAAl1pE4e9Jdv+v6fLLE93HB55I/lNuzSPi/V+++/O7y43Gzlza/6/P+hu/yPpfzeMIBgAAAFxFpTNHO/vpnf14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABim+0f3VjrTKON+shjXY7JX/GKMt+bjUYqIJ/+dRPHY45KIGBtC/MMPIuK5XvGTNK2YzLLojl+IiOs5x39qCPHhKvtoMSLe7vX+K8RUa977/VfMpof1yWLrTd4zfmf9N9Zn/fe5AWM8//HvZvrG/yDi+WLv9U8nftIn/ksDxr/9/YODfmPNX0dM9/z7k7RnhewbG1t3Znb3D25tbC2vV9er2/Pzc28svLnw+sLszNpGrZp97Rnjp1/6/eGHfetvBzgev1PnZDvDH/Wr/+UB6//vx3ePnm03S6fjR9x8qffP/7nWvPfrn/5OvJK9POn4dKd92G4fd+O3f7rRL7c0/mqf17/98y83H8Qvnqj/5mDlH6/5V4M9BAC4SLv7B5vLtVp1ZwSNF18b3hMmrUa6FTSi5PNudA52PCr5jOcT/VrkW/u3Hvp5OpvDD/M8fx1aXek+Q++hHFdKAADAhXiw0Z93JgAAAAAAAAAAAAAAAAAAAHB1tf7/f+ycHwT4wvk+aaw75mE+pQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOl/AQAA//9DhsFC")
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="07e91adbd9881407dfc78e66663d", @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',default_permissions,\x00'])
mount$bind(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0)

5.397239722s ago: executing program 2:
r0 = syz_open_dev$video(0x0, 0x0, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc0585611, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x60}}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, &(0x7f00000000c0)=0x7, 0x4)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)

5.275736734s ago: executing program 0:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'rose0\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @tcp_ip6_spec={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x0, @remote}, @esp_ip4_spec={@multicast1, @broadcast}, {0x0, @random="438d39bbc445"}}}})
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x20000600}}, 0x0)
sendmsg$sock(r0, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f00000008c0)=[@timestamping={{0x14}}], 0x18}, 0x0)
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="003b09b765b040ae4b42889f00ae139228801d870b08000000c7000000d5000000000000", @ANYRES8], 0x1, 0x19c, &(0x7f0000000280)="$eJzs0L9rE2Ecx/H397knv4QqQXGoYA8snheqSa7q4BScIuTAwcUhaEhjU0zU9DLY0kIXKUi1/4JOdVRBJ3FyLm4Oci7dpDcUB3GQyCVPBP8Gn9dwH75fjufh+XSjQZQDfh9ttKkx5nCczwgamJPJTqlJvjfzd5O7k+C6mXdMvjI5G62t32/1ep1V95pL8Z8F8MOlqPm7it5wWpEINeTL0Ua7JXdDRjX6aimk2KD0DKfJwH/OrJ7h1B0cRt4ONxQD8RpwojzsPypHa+sXV/qt5c5y50EQLF6tXK5UrgTleyu9TuUd4j8VxQs28UNyIQV/k0yTJ/v6GAuC+F0VO1JKcJvs7jsXzi0kKP+QkWjwEnIiXVfd4jz5QvrCOieFlzgh8w0KCs34ojpyU73NA/pnRpHfcpxL7Ye9pe3bSn5l92pymJfqARmvSlCqsphWM258O2Y+ph6zF3PwjTn5kNY27VVvpd/XZjrDWcjyuDUcrlaz8El0SOCFBEWYwfxFIz3ho5mmy6+SxbIsy7Isy7Isy/pf/AkAAP//4nFfBQ==")
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = syz_io_uring_complete(0x0)
write$cgroup_subtree(r2, &(0x7f0000000440)={[{0x2b, 'cpuacct'}, {0x2d, 'memory'}, {0x2d, 'net'}, {0x2b, 'net_cls'}, {0x0, 'rdma'}, {0x2b, 'pids'}, {0x2b, 'freezer'}, {0x2d, 'memory'}, {0x2d, 'net'}, {0x2d, 'rlimit'}]}, 0x49)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r3=>0x0})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)

5.248397326s ago: executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="0100"])
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r3, 0xc048aeca, &(0x7f0000005580)={{0x0, 0x0, 0x80}})

5.217644479s ago: executing program 4:
r0 = openat$sequencer(0xffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
fcntl$notify(r0, 0x402, 0xb)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xf, &(0x7f0000000080)=@ringbuf, 0x0}, 0x90)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

4.470965203s ago: executing program 4:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x30, 0x4, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x65c}, {@broadcast}, {@empty}, {@private}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.345579957s ago: executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000000a4f1c0000000000000000020000000900010073797a300000000008000240000000020900010073797a310000000014000000110001"], 0x5c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x58}}, 0x0)

4.325830414s ago: executing program 2:
bpf$PROG_LOAD(0x5, 0x0, 0x8870)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bbfe8000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x7})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.320929124s ago: executing program 0:
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f0000000080)=ANY=[@ANYBLOB="75737271756f74612c696f636861727365743d69736f383835392d352c696f636861727365743d6575632d6a702c696e746567726974792c71756f74612c6e6f71756f74612c71756f7461006572726f72733d636f6e74696e75652c756d61736b3d3078303030303030303030303030303038312c75737271756f74612c06000000756f74612c756d61736b3d3078303030303030303030303030303030312c67727071756f74612c756d61736b3d3078303030303030303030303032303034352c726f6f74636f6e746578743d7379752c646566636f6e746578743d73797361646d5f752c66736e616d653d003f0000587d5b2d292b2c00a9c1a30bc3207997b7f4e9447ee50b7a7e32bbde0fc9243970c38a6cb5080b2f024c8fa61254ca59336acbf090ea35b6e7e44f4af2c218e937a7689e5f17975998f3ff7c1c7b896131aaf5097320e70b9b3c7424cb12be8a69b44da8d201000000abf6813950c019ae80f2a89a067e768d0c305f77357aaccfbf7dc0503768aaa6b8940e1ccbc41e021e0cf63c2d1c991852b2b84c2d677f2898bde305ce8fa91a7c14e01f5f066af16ae8fa48cdee8bf24677ab469a4f18d640cc"], 0xfe, 0x6233, &(0x7f0000000280)="$eJzs3c9vHGf9B/DP/vSPfttaPVT9Rgi5aflRSpM4KSFQIO0BDlx6QLmiRK5bRaSAkoDSyiKufOHAib8AhMQRIY6IA39AD1y5ceJEJBsJ1BODxn6eeHay23WwvbPxvF6SM/OZZ9b7jN87+yMzs08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPHd73xvrRMR13+aFqxE/F/0IroRS2W9GhFLqyt5/X5EvBB7zfF8RAwWIsrb7/3zbMTrEfHxMxE7u5vr5eKLh+zHt3//1998/6m3//K7wfl//+Fu741J692794t//fH+0bYZAAAA2qYoiqKTPuafSZ/vu013CgCYifz6XyR5+amvf/n3t/80T/1Rq9VqtXoGdVUx3v1qERFb1duU7xkcjgeAJ8xWfNJ0F2iQ/FutHxFPNd0JYK51mu4AJ2Jnd3O9k/LtVF8PVvfb87kgI/lvdR5e3zFpOk39HJNZPb62oxfPTejP0oz6ME9y/t16/tf324dpvZPOf1Ym5T/cv/SpdXL+vXr+Nacn/+7Y/Nsq599/rPx78gcAAAAAgDmW//9/peHjvwtH35RD+bTjv6sz6gMAAAAAAAAAHLejjv/3kPH/AAAAYG6Vn9VLv3rmYNmk72Irl1/rRDxdWx9omXSxzHLT/QAAAAAAAAAAAACANunvn8N7rRMxiIinl5eLoih/qur14zrq7Z90bd9+aLOmn+QBAGDfx8/UruXvRCxGxLX0XX+D5eXlolhcWi6Wi6WF/H52uLBYLFU+1+ZpuWxheIg3xP1hUf6yxcrtqqZ9Xp7WXv995X0Ni94hOnZMBumvOaG5obABINl/NdrxinTKFMWzk958wAj7/ym0EitNP66Yf00/TAEAAICTVxRF0Ulf530mHfPvNt0pAGAm8ut//bjAkeruhPaI4/n9c1sPYr76o1ar1Wr1aF1VjHe/WkTEVvU25XsGw/EDwBNmKz5pugs0SP6t1o+IF5ruBDDXOk13gBOxs7u53kn5dqqvB2l893wuyEj+W5292+Xbj5tOUz/HZFaPr+3oxXMT+vP8jPowT3L+3Xr+1/fbh2m9k85/ViblP9y7ZK59cv69ev41pyf/7tj82yrn33+s/HvyBwAAAACAOZb//3/F8d+9Tb46o34AAAAAAAAAwHHa2d1cz9e95uP/nxmznus/T6ecf+dx819K8/J/ouX8u7X8v1hbr1eZf/DWwf7/z93N9d/e/cf/5+lh81/IM530yOqkR0Qn3VOnn6ZH2bpHbQ96w/KeBp1ur5/O+SkG78bNuBUbcWFk3W76exy0r420lz0djLRfHGnvP9J+aaR9kL53oFjK7ediPX4Ut+KdvfaybWHK9i9OaS+mtOf8e57/Wynn36/8lPkvp/ZObVp68FH3kf2+Oh13P2/e/OzPL5z85ky1Hb2H21ZVbt/ZBvqz9zd5ahg/ubNx+9y9G3fv3l6LNBlZejHS5Jjl/Ad7PwsHz/8v7bfn5/3q/vrgo+Fj5z8vtqM/Mf+XKvPl9r4y4741Iec/TD85/3dS+/j9/0nOf/L+/2oD/QEAAAAAAAAAAAAAAIBPUxTF3iWib0bE5XT9T1PXZgIAs5Vf/4skL1er1Wq1Wn366qpivKvVIiL+XL1N+Z7hZ+N+GQAwz/4TEX9ruhM0Rv4tlr/vr5y+3HRngJm688GHP7hx69bG7TtN9wQAAAAAAAAA+F/l8T9XK+M/vxwRK7X1RsZ/fStWjzr+Zz/PPBxg9JgH+p5guzvsdSvDjb8Ye+Nzn5s0/vfZeHT87zwmbq+6HRMMprQPp7QvTGlfHLv0IK2xF3pU5PxfrIx3XuZ/pjb8ehvGf62Ped8GOf+zlcdzmf8XautV8y9+PXf5bx12xe3ojuR//u77Pz5/54MPX7v5/o33Nt7b+OGltbULly5fvnLlyvl3b97auLD/78n0eg7k/PPY184DbZecf85c/u2S8/9cquXfLjn/z6da/u2S88/v9+TfLjn//NlH/u2S838l1fJvl5z/l1It/3bZ2d1cKPN/NdXyb5e8/3851fJvl5z/a6mWf7vk/M+lWv7tkvM/n+pD5O/r4U+RnH8+wmX/b5ec/1qq5d8uOf+LqZZ/u+T8L6Va/u2S83891fJvl5z/V1It/3bJ+V9OtfzbJef/1VTLv11y/ldSLf92yfl/LdXyb5ec/9dTLf92yfm/kWr5t0vO/xupln+75Py/mWr5t0vO/1upln+75Pyvplr+7XLw/f9mzJgxk2eafmYCAAAAAAAAAAAAAOpmcTpx09sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8F924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYW9e42R66zvB35mb147hBgIwcnfwCYxISRLdm0nvvCviwnXBiiFJBR6wXa9a7PgG167BIpk00CJhFFRRdX0RVtAqI1UVVgVL2hFaV5Uvbwq7Qv6pqKqhNSoCsigIpWKstXMeZ7HM7Nz2fWOvbPn+Xwk+7c7c2bOmTNnZve79ncPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECzO984/5laURT1P42/thbFC+ofb57a2rjsdeu9hQAAAMBa/W/j7yu3pAsOruBGTcv83Sv+8WtLS0tLxftGf3f8C0tL6YqpohjfVBSN66LL//7+WvMywZPFZG2k6fORPqsf7XP9WJ/rx/tcP9Hn+k19rp/sc/2yHbDM5vLnMY0729H4cGu5S4tbi/HGdTs63OrJ2qaRkfiznIZa4zZL48eKheJEMV/MtixfLltrLP+NO+vrelsR1zXStK7t9SPkB584GrehFvbxjpZ1Xb3P6HtvKKZ++INPHP3jc8/f3mn23Q0t91du57131bfzU+GScltrxaa0T+J2jjRt5/YOz8loy3bWGrerf9y+nVdWuJ2jVzfzhmp/zieLkcbH32rsp7HmH+ul/bQ9XPbfdxdFcfHqZrcvs2xdxUixpeWSkavPz2R5RNbvo34ovbgYW9VxeucKjtP6nNvRepy2vybi839nuN1Yl21ofpq+98mJZc/7ao/TqP6ou71W2o/BQb9WhuUYjMfFtxoP+qmOx+CO8Pg/cU/3Y7DjsdPhGEyPu+kYvKvfMTgyMdrY5vQk1Bq3uXoM7mxZfrSxplpjPndP72Nw5tzJMzOLH/v4axdOHjk+f3z+1O6dO2d379mzb9++mWMLJ+Zny7+vcW8Pvy3FSHoN3BX2XXwNvLpt2eZDdelLg3sdTvZ4HW5tW3bQr8Ox9gdXuzEvyOXHdPnaeKy+0ycvjRRdXmON5+e+tb8O0+Nueh2ONb0OO35N6fA6HFvB67C+zJn7VvY9y1jTn07bcL2+FmxtOgbbvx9pPwYH/f3IsByDk+G4+Nf7un8t2B6296np1X4/MrrsGEwPN7z31C9J3+9P7muMTsflHfUrbpoozi/On33giSPnzp3dWYRxQ7yk6VhpP163ND2mYtnxOrLq4/XgwiueuqPD5VvDvpp8bf2vya7PVX2ZBx/o/Vw1vrp13p8tl+4qwhiwG70/O301r+/PlCV77M/6Mp+aWfv34imXNr3/jnd5/425/6fl+tJdPTk6Pla+fkfT3hlveT9ufarGGu9dtca6r8ys7P14PPy50e/Ht/Z4P97Wtuyg34/H2x9cfD+u9ftpx9q0P5+T4Tg5Mdv7/bi+zLZdqz0mx3q+H98dZi3s/9eEpJByUdOx0+24TesaGxsPj2ssrqH1ON3dsvx4yGb1dT2z69qO03vvLu9rND26q27UcTrVtuygj9P0ftXtOK31++nbtWl/PifDcXHr7t7HaX2ZZx9c+3vn5vhh03vnROMYvNL9fsZHJ+rbPJ4OwvL9fmlzPAYfKI4Wp4sTxVzj2onG8VRrrGv6oZUdgxPhz41+r9zW4xi8t23ZQR+D6etYt2OvNrb8wQ9A+/M5GY6Lpx/qfQzWl3nT3sF+73pvuCQt0/S9a/vP17r9zOuOtt10PX/mVd/Ov9nb+2ez9WVO7Fttzuy9n+4Pl9zUYT9NtH0N6faamituzH7aFrbz+X3d91N9e+rLfGH/Co+ng0VRXPjIw42f94Z/X/nz89/+Wsu/u3T6N50LH3n4+zcf+9vVbD8AG99Py7Gl/FrX9C9TK/n3fwAAAGBDiLl/JMxE/gcAAIDKiLk//q/wRP4HAACAyoi5fyzMJJP8v+1Nzy/89EKRmvlLQbw+7YZHyuVix3U2fD61dFX98oe/Mv+jv7ywsnWPFEXxk0d+o+Py2x6J21WaCtt5+c2tly+/4YUVrf/w41eXa+6vfzHcf3w8Kz0MOlVwZ4ui+MYtn2usZ+r9lxrz2UcON+Z7Lj71ZH2ZK/vLz+Ptn3tJufwfhPLvwWNHWm7/XNgP3w1z9u2d90e83VcvvWb73vdeXV+8Xe2uFzYe9tMfKO83/p6czz9ZLh/3c7ft/6vPPvPV+vJPvKrz9l8Y6bz9z4T7/UqYP355uXzzc1D/PN7u02H74/ri7R748jc7bv/lz5TLn3lLudzhMOP67w2f73jL8wvN++uJ2pGWx1W8tVwurn/227/duD7eX7z/9u2fPHSpZX+0Hx/P/nN5PzNty8fL43qiv2hbf/1+mo/PuP5nfutwy37ut/7L73nu5fX7bV///W3Ljbbdvv03Nv3hpz/XcX1xew7+2ZmWx3Pw3eF1HNb/9AfC8Riu/5/Ln2tZb3T43a3vP3H5L2690PJ4orf9sFz/5dcfb8z/mPrR79/0gptfePGV9X1XFN96tLy/fus//kenW7b/S7fd13g+4vWxo9++/m7i+s9+dPrU6cXzC3NNe7Xxu3PeUW7PpsnNW+rbe0t4b23//NDpcx+cPzs1OzVbFFPV/RV61+zLYX6/HBdXe/v7Hg/P5x2/940t9/zTZ+Pl//JYefmlt5dft14dlvt8uHxr+fwt1da4/qfvvK3x+q49W37e0mMfgO07/nPfihYMj7/9+4J4vJ956Qcb+6F+XePrRnxdr3H7vzNX3s/Xw35dCr+Z+a7brq6vefn4uxEuPVq+3te8/8LbXHxe/yQ83+/8bnn/cbvi4/1O+D7mm9ta3+/i8fH1CyPt99/4LR4Xw/tJcbG8Pi4V9/elK7d13Lz4e0iKi7c3Pv+ddD+3r+phdrP4scWZEwunzj8xc25+8dzM4sc+fujk6fOnzh1q/C7PQx/qd/ur709bGu9Pc/N7HixmNxdFcbqYvQFvWNdn++sfrWz7zzx+dG7v7D1z88eOnD927vEz82ePH11cPDo/t3jPkWPH5j/a7/YLcwd27tq/e++u6eMLcwf27d+/e//0wqnT9c0oN6qPPbMfnj519lDjJosHHty/86GHHpydPnl6bv7A3tnZ6fP9bt/42jRdv/WvT5+dP3Hk3MLJ+enFhY/PH9i5f8+eXX1/G+DJM8cWp2bOnj81c35x/uxM+VimzjUurn/t63d7qmnx38rvZ9vVyl/EV7zr/j3p97PWfeWTXe+qXKTtF4g+H34XzT+86My+lXwec/94mEkm+R8AAAByEHP/RJiJ/A8AAACVEXP/pjAT+R8AAAAqI+b+yTCTTPK//r/+/8r6/+X1+v959f/PfKTslW70/n/sz+v/52Gd+/9rXr/+v/5/9fr/K+/Pb/Tt1//X/2e5Yev/x9y/uSiyzP8AAACQg5j7t4SZyP8AAABQGTH33xRmIv8DAABAZcTc/4Iwk0zyv/7/ivr/u/oVrqrf/3f+f/3/YmP2/+OTo/+fjVX379/7WMun+v+B/r/+v/6//r/+P2s23vWa9er/x9x/c5hJJvkfAAAAchBz/wvDTOR/AAAAqIyY+28JM5H/AQAAoDJi7t8aZpJJ/tf/d/5//X/9/979/4mme9qA/f+1nv+/aWP0/zcG5//vTf+/j2vu/0/q/2/E/v/4YLd/uPv/fTdf/5/rYtjO/x9z/4vCTDLJ/wAAAJCDmPtfHGYi/wMAAEBlxNz/kjAT+R8AAAAqI+b+W8NMMsn/+v/6//r/+v+VPv//Wvv/Pc//X36k/z9c9P970//vw/n/8+r/D3j7h7v/P+jz/4+/uf32Xfr/Bwv9/6wNW/8/5v6Xhplkkv8BAAAgBzH33xZmIv8DAABAZcTc/7IwE/kfAAAAKiPm/m1hJpnkf/1//X/9f/1//f/O6+/f/y/p/w8X/f/e9P/70P/X/9f/X1n/v8M3v87/TyfD1v+Puf/2MJNM8j8AAADkIOb+O8JM5H8AAACojJj7/1+YifwPAAAAlRFz//Ywk0zyv/6//r/+f179//sn9P/1/6tN/783/f8+9P/1//X/V3j+/+VW0//f1O/OqIxh6//H3P/yMJNM8j8AAADkIOb+V4SZyP8AAABQGTH3vzLMRP4HAACAyoi5fyrMJJP8r/9frf7/n/71068s9P/1//usv6L9/3gY6P9nTv+/N/3/Pqre/x/pffV69+fXar23X//f+f9p8mj5HdOw9f9j7r8zzCST/A8AAAA5iLn/rjAT+R8AAAAqI+b+u8NM5H8AAACojJj7d4SZVD7/l80H/f9q9f8j/X/9/17rr2j/P9H/z5v+fwdNL1L9/z6q3v/vY73788Ow/TEN5Nv/j9/96v8zGMPW/4+5/1VhJpXP/wAAAJCPmPvvCTOR/wEAAKAyYu5/dZiJ/A8AAACVEXP/vWEmmeR//X/9f/1//X/9/87r1//fmPT/e1tt/39C/1//P7P+v/P/O/8/gzVs/f+Y+18TZpJJ/gcAAIAcxNx/X5iJ/A8AAACVEf//Zvn/XuV/AAAAqKKY+6fDTDLJ/5Xr/48VRaH/r//fpf9f0//X/9f/rzz9/96c/78P/X/9f/1//X8Gatj6/zH3vzbMJJP8DwAAADmIuf+BMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJNM8n/l+v/O/99yO/3/LM//P9bt+NT/1//Pgf5/D8veHXrQ/9f/1/+vRv+/KPT/WVfD1v+PuX9nmEkm+R8AAAByEHP/rjAT+R8AAAAqI+b+3WEm8j8AAABURsz9D4aZZJL/9f/1//X/K9f/d/5//f+s6f/35vz/fej/6/9Xrf/v/P+ss2Hr/8fc/1CYSSb5HwAAAHIQc/+eMBP5HwAAACoj5v69YSYh/3f6f90AAADAxhJz/74wk0z+/V//vyL9/9/8+5Z16//r//dYf7p6bf3/zfr/Yer/D5eK9v/bXxbXTP+/D/1//X/9f/1/BmrY+v8x9+8PM8kk/wMAAEAOYu5/XZiJ/A8AAACVEXP//w8zkf8BAACgMmLu/5kwk0zyv/5/Rfr/bfT/9f97rd/5//X/q6yi/f+BqVT/f0T/X/9/uLZf/1//n+Wuf/8/frSy/n/M/QfCTDLJ/wAAAFAF/X5hbsz9PxtmIv8DAABAZcTc//owE/kfAAAAKiPm/oNhJpnkf/1//X/9f/3/69P/f33Rbhj7//WDR/+/WvT/e6tU/9/5//X/h2z79f/1/1lu2M7/H3P/G8JMMsn/AAAAkIOY+x8OM5H/AQAAoDJi7n9jmIn8DwAAAJURc/+bwkwyyf/6//r/+v/6/87/33n9+v8bk/5/b/r/fej/6//n2v9/Vv+f62PY+v8x9785zCST/A8AAAA5iLn/LWEm8j8AAABURsz9bw0zkf8BAACgMmLuf1uYSSb5X/9f/1//X/9f/7/z+vX/Nyb9/942Qv+/PvX/9f834vZv6P6/8/9znQxb/z/m/p8LM8kk/wMAAEAOYu5/JMxE/gcAAIDKiLn/7WEm8j8AAABURsz97wgzyST/r2//vzZWFPr/+v/6//r/Jf1//f9B0P/vbSP0/53/X/9/o26//r/+P8sNW/8/5v53hplkkv8BAAAgBzH3/3yYifwPAAAAlRFz/7vCTOR/AAAAqIyY+38hzCST/O/8//r/w9X/X7rQfDv9f/3/YlD9//qN9P+zoP/fm/5/Hx36/5v0//X/9f/1/7lmw9b/j7n/3WEmmeR/AAAAyEHM/e8JM5H/AQAAoDJi7n80zET+BwAAgMqIuf+xMJNM8r/+f5b9//SQh6//7/z/+v/O/6//vzb6/73p//fh/P/6//r/+v8M1LD1/2PufzzMJJP8DwAAADmIuf+9YSbyPwAAAFRGzP2/GGYi/wMAAEBlxNz/vjCTTPK//n+W/f8hPv9/1fr/Yy3HR079/8mm5zMdl/r/+v83gP5/bzeg/99yN/r/+v/6/wPs/4ejeXOX2+v/M4yGrf8fc//7w0wyyf8AAACQg5j7fynMRP4HAACAyoi5/5fDTOR/AAAAqIyY+38lzCST/K//r/+v/+/8/87/33n9+v8bk/5/b87/34f+v/7/MPf/+9D/ZxgNW/8/5v5fDTPpGvy+/1+dNqVT/gMAAACGQ8z9HwgzyeTf/wEAACAHMfcfCjOR/wEAAKAyYu4/HGaSSf7X/2/v/8czqur/6//r/+v/6/9vRIPr/7/s5qLQ/9f/1//X/9f/1/9nLYat/x9z/5Ewk0zyPwAAAOQg5v5fCzOR/wEAAKAyYu4/GmYi/wMAAEBlxNw/F2aSSf5fx/7/+HD2/53//1r7/z/R/9f/D4am/7+5KAr9/+w4/39v+v996P/r/+v/6/8zUMPW/4+5fz7MJJP8DwAAABWWfhwcc/+xMBP5HwAAACoj5v7jYSbyPwAAAFRGzP0fDDPJJP87/7/+v/P/r0f/f6xl+XXv//94qZr9f+f/z5L+f2/6/33o/+v/6//r/zNQw9b/j7l/Icwkk/wPAAAAOYi5/0NhJvI/AAAAVEbM/R8OM5H/AQAAoDJi7j8RZpJJ/tf/1//Pvf9fK4qLzv9f0fP/r7T/P9l5/fr/G5P+f2/6/33o/+v/6//r/zNQw9b/j7n/ZJj/x959NNl1VnscPtdXltQj+AYwZsQQRvZHYMqAKqoYk00Otsgmm5yDyTnnZHIOJmdMztFE4ypR7l5rqVt9eu+WeqvP3u/7PFX3LqSSbndft039rfrVWzrZ/wAAANCD3P33iVvsfwAAAGhG7v77xi32PwAAADQjd//94pZO9r/+X//fe/+/2sj7/3t/vf5/h/f/9f9T2Nffn1j/6w6Kwg/s/+98l6vuqf/X/+v/B+n/9f/6f843t/4/d//945ZO9j8AAAD0IHf/A+IW+x8AAACakbv/gXGL/Q8AAADNyN1/VdzSyf7X/8+h/z/3Gej/9f8b7/9v0P/r/5fN+//D9P8j9P/6/yP3/yf0//p/dplb/5+7/0FxSyf7HwAAAHqQu//BcYv9DwAAAM3I3f+QuMX+BwAAgGbk7n9o3NLJ/tf/z6H/9/6//v8w/f9J7/+f9/Xo//X/6+z091v5Q/3/efT/I/T/+n/v/+v/mdTc+v/c/Q+LWzrZ/wAAANCD3P0Pj1vsfwAAAGhG7v5HxC32PwAAADQjd/8j45ZO9r/+X/+v/19K/39M7//r//X/C3f96tw/E/T/++n/R4z0/6uV/n/Iofv59V/ecj7/A+j/9f/sN7f+P3f/o+KWK1erkxf7RQIAAACzkrv/0XFLJ3/+DwAAAD3I3X913GL/AwAAQDNy918Tt3Sy//X/+n/9/6H6//wS9f+76P936P/n5aj9vf4/HNj/3+n2975Xv/2/9/+Hef9/6v7/tu8M/T/LNrf+P3f/mbilk/0PAAAAPcjd/5i4xf4HAACAZuTuf2zcYv8DAABAM3L3Py5u6WT/6/9b6///f8/v29X/b9cu+n/v/+v/9f+t0/8P8/7/iO1/zG3VD/X/+n/v/+v/OZq59f+5+x8ft3Sy/wEAAKAHufufELfY/wAAANCM3P1PjFvsfwAAAGhG7v4nxS2d7H/9f2v9/97f5/1//f+6j6//1/+3TP8/TP8/opX3/y/yu2bT/fxRbfrz1//r/9lvbv1/7v5r45ZO9j8AAAD0IHf/k+MW+x8AAACakbv/KXGL/Q8AAADNyN3/1Lilk/2v/9f/L6P/z4+g/9f/X/r+P+n/l0n/P0z/P6KV/v8ibbqfX/rnP9j/b41//vp/WjS3/j93/9Pilk72PwAAAPQgd//Td+496l8T2/8AAADQjNj9q2fELfY/AAAANCN3/zPjlk72v/5f/7+M/t/7//p/7//r/w9H/z9M/z9C/6//9/6//p9Jza3/z91/XdzSyf4HAACAHuTuf1bcYv8DAABAM3L3Pztusf8BAACgGbn7nxO3dLL/9f/6f/2//l//v/7j6/+XSf8/TP8/Qv+v/9f/H9j/H5xl79D/s86M+v9dv+v06rlxSyf7HwAAAHqQu/95cYv9DwAAAM3I3f/8uMX+BwAAgGbk7n9B3NLJ/tf/z6b/38752ur/t1arlf5/1Wn/v7Xrr2d9X+r/9f/HQP8/TP8/Qv+v/9f/e/+fSc2o/9/+ce7+F8Ytnex/AAAA6EHu/hfFLfY/AAAANCN3/4vjFvsfAAAAmpG7/yVxSyf7X/8/m/5/W1v9//G8/39C/z/L/t/7//vp/4+H/n+Y/n+E/l//r//X/zOpufX/uftfGjedvPyiv0QAAABgZnL3vyxu6eTP/wEAAKAHuftfHrfY/wAAALBQ1+37mdz9r4hbOtn/+v9p+/+Tu35O/388/b/3//X/+n920/8P0/+P0P/r//X/+n8mNbf+P3f/K+OWTvY/AAAA9CB3//Vxi/0PAAAAzcjd/6q4xf4HAACAZuTuf3Xc0sn+1/97/1//r//X/6//+Pr/ZdL/D7vk/X/8A1H/r/9f18/fOvH383F//mMm6P9PnfuP+n/acAH9/9mzZ6++5P1/7v7XxC2d7H8AAADoQe7+18Yt9j8AAAA0I3f/6+IW+x8AAACakbv/9XFLJ/tf/99p/5/f6svq/69ZrfT/vfX/J/T/+v8LpP8f5v3/Efp/7/97/1//z6Qmef9/5x+Sk/T/ufvfELd0sv8BAACgB7n73xi32P8AAADQjNz9b4pb7H8AAABoRu7+N8ctnex//X+n/b/3//X/C+n/V+30/7es9P/HYhH9/9bBH3/u/f8Z/b/+f0B3/f/d7rrnh/p//T/7TdL/x2/Z/t9H7P9z978lbulk/wMAAEAPcve/NW6x/wEAAKAZufvfFrfY/wAAANCM3P1vj5tOdLL/9f/6f/2//l//v/7jH/P7/ydXq5X+fwKL6P8HzL3/n+b9//P/Lj9H/6//X/Lnr//X/7Pf3Pr/3P3viFs62f8AAADQg9z974xb7H8AAABoRu7+d8Ut9j8AAAA0I3f/u+OWTva//l//r//X/zff/59ZRP/v/f+JHG//f0b/3+P7/1fq/w+i/9f/6/85rE31/7n73xO3dLL/AQAAoAe5+98bt9j/AAAA0Izc/e+LW+x/AAAAaEbu/vfHLZ3sf/2//v9C+v/8PPX/bfX/p2bX/5/e83+vk/f/9f8T8f7/MP3/CO//6//1/9fp/5nS3N7/z93/gbilk/0PAAAAPcjd/8G49a9u7X8AAABoRu7+D8Ut9j8AAAA0I3f/h+OWTva//l//7/1//X/z7//r/7ui/x+m/x+h/9f/6/+9/8+k5tb/5+7/SNzSyf4HAACAHuTu/2jcYv8DAABAM3L3fyxusf8BAACgGbn7b4hbOtn/+n/9v/5f/6//3/lrqP9vg/5/2PH0/1v6f/1/9fP/F38X6P/1/2O/nzbNrf/P3f/xuKWT/Q8AAAA9yN3/ibjF/gcAAIBm5O7/ZNxi/wMAAMAinVjzc7n7PxW3dLL/9f/6f/2//l//v/7j6/+XaSP9f35T6P+9/x/66f/vuOdHS3v///z//tL/6/+Z3tz6/9z9n45bOtn/AAAA0IPc/Z+JW+x/AAAAaEbu/s/GLfY/AAAANCN3/+filk72v/5f/6//1//r/9d/fP3/Mnn/f5j+f4T+f6Pv5y/188//PtD/6//Zb279f+7+z8ctnex/AAAA6EHu/i/ELfY/AAAANCN3/xfjFvsfAAAAmrG9+zMu63D/6//1//p//b/+f/3H1/8vk/5/mP5/hP5f/+/9f/0/kzqu/v/0eT8+qP//0mrnV395tepy/wMAAEAPcvd/JW6x/wEAAKAZufu/GrfY/wAAANCM3P1fi1s62f/6f/3/Mvr/s2fPXq3/1//v/XrO9f836f8p+v9h+v8R+n/9v/5f/8+k5vb+f+7+G+OWTvY/AAAA9CB3/9fjFvsfAAAAmpG7/xtxi/0PAAAAzcjd/824pZP9r/+fQf9/Wv/v/X/9/2qW7//v+dbU/y+E/n+Y/n9Ei/3/6cN/+Zvu549q05+//l//z35z6/9z938rbulk/wMAAEAPcvd/O26x/wEAAKAZufu/E7fY/wAAANCM3P3fjVs62f/6/+Pr/2/7/10v7/9vrdZ//vp//f+y+n/v/y+R/n+Y/n9Ei/3/Bdh0P7/0z1//r/9nv7n1/7n7vxe37B1+l1/YVwkAAADMSe7+78ctnfz5PwAAAPQgd/8P4hb7HwAAAJqRu/+HcUsn+1//P4P3/xvs/73/v/77Q/8/6/7/Mv1/G/T/w/T/I5bd/994QV/rGpvu55f++ev/d/f/+d2s/+/d3Pr/3P0/ils62f8AAADQg9z9P45b7H8AAABoRu7+n8Qt9j8AAAA0I3f/TXHLrv2/ru1uhf5f/6//1//r/9d/fP3/Mun/hx22/z+1Olr/n/T/3v/X//fa/3v/nx1z6/9z9/80bvHn/wAAALA4lx/w87n7fxa32P8AAADQjNz9P49b7H8AAABoRu7+X8QtN1+2qU/pWOn/9f/6f/2//n/9x9f/L5P+f9h2/3/+32TreP9f/3/x/fwV+v82+v/VSv/P0c2t/8/d/8u4xZ//AwAAQDNy9/8qbrH/AQAAoBm5+38dt9j/AAAA0Izc/b+JWzrZ//p//f8R+//tNFP/v0P/v0P/v57+/3jo/4cd9v1//b/+3/v/+n/v/zOFufX/uft/G7d0sv8BAACgB7n7fxe32P8AAACwBHc4zC/K3f/7uMX+BwAAgGbk7v9D3NLJ/t9Y/39653/0/4vv/73/r//X/+v/Z0X/P0z/P0L/r//X/+v/mdTc+v/c/X+MWzrZ/wAAANCD3P1/ilvsfwAAAGhG7v4/xy32PwAAADQjd/9f4pZO9r/3//X/+n/9v/5//cefpP8/ce4/6v+Ph/5/mP5/vfoLpf/X/+v/9f9Mam79f+7+v8Ytnex/AAAA6EHu/r/FLfY/AAAANCN3/81xi/0PAAAAzcjd//e4pZP9r//X/+v/9f/6//Uf3/v/y6T/H7bJ/v/utxv/sN7/33j/n5+C/l//r/9nEnPr/3P3/yNu6WT/AwAAQA9y9/8zbrH/AQAAoBm5+/8Vt9j/AAAA0Izc/f+OWzrZ/yP9/6n6hfr/Qfr/vZ+//n/994f+v/r/a+On9P/6/8np/4d5/3+E/t/7//p//T+Tmlv/n7v/P3FLJ/sfAAAAepC7/5a4xf4HAACAZuTu/2/cYv8DAABAM3L33xq3dLL/vf+/pP7/Cv2//r+V/t/7//r/S0b/P0z/P0L/r//X/+v/mdTc+v/c/f8LAAD//xlbQ+4=")
ftruncate(0xffffffffffffffff, 0x8000000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000})

3.521985582s ago: executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
ioctl$SNDCTL_SEQ_RESET(r1, 0x5100)

2.903921786s ago: executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000702060800000000000014"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="0503d6fcd3fc03000000478803", 0xd, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)

2.670886938s ago: executing program 4:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x65c}, {@broadcast}, {@multicast1}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.120913985s ago: executing program 4:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000ec0)=[@in={0x2, 0x0, @loopback}], 0x10)

1.042319844s ago: executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000c80)=@abs={0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000001100)=[{{&(0x7f0000000740)=@xdp, 0x80, &(0x7f00000025c0)=[{&(0x7f00000007c0)=""/65, 0x41}, {&(0x7f00000008c0)=""/175, 0xaf}, {&(0x7f0000000980)=""/179, 0xb3}, {&(0x7f0000000a40)=""/165, 0xa5}, {&(0x7f0000000b00)=""/158, 0x9e}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f00000003c0)=""/9, 0x9}, {&(0x7f0000000bc0)=""/135, 0x87}, {&(0x7f0000001180)=""/145, 0x91}, {&(0x7f0000001240)=""/149, 0x95}, {&(0x7f00000026c0)=""/167, 0xa7}, {&(0x7f00000013c0)=""/226, 0xe2}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/210, 0xd2}], 0xe, &(0x7f0000000d00)=""/98, 0x62}, 0x7fffffff}, {{&(0x7f0000000d80), 0x80, &(0x7f0000001000)=[{&(0x7f0000000840)=""/40, 0x28}, {&(0x7f0000002780)=""/226, 0xe2}, {&(0x7f0000000f00)=""/90, 0x5a}, {&(0x7f0000000f80)=""/119, 0x77}], 0x4, &(0x7f0000001040)=""/162, 0xa2}, 0x9}], 0x2, 0x100, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x0, 0x3)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'ip6tnl0\x00', <r4=>0x0, 0x2f, 0x3f, 0x40, 0x900, 0x76, @loopback, @loopback, 0x7, 0x8000, 0xff, 0x836}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYRES32], &(0x7f0000000340)='GPL\x00', 0x0, 0xfffffffffffffed0, 0x0, 0x40f00, 0x0, '\x00', r4, 0x2c, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8002, 0x1}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0xb, 0x6}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r7 = creat(&(0x7f0000000100)='./bus\x00', 0x120)
ioctl$FS_IOC_RESVSP(r7, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7fffffff})
ioctl$EXT4_IOC_GET_ES_CACHE(r7, 0xc020662a, &(0x7f0000000140)={0x56, 0xfffffffffffff000, 0x5})
ioctl$LOOP_GET_STATUS64(r6, 0x1267, &(0x7f0000000080))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0)
unshare(0x8000000)

461.399058ms ago: executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)

0s ago: executing program 4:
r0 = openat$sequencer(0xffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
fcntl$notify(r0, 0x402, 0xb)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xf, &(0x7f0000000080)=@ringbuf, 0x0}, 0x90)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts.
2024/06/10 06:57:39 fuzzer started
2024/06/10 06:57:40 dialing manager at 10.128.0.169:30024
[  163.421376][ T5045] cgroup: Unknown subsys name 'net'
[  163.736623][ T5045] cgroup: Unknown subsys name 'rlimit'
2024/06/10 06:58:28 starting 5 executor processes
[  210.065779][ T5049] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  212.665725][ T5074] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  212.681870][ T5079] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  212.698306][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  212.706499][ T5079] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  212.715581][ T5079] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  212.726069][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  212.734367][ T5083] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  212.743620][ T5079] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  212.752442][ T5085] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  212.763420][ T5083] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  212.773396][ T5079] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  212.776124][ T5087] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  212.792509][ T5086] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  212.792589][ T5079] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  212.804933][ T5086] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  212.816606][ T5083] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  212.817136][ T5087] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  212.834119][ T5086] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  212.835660][ T5079] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  212.845894][ T5087] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  212.851399][ T5079] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  212.871979][ T5079] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  212.875745][ T5087] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  212.888723][ T5079] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  213.378441][ T5079] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  213.388229][ T5079] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  213.398173][ T5079] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  213.411415][ T5079] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  213.430815][ T5079] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  213.442873][ T5079] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  214.076938][ T5073] chnl_net:caif_netlink_parms(): no params data found
[  214.761329][ T5072] chnl_net:caif_netlink_parms(): no params data found
[  214.784427][ T5075] chnl_net:caif_netlink_parms(): no params data found
[  214.923651][ T5079] Bluetooth: hci3: command tx timeout
[  214.929306][ T5079] Bluetooth: hci1: command tx timeout
[  214.970426][ T5093] chnl_net:caif_netlink_parms(): no params data found
[  215.001010][ T5081] Bluetooth: hci0: command tx timeout
[  215.006633][ T5081] Bluetooth: hci2: command tx timeout
[  215.175493][ T5073] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.183284][ T5073] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.191237][ T5073] bridge_slave_0: entered allmulticast mode
[  215.200347][ T5073] bridge_slave_0: entered promiscuous mode
[  215.217715][ T5082] chnl_net:caif_netlink_parms(): no params data found
[  215.320565][ T5073] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.328517][ T5073] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.336663][ T5073] bridge_slave_1: entered allmulticast mode
[  215.345963][ T5073] bridge_slave_1: entered promiscuous mode
[  215.560853][ T5079] Bluetooth: hci4: command tx timeout
[  215.648879][ T5073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  215.675101][ T5073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  215.737032][ T5072] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.745053][ T5072] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.752908][ T5072] bridge_slave_0: entered allmulticast mode
[  215.762009][ T5072] bridge_slave_0: entered promiscuous mode
[  215.914625][ T5072] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.922535][ T5072] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.930216][ T5072] bridge_slave_1: entered allmulticast mode
[  215.940892][ T5072] bridge_slave_1: entered promiscuous mode
[  215.992914][ T5073] team0: Port device team_slave_0 added
[  216.095552][ T5073] team0: Port device team_slave_1 added
[  216.146369][ T5075] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.154913][ T5075] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.162756][ T5075] bridge_slave_0: entered allmulticast mode
[  216.171714][ T5075] bridge_slave_0: entered promiscuous mode
[  216.306769][ T5072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.318521][ T5075] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.326397][ T5075] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.334209][ T5075] bridge_slave_1: entered allmulticast mode
[  216.342985][ T5075] bridge_slave_1: entered promiscuous mode
[  216.412984][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_0
[  216.420076][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.446354][ T5073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  216.467004][ T5072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.478353][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_1
[  216.486871][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.513467][ T5073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  216.559118][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.566873][ T5093] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.574689][ T5093] bridge_slave_0: entered allmulticast mode
[  216.582915][ T5093] bridge_slave_0: entered promiscuous mode
[  216.756828][ T5093] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.764955][ T5093] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.772861][ T5093] bridge_slave_1: entered allmulticast mode
[  216.781865][ T5093] bridge_slave_1: entered promiscuous mode
[  216.792982][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.808571][ T5082] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.816385][ T5082] bridge_slave_0: entered allmulticast mode
[  216.825573][ T5082] bridge_slave_0: entered promiscuous mode
[  216.879952][ T5075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.921516][ T5082] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.929026][ T5082] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.936874][ T5082] bridge_slave_1: entered allmulticast mode
[  216.945524][ T5082] bridge_slave_1: entered promiscuous mode
[  216.963010][ T5072] team0: Port device team_slave_0 added
[  217.001009][ T5079] Bluetooth: hci1: command tx timeout
[  217.002257][ T5081] Bluetooth: hci3: command tx timeout
[  217.020537][ T5075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.069521][ T5093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  217.082323][ T5081] Bluetooth: hci2: command tx timeout
[  217.087938][ T5081] Bluetooth: hci0: command tx timeout
[  217.118010][ T5072] team0: Port device team_slave_1 added
[  217.196594][ T5073] hsr_slave_0: entered promiscuous mode
[  217.205278][ T5073] hsr_slave_1: entered promiscuous mode
[  217.252135][ T5093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.309063][ T5082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  217.449111][ T5082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.465343][ T5093] team0: Port device team_slave_0 added
[  217.475380][ T5072] batman_adv: batadv0: Adding interface: batadv_slave_0
[  217.482685][ T5072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.509058][ T5072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  217.567500][ T5075] team0: Port device team_slave_0 added
[  217.596773][ T5093] team0: Port device team_slave_1 added
[  217.632827][ T5072] batman_adv: batadv0: Adding interface: batadv_slave_1
[  217.639980][ T5072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.666457][ T5072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  217.670971][ T5079] Bluetooth: hci4: command tx timeout
[  217.723362][ T5075] team0: Port device team_slave_1 added
[  217.737448][ T5082] team0: Port device team_slave_0 added
[  217.865659][ T5082] team0: Port device team_slave_1 added
[  217.952645][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_0
[  217.959811][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.987499][ T5093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.001760][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.008905][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.035151][ T5075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.129235][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.136529][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.162945][ T5093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.207768][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.215184][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.241688][ T5075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.316137][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.323549][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.349933][ T5082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.407062][ T5072] hsr_slave_0: entered promiscuous mode
[  218.417788][ T5072] hsr_slave_1: entered promiscuous mode
[  218.425585][ T5072] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.433455][ T5072] Cannot create hsr debugfs directory
[  218.496617][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.503998][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.530844][ T5082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.709138][ T5075] hsr_slave_0: entered promiscuous mode
[  218.718033][ T5075] hsr_slave_1: entered promiscuous mode
[  218.726764][ T5075] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.735321][ T5075] Cannot create hsr debugfs directory
[  218.957695][ T5082] hsr_slave_0: entered promiscuous mode
[  218.966320][ T5082] hsr_slave_1: entered promiscuous mode
[  218.975277][ T5082] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.983075][ T5082] Cannot create hsr debugfs directory
[  219.018511][ T5093] hsr_slave_0: entered promiscuous mode
[  219.027873][ T5093] hsr_slave_1: entered promiscuous mode
[  219.036395][ T5093] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  219.044301][ T5093] Cannot create hsr debugfs directory
[  219.081085][ T5079] Bluetooth: hci3: command tx timeout
[  219.107133][ T5079] Bluetooth: hci1: command tx timeout
[  219.124177][ T1230] ieee802154 phy0 wpan0: encryption failed: -22
[  219.130962][ T1230] ieee802154 phy1 wpan1: encryption failed: -22
[  219.173962][ T5079] Bluetooth: hci0: command tx timeout
[  219.174687][ T5081] Bluetooth: hci2: command tx timeout
[  219.722312][ T5081] Bluetooth: hci4: command tx timeout
[  219.872968][ T5073] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  219.966346][ T5073] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  220.062328][ T5073] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  220.117247][ T5073] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  220.203470][ T5072] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  220.231803][ T5072] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  220.356863][ T5072] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  220.385370][ T5072] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  220.520469][ T5075] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  220.630085][ T5082] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  220.650579][ T5082] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  220.671590][ T5075] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  220.692448][ T5082] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  220.714617][ T5082] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  220.776473][ T5075] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  220.808212][ T5093] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  220.870991][ T5075] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  220.899109][ T5093] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  220.962881][ T5093] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  221.017602][ T5093] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  221.172962][ T5081] Bluetooth: hci1: command tx timeout
[  221.178600][ T5081] Bluetooth: hci3: command tx timeout
[  221.241000][ T5079] Bluetooth: hci0: command tx timeout
[  221.246631][ T5079] Bluetooth: hci2: command tx timeout
[  221.805205][ T5073] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.824787][ T5079] Bluetooth: hci4: command tx timeout
[  221.943710][ T5073] 8021q: adding VLAN 0 to HW filter on device team0
[  222.010134][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.017962][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.121178][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.128994][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.162571][ T5072] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.189001][ T5075] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.334041][ T5082] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.401386][ T5072] 8021q: adding VLAN 0 to HW filter on device team0
[  222.420333][ T5075] 8021q: adding VLAN 0 to HW filter on device team0
[  222.534368][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.542147][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.620064][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.627985][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.667868][ T5082] 8021q: adding VLAN 0 to HW filter on device team0
[  222.741971][ T5093] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.760177][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.767980][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.785339][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.793203][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.944442][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.952251][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.969452][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.977196][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.088955][ T5075] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  223.101174][ T5075] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  223.230076][ T5093] 8021q: adding VLAN 0 to HW filter on device team0
[  223.447203][ T5082] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  223.572294][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.580061][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.605745][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.613537][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.729564][ T5072] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  225.117598][ T5073] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.209349][ T5075] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.698857][ T5082] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.817932][ T5072] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.849686][ T5075] veth0_vlan: entered promiscuous mode
[  225.949937][ T5075] veth1_vlan: entered promiscuous mode
[  225.973388][ T5093] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.438601][ T5072] veth0_vlan: entered promiscuous mode
[  226.483060][ T5075] veth0_macvtap: entered promiscuous mode
[  226.497333][ T5082] veth0_vlan: entered promiscuous mode
[  226.575577][ T5072] veth1_vlan: entered promiscuous mode
[  226.605079][ T5075] veth1_macvtap: entered promiscuous mode
[  226.665648][ T5082] veth1_vlan: entered promiscuous mode
[  226.745493][ T5093] veth0_vlan: entered promiscuous mode
[  226.856044][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_0
[  226.902191][ T5093] veth1_vlan: entered promiscuous mode
[  226.966569][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.002445][ T5072] veth0_macvtap: entered promiscuous mode
[  227.108612][ T5082] veth0_macvtap: entered promiscuous mode
[  227.134118][ T5072] veth1_macvtap: entered promiscuous mode
[  227.150302][ T5075] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.161268][ T5075] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.170281][ T5075] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.182340][ T5075] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.233169][ T5082] veth1_macvtap: entered promiscuous mode
[  227.354429][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.365976][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.381350][ T5072] batman_adv: batadv0: Interface activated: batadv_slave_0
[  227.467823][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.480139][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.491676][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.504292][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.521356][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_0
[  227.559209][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.572155][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.586858][ T5072] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.648144][ T5093] veth0_macvtap: entered promiscuous mode
[  227.708557][ T5072] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.717917][ T5072] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.730792][ T5072] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.739831][ T5072] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.764826][ T5093] veth1_macvtap: entered promiscuous mode
[  227.778690][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.792277][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.804223][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  227.815124][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.830238][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.997250][ T5082] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.006488][ T5082] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.015714][ T5082] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.024915][ T5082] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.170006][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.180946][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.191960][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.202735][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.212826][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.223585][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.238500][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.488463][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.500497][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.513796][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.528094][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.543693][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.556083][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.572842][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.678250][ T5073] veth0_vlan: entered promiscuous mode
[  228.791793][ T5093] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.801102][ T5093] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.810132][ T5093] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.819349][ T5093] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.861324][ T5073] veth1_vlan: entered promiscuous mode
[  229.144467][ T5073] veth0_macvtap: entered promiscuous mode
[  229.225094][ T5073] veth1_macvtap: entered promiscuous mode
[  229.426315][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.438420][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.448666][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.459463][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.469729][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.480483][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.492322][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.504261][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.519709][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_0
[  229.626899][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.638090][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.649587][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.661281][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.671382][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.682362][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.692590][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.703324][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.718442][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.915369][ T5073] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.926646][ T5073] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.937254][ T5073] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.946851][ T5073] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  233.852138][ T3319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  233.860106][ T3319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.112294][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.120374][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.631160][ T3207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.639106][ T3207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.773375][   T29] audit: type=1326 audit(1718002733.026:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5252 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f649627cf69 code=0x0
[  234.859262][ T5143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.867570][ T5143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.944469][ T5130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.953144][ T5130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.133456][ T3207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.141811][ T3207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.810081][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.818358][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.011662][ T5265] loop1: detected capacity change from 0 to 2048
[  236.071830][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.079884][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.411957][    T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  236.426166][ T5265] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.546827][ T5269] loop0: detected capacity change from 0 to 4096
[  236.642207][ T5269] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  236.656937][ T5265] process 'syz-executor.1' launched '/dev/fd/6' with NULL argv: empty string added
[  236.726421][    T8] usb 3-1: Using ep0 maxpacket: 8
[  236.745690][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.754141][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.854521][ T5269] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  236.892288][    T8] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  236.901779][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.908299][ T5269] ntfs3: loop0: Failed to load $MFT (-2).
[  237.039361][ T3207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.049918][ T3207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.065363][    T8] usb 3-1: config 0 descriptor??
[  237.077240][ T5283] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  237.353897][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.830514][ T5292] loop4: detected capacity change from 0 to 256
[  237.997242][    T8] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  238.008047][    T8] asix 3-1:0.0: probe with driver asix failed with error -61
[  238.053946][ T5292] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  238.062630][ T5130] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  238.528987][ T5303] loop0: detected capacity change from 0 to 16
[  238.586906][ T5303] erofs: Unknown parameter ''
[  239.527149][ T5310] loop4: detected capacity change from 0 to 2048
[  239.575590][   T10] usb 3-1: USB disconnect, device number 2
[  239.651683][ T5303] loop0: detected capacity change from 0 to 32768
[  239.663964][ T5303] btrfs: Deprecated parameter 'usebackuproot'
[  239.670299][ T5303] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  239.692637][ T5303] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (5303)
[  239.755166][ T5310]  loop4: unable to read partition table
[  239.774054][ T5303] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  239.784738][ T5303] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  239.803634][ T5303] BTRFS info (device loop0): using free-space-tree
[  239.833539][ T5310] loop_reread_partitions: partition scan of loop4 () failed (rc=-5)
[  240.079965][ T3207] BTRFS warning (device loop0): checksum verify failed on logical 5287936 mirror 1 wanted 0xa713e020c0742da5cdb6ecaadf60bb643ce52b909234612630a7c6dbca1063e3 found 0x319827470293c22481348f694f364e9e3fe04bf1be13bf6a966626dae8d0a1f3 level 0
[  240.107246][ T5303] BTRFS warning (device loop0): failed to read root (objectid=4): -5
[  240.115755][ T5303] BTRFS warning (device loop0): try to load backup roots slot 1
[  240.147740][ T5303] BTRFS warning (device loop0): global root 2 0 already exists
[  240.156115][ T5303] BTRFS error (device loop0): failed to load root extent
[  240.163559][ T5303] BTRFS warning (device loop0): try to load backup roots slot 2
[  240.182050][ T4485] Alternate GPT is invalid, using primary GPT.
[  240.189116][ T4485]  loop4: p1 p2 p3
[  240.229284][ T4300] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  240.240834][ T5303] BTRFS warning (device loop0): couldn't read tree root
[  240.248024][ T5303] BTRFS warning (device loop0): try to load backup roots slot 3
[  240.276345][ T4300] BTRFS warning (device loop0): checksum verify failed on logical 5242880 mirror 1 wanted 0x8d90b910ec13d95ec17ddbe87d1d5dca5d3dff1259e90cf51f7cd4ff39170caa found 0x86a1bd5099c7720e979470d5267ebf4e13dcda0ea0a2916f7e925d264772fac7 level 0
[  240.285182][ T5332] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  240.305449][ T5303] BTRFS warning (device loop0): couldn't read tree root
[  240.424435][ T5334] input: syz0 as /devices/virtual/input/input5
[  240.447686][ T5303] BTRFS error (device loop0): open_ctree failed
[  240.678441][ T5337] loop4: detected capacity change from 0 to 128
[  240.704127][ T5332] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  241.184925][ T5339] loop2: detected capacity change from 0 to 1024
[  241.272346][ T5339] hfsplus: unable to parse mount options
[  241.615591][ T5344] loop0: detected capacity change from 0 to 64
[  241.783484][ T5350] raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it!
[  241.954300][ T5142] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  242.038044][ T5350] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.3'.
[  242.281159][ T5142] usb 3-1: Using ep0 maxpacket: 8
[  242.402319][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.413801][ T5142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  242.424122][ T5142] usb 3-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  242.433568][ T5142] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.566018][ T5346] loop1: detected capacity change from 0 to 40427
[  242.593976][ T5142] usb 3-1: config 0 descriptor??
[  242.645797][ T5346] F2FS-fs (loop1): invalid crc value
[  242.696463][ T5346] F2FS-fs (loop1): Found nat_bits in checkpoint
[  242.996205][ T5346] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  243.056816][ T5358] capability: warning: `syz-executor.4' uses deprecated v2 capabilities in a way that may be insecure
[  243.090565][   T29] audit: type=1804 audit(1718002741.296:3): pid=5346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4053295615/syzkaller.mX7uKh/5/file0/bus" dev="loop1" ino=10 res=1 errno=0
[  243.194404][ T5072] syz-executor.1: attempt to access beyond end of device
[  243.194404][ T5072] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  243.591706][ T5142] usbhid 3-1:0.0: can't add hid device: -71
[  243.598401][ T5142] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  243.622448][ T5142] usb 3-1: USB disconnect, device number 3
[  245.435134][ T5369] loop2: detected capacity change from 0 to 32768
[  245.453428][ T5369] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (5369)
[  245.494416][ T5369] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  245.504979][ T5369] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  245.516209][ T5369] BTRFS info (device loop2): using free-space-tree
[  246.194096][ T5075] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  247.072883][ T5398] loop0: detected capacity change from 0 to 4096
[  247.181519][ T5398] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  247.347421][ T5404] loop1: detected capacity change from 0 to 2048
[  247.556145][ T5404] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.792122][ T5404] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz-executor.1: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  247.840348][ T5405] loop4: detected capacity change from 0 to 40427
[  247.883230][ T5404] EXT4-fs (loop1): Remounting filesystem read-only
[  247.958332][ T5405] F2FS-fs (loop4): Found nat_bits in checkpoint
[  248.078594][ T5398] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[  248.239159][ T5405] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  248.356753][ T5398] ntfs3: loop0: ino=1b, "file0" failed to parse mft record
[  248.365573][ T5398] ntfs3: loop0: ino=1b, "file0" attr_set_size
[  248.372815][   T29] audit: type=1804 audit(1718002746.596:4): pid=5418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1129805427/syzkaller.ozO3xk/8/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0
[  248.401735][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.633876][ T5082] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  249.068751][   T29] audit: type=1326 audit(1718002747.256:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5422 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f747627cf69 code=0x0
[  249.171724][   T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  249.213887][ T5418] loop3: detected capacity change from 0 to 4096
[  249.289838][ T5418] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  249.407713][ T5418] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  249.547351][ T5427] loop1: detected capacity change from 0 to 512
[  249.573178][ T5418] ntfs3: loop3: Failed to load $LogFile (-22).
[  249.688584][ T5427] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  249.893945][ T5427] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756
[  249.909933][ T5427] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 17 (err -117)
[  249.940230][ T5427] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.104860][ T5439] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  250.163549][ T5427] fuse: Unknown parameter 'éÛÙˆßÇŽff'
[  250.693304][ T5441] kvm: emulating exchange as write
[  250.734463][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.098487][ T5447] Zero length message leads to an empty skb
[  252.281722][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  252.369546][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  252.383912][    T0] NOHZ tick-stop error: local softirq work is pending, handler #180!!!
[  252.568214][ T5465] loop0: detected capacity change from 0 to 32768
[  252.591445][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  252.612366][ T5079] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  252.621859][ T5079] Bluetooth: hci4: Injecting HCI hardware error event
[  252.629529][ T5079] Bluetooth: hci4: hardware error 0x00
[  253.675622][   T29] audit: type=1326 audit(1718002751.936:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5471 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f82e807cf69 code=0x0
[  253.770378][ T5472] loop1: detected capacity change from 0 to 512
[  253.858432][ T5472] =======================================================
[  253.858432][ T5472] WARNING: The mand mount option has been deprecated and
[  253.858432][ T5472]          and is ignored by this kernel. Remove the mand
[  253.858432][ T5472]          option from the mount to silence this warning.
[  253.858432][ T5472] =======================================================
[  254.092205][ T5472] EXT4-fs (loop1): orphan cleanup on readonly fs
[  254.192890][ T5472] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor.1: bg 0: block 248: padding at end of block bitmap is not set
[  254.199511][ T5479] loop3: detected capacity change from 0 to 512
[  254.235889][ T5472] Quota error (device loop1): write_blk: dquota write failed
[  254.244852][ T5472] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  254.255517][ T5472] EXT4-fs error (device loop1): ext4_acquire_dquot:6882: comm syz-executor.1: Failed to acquire dquot type 1
[  254.318619][ T5479] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  254.319583][ T5472] EXT4-fs (loop1): 1 truncate cleaned up
[  254.527144][ T5472] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  254.550158][ T5479] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #17: comm syz-executor.3: iget: bad i_size value: -6917529027641081756
[  254.577324][ T5479] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz-executor.3: couldn't read orphan inode 17 (err -117)
[  254.607406][ T5479] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.695849][ T5472] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  254.760936][ T5079] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  254.795153][ T5479] fuse: Unknown parameter 'éÛÙˆßÇŽff'
[  254.821670][ T5472] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  255.177471][ T5472] syz-executor.1 (5472) used greatest stack depth: 4216 bytes left
[  255.222756][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.321999][ T5478] loop0: detected capacity change from 0 to 4096
[  255.336957][ T5478] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  255.380017][ T5093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.857025][ T5478] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[  256.418348][ T5082] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  257.543648][ T5511] loop3: detected capacity change from 0 to 32768
[  257.915226][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  258.163774][ T5520] loop1: detected capacity change from 0 to 512
[  259.548050][ T5542] loop3: detected capacity change from 0 to 512
[  259.647021][ T5534] loop0: detected capacity change from 0 to 4096
[  259.682176][ T5542] EXT4-fs (loop3): orphan cleanup on readonly fs
[  259.736977][ T5542] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set
[  259.781119][ T5534] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  259.825819][ T5542] Quota error (device loop3): write_blk: dquota write failed
[  259.833976][ T5542] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  259.844415][ T5542] EXT4-fs error (device loop3): ext4_acquire_dquot:6882: comm syz-executor.3: Failed to acquire dquot type 1
[  259.890825][ T5542] EXT4-fs (loop3): 1 truncate cleaned up
[  259.922848][ T5542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  260.056185][ T5542] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  260.075161][ T5534] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[  260.176574][ T5542] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  260.306080][ T5534] ntfs3: loop0: ino=1b, "file0" failed to parse mft record
[  260.314090][ T5534] ntfs3: loop0: ino=1b, "file0" attr_set_size
[  260.558538][ T5093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.822620][ T5082] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  260.912108][ T5554] loop2: detected capacity change from 0 to 32768
[  261.101080][ T5142] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  261.471769][ T5142] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.483167][ T5142] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  261.501524][ T5142] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  261.512641][ T5142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.589083][ T5142] usb 5-1: config 0 descriptor??
[  261.898254][ T5562] loop3: detected capacity change from 0 to 512
[  262.037125][ T5562] EXT4-fs (loop3): orphan cleanup on readonly fs
[  262.067830][ T5562] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set
[  262.127743][ T5142] plantronics 0003:047F:FFFF.0001: unbalanced collection at end of report description
[  262.181783][ T5562] Quota error (device loop3): write_blk: dquota write failed
[  262.189756][ T5562] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  262.200101][ T5562] EXT4-fs error (device loop3): ext4_acquire_dquot:6882: comm syz-executor.3: Failed to acquire dquot type 1
[  262.235459][ T5142] plantronics 0003:047F:FFFF.0001: parse failed
[  262.242697][ T5142] plantronics 0003:047F:FFFF.0001: probe with driver plantronics failed with error -22
[  262.293537][ T5562] EXT4-fs (loop3): 1 truncate cleaned up
[  262.313242][ T5562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  262.386634][ T5562] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  262.435135][ T5562] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  262.474186][ T5562] syz-executor.3 (5562) used greatest stack depth: 3344 bytes left
[  262.611398][ T5093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.117208][ T5551] loop4: detected capacity change from 0 to 4096
[  263.355056][ T5575] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  263.367329][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  263.551833][ T5130] usb 5-1: USB disconnect, device number 2
[  264.435701][ T5591] loop0: detected capacity change from 0 to 512
[  264.495723][ T5591] EXT4-fs (loop0): orphan cleanup on readonly fs
[  264.516024][ T5591] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor.0: bg 0: block 248: padding at end of block bitmap is not set
[  264.576775][ T5591] Quota error (device loop0): write_blk: dquota write failed
[  264.585020][ T5591] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  264.595502][ T5591] EXT4-fs error (device loop0): ext4_acquire_dquot:6882: comm syz-executor.0: Failed to acquire dquot type 1
[  264.731762][ T5591] EXT4-fs (loop0): 1 truncate cleaned up
[  264.767555][ T5591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  264.896370][ T5591] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  265.008137][ T5591] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  265.040364][ T5603] loop4: detected capacity change from 0 to 512
[  265.158271][ T5603] EXT4-fs (loop4): orphan cleanup on readonly fs
[  265.197345][ T5589] loop2: detected capacity change from 0 to 4096
[  265.217395][ T5589] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  265.248970][ T5603] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set
[  265.282643][ T5603] Quota error (device loop4): write_blk: dquota write failed
[  265.295284][ T5603] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  265.306973][ T5603] EXT4-fs error (device loop4): ext4_acquire_dquot:6882: comm syz-executor.4: Failed to acquire dquot type 1
[  265.358719][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.376923][ T5603] EXT4-fs (loop4): 1 truncate cleaned up
[  265.440874][ T5603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  265.512946][ T5603] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  265.557389][ T5589] ntfs3: loop2: Failed to initialize $Extend/$Reparse.
[  265.574067][ T5603] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  265.639830][ T5603] Quota error (device loop4): do_check_range: Getting block 1536 out of range 0-5
[  265.728661][ T5589] ntfs3: loop2: ino=1b, "file0" failed to parse mft record
[  265.736339][ T5589] ntfs3: loop2: ino=1b, "file0" attr_set_size
[  265.937699][ T5073] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.259228][ T5075] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22.
[  266.864124][ T5617] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  268.623361][ T5644] loop4: detected capacity change from 0 to 512
[  268.843100][ T5644] EXT4-fs (loop4): orphan cleanup on readonly fs
[  268.996882][ T5644] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set
[  269.099647][ T5644] Quota error (device loop4): write_blk: dquota write failed
[  269.107968][ T5644] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  269.118411][ T5644] EXT4-fs error (device loop4): ext4_acquire_dquot:6882: comm syz-executor.4: Failed to acquire dquot type 1
[  269.248034][ T5643] loop3: detected capacity change from 0 to 40427
[  269.299987][ T5643] F2FS-fs (loop3): invalid crc value
[  269.311119][ T5644] EXT4-fs (loop4): 1 truncate cleaned up
[  269.346314][ T5644] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  269.418946][ T5643] F2FS-fs (loop3): Found nat_bits in checkpoint
[  269.420527][ T5644] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  269.607263][ T5644] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  269.668652][ T5656] Quota error (device loop4): do_check_range: Getting block 1536 out of range 0-5
[  269.699450][ T5643] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  269.748949][   T29] audit: type=1804 audit(1718002767.996:7): pid=5641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1129805427/syzkaller.ozO3xk/24/file0/bus" dev="loop3" ino=10 res=1 errno=0
[  269.891764][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  269.903770][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!!
[  270.016832][ T5093] syz-executor.3: attempt to access beyond end of device
[  270.016832][ T5093] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  270.067073][ T5646] loop2: detected capacity change from 0 to 4096
[  270.087600][ T5646] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  270.203781][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  270.399554][ T5073] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.546793][ T5646] ntfs3: loop2: Failed to initialize $Extend/$Reparse.
[  270.679387][ T5646] ntfs3: loop2: ino=1b, "file0" failed to parse mft record
[  270.687192][ T5646] ntfs3: loop2: ino=1b, "file0" attr_set_size
[  270.712878][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[  271.105211][ T5075] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22.
[  272.240341][ T5685] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  272.642731][ T5690] loop3: detected capacity change from 0 to 512
[  272.688753][ T5690] EXT4-fs (loop3): orphan cleanup on readonly fs
[  272.855670][ T5690] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set
[  272.931771][ T5690] Quota error (device loop3): write_blk: dquota write failed
[  272.939767][ T5690] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  272.950215][ T5690] EXT4-fs error (device loop3): ext4_acquire_dquot:6882: comm syz-executor.3: Failed to acquire dquot type 1
[  273.062025][ T5690] EXT4-fs (loop3): 1 truncate cleaned up
[  273.077838][ T5699] loop2: detected capacity change from 0 to 512
[  273.088966][ T5690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  273.137794][ T5699] EXT4-fs (loop2): orphan cleanup on readonly fs
[  273.184657][ T5685] loop4: detected capacity change from 0 to 4096
[  273.205098][ T5699] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor.2: bg 0: block 248: padding at end of block bitmap is not set
[  273.237885][ T5690] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  273.250563][ T5699] Quota error (device loop2): write_blk: dquota write failed
[  273.258775][ T5699] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  273.270453][ T5699] EXT4-fs error (device loop2): ext4_acquire_dquot:6882: comm syz-executor.2: Failed to acquire dquot type 1
[  273.299713][ T5699] EXT4-fs (loop2): 1 truncate cleaned up
[  273.313317][ T5690] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  273.326303][ T5699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  273.327457][ T5685] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  273.381641][ T5685] ntfs3: loop4: Failed to load $MFT (-2).
[  273.396356][ T5699] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  273.453661][ T5699] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  273.530446][ T5704] Quota error (device loop2): do_check_range: Getting block 1536 out of range 0-5
[  273.577170][ T5093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.626811][ T5707] input: syz0 as /devices/virtual/input/input7
[  273.914791][ T5075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.615849][ T5744] mmap: syz-executor.2 (5744): VmData 37380096 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data.
[  276.694534][ T5743] loop0: detected capacity change from 0 to 512
[  276.871672][ T5743] EXT4-fs (loop0): orphan cleanup on readonly fs
[  276.968793][ T5743] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor.0: bg 0: block 248: padding at end of block bitmap is not set
[  277.084556][ T5743] Quota error (device loop0): write_blk: dquota write failed
[  277.092974][ T5743] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  277.103388][ T5743] EXT4-fs error (device loop0): ext4_acquire_dquot:6882: comm syz-executor.0: Failed to acquire dquot type 1
[  277.358403][ T5743] EXT4-fs (loop0): 1 truncate cleaned up
[  277.548553][ T5736] loop4: detected capacity change from 0 to 65536
[  277.585218][ T5743] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  277.707609][ T5743] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  277.719443][ T5736] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  277.758597][ T5743] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  277.798151][ T5743] Quota error (device loop0): do_check_range: Getting block 1536 out of range 0-5
[  278.058721][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.244619][ T5736] XFS (loop4): Ending clean mount
[  278.257689][ T5736] overlayfs: failed to resolve './file0:smackfshat=xfs': -2
[  278.267159][   T29] audit: type=1326 audit(1718002776.206:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5754 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f747627cf69 code=0x0
[  278.616415][ T5769] loop1: detected capacity change from 0 to 512
[  278.618747][ T5770] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  278.670312][ T5769] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  278.683203][ T5763] loop3: detected capacity change from 0 to 1024
[  278.791535][ T5769] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756
[  278.839104][ T5769] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 17 (err -117)
[  278.878528][ T5769] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  278.880276][ T5073] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  278.950837][ T5765] fuse: Unknown parameter 'éÛÙˆßÇŽff'
[  279.277487][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.782726][ T5758] loop2: detected capacity change from 0 to 4096
[  279.818701][ T5781] loop1: detected capacity change from 0 to 8
[  279.844660][   T34] hfsplus: b-tree write err: -5, ino 4
[  279.897461][ T5758] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  279.923899][ T5758] ntfs3: loop2: Failed to load $MFT (-2).
[  280.008734][ T5781] unable to read xattr id index table
[  280.202583][ T5781] netlink: 1068 bytes leftover after parsing attributes in process `syz-executor.1'.
[  280.555255][ T1230] ieee802154 phy0 wpan0: encryption failed: -22
[  280.562781][ T1230] ieee802154 phy1 wpan1: encryption failed: -22
[  280.631941][ T5130] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  280.920978][ T5130] usb 4-1: Using ep0 maxpacket: 8
[  281.043779][ T5130] usb 4-1: config 0 has no interfaces?
[  281.049669][ T5130] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  281.062647][ T5130] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.169724][ T5130] usb 4-1: config 0 descriptor??
[  281.485582][ T5143] usb 4-1: USB disconnect, device number 2
[  283.434661][   T29] audit: type=1326 audit(1718002781.636:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5823 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f747627cf69 code=0x0
[  283.865901][ T5826] loop1: detected capacity change from 0 to 512
[  283.887197][ T5828] loop2: detected capacity change from 0 to 8
[  283.955634][ T5826] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  283.997818][ T5828] unable to read xattr id index table
[  284.169312][ T5826] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756
[  284.292702][ T5826] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 17 (err -117)
[  284.357220][ T5826] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.615717][ T5826] fuse: Unknown parameter 'éÛÙˆßÇŽff'
[  285.067530][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.873320][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  286.221790][   T10] usb 3-1: Using ep0 maxpacket: 8
[  286.400327][   T10] usb 3-1: config 0 has no interfaces?
[  286.406232][   T10] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  286.415675][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.471834][   T10] usb 3-1: config 0 descriptor??
[  286.810429][ T5130] usb 3-1: USB disconnect, device number 5
[  287.712499][ T5871] loop2: detected capacity change from 0 to 8
[  287.752043][ T5871] unable to read xattr id index table
[  288.512277][   T29] audit: type=1326 audit(1718002786.706:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5876 comm="syz-executor.2" exe="/root/syz-executor.2" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f649627cf69 code=0x0
[  289.138875][ T5881] loop2: detected capacity change from 0 to 512
[  289.238124][ T5881] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  289.591311][ T5881] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  289.643119][ T5881] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  289.674214][ T5881] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.707656][ T5881] fuse: Unknown parameter 'éÛÙˆßÇŽff'
[  290.143332][ T5075] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.802090][ T5142] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  292.122186][ T5142] usb 5-1: Using ep0 maxpacket: 8
[  292.241887][ T5142] usb 5-1: config 0 has no interfaces?
[  292.247770][ T5142] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  292.257340][ T5142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.284296][ T5919] loop0: detected capacity change from 0 to 8
[  292.332982][ T5142] usb 5-1: config 0 descriptor??
[  292.349765][ T5919] unable to read xattr id index table
[  292.620951][ T5142] usb 5-1: USB disconnect, device number 3
[  293.840006][   T29] audit: type=1326 audit(1718002792.086:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5931 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5be447cf69 code=0x0
[  294.235773][ T5939] loop4: detected capacity change from 0 to 512
[  294.354845][ T5939] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  294.611656][ T5939] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756
[  294.787971][ T5939] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  294.868503][ T5939] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.944754][ T5937] fuse: Unknown parameter 'éÛÙˆßÇŽff'
[  295.404406][ T5073] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.546831][ T5959] loop0: detected capacity change from 0 to 8
[  295.581980][ T5959] unable to read xattr id index table
[  296.501337][ T5142] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  296.502880][ T5971] netlink: 988 bytes leftover after parsing attributes in process `syz-executor.1'.
[  296.767754][ T5142] usb 1-1: Using ep0 maxpacket: 8
[  296.911913][ T5142] usb 1-1: config 0 has no interfaces?
[  296.917805][ T5142] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  296.932252][ T5142] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.994161][ T5142] usb 1-1: config 0 descriptor??
[  297.295082][ T5142] usb 1-1: USB disconnect, device number 3
[  299.361666][ T4300] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.526777][ T4300] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.565122][ T6003] loop0: detected capacity change from 0 to 8
[  299.608844][ T6000] netlink: 988 bytes leftover after parsing attributes in process `syz-executor.4'.
[  299.624239][ T6003] unable to read xattr id index table
[  299.708405][ T4300] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  299.864929][ T4300] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.207342][ T4300] bridge_slave_1: left allmulticast mode
[  300.213456][ T4300] bridge_slave_1: left promiscuous mode
[  300.220051][ T4300] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.281817][ T4300] bridge_slave_0: left allmulticast mode
[  300.287814][ T4300] bridge_slave_0: left promiscuous mode
[  300.294536][ T4300] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.850301][ T4300] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  300.970988][ T4300] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  301.060019][ T4300] bond0 (unregistering): Released all slaves
[  301.671027][   T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  301.980992][ T4300] hsr_slave_0: left promiscuous mode
[  301.999740][ T4300] hsr_slave_1: left promiscuous mode
[  302.021021][   T10] usb 4-1: Using ep0 maxpacket: 8
[  302.027040][ T4300] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  302.035279][ T4300] batman_adv: batadv0: Removing interface: batadv_slave_0
[  302.082027][ T4300] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  302.089720][ T4300] batman_adv: batadv0: Removing interface: batadv_slave_1
[  302.151745][   T10] usb 4-1: config 0 has no interfaces?
[  302.157851][   T10] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  302.167482][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.186172][ T4300] veth1_macvtap: left promiscuous mode
[  302.192057][ T4300] veth0_macvtap: left promiscuous mode
[  302.197940][ T4300] veth1_vlan: left promiscuous mode
[  302.203590][ T4300] veth0_vlan: left promiscuous mode
[  302.240212][   T10] usb 4-1: config 0 descriptor??
[  302.430534][ T5081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  302.448670][ T5081] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  302.464165][ T5081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  302.580157][   T10] usb 4-1: USB disconnect, device number 3
[  302.606113][ T5081] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  302.638383][ T5081] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  302.649849][ T5081] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  303.099868][ T4300] team0 (unregistering): Port device team_slave_1 removed
[  303.162297][ T4300] team0 (unregistering): Port device team_slave_0 removed
[  304.279172][ T4232] =====================================================
[  304.286682][ T4232] BUG: KMSAN: uninit-value in virtqueue_add+0x1e86/0x65c0
[  304.294009][ T4232]  virtqueue_add+0x1e86/0x65c0
[  304.298964][ T4232]  virtqueue_add_sgs+0x186/0x1b0
[  304.304105][ T4232]  virtscsi_add_cmd+0x838/0xad0
[  304.309266][ T4232]  virtscsi_queuecommand+0x898/0xa60
[  304.314736][ T4232]  scsi_queue_rq+0x4cc7/0x5a80
[  304.319700][ T4232]  blk_mq_dispatch_rq_list+0x79b/0x3440
[  304.325526][ T4232]  __blk_mq_sched_dispatch_requests+0x11b7/0x26e0
[  304.332164][ T4232]  blk_mq_sched_dispatch_requests+0x12f/0x270
[  304.338508][ T4232]  blk_mq_run_hw_queue+0x6e4/0xbc0
[  304.343807][ T4232]  blk_mq_flush_plug_list+0x1683/0x2b20
[  304.349555][ T4232]  __blk_flush_plug+0x671/0x740
[  304.354544][ T4232]  writeback_sb_inodes+0xe3d/0x1e00
[  304.359896][ T4232]  wb_writeback+0x4df/0xea0
[  304.364485][ T4232]  wb_workfn+0x40b/0x1940
[  304.368921][ T4232]  process_scheduled_works+0xa81/0x1bd0
[  304.374628][ T4232]  worker_thread+0xea5/0x1560
[  304.379564][ T4232]  kthread+0x3e2/0x540
[  304.383741][ T4232]  ret_from_fork+0x6d/0x90
[  304.388332][ T4232]  ret_from_fork_asm+0x1a/0x30
[  304.393236][ T4232] 
[  304.395600][ T4232] Uninit was stored to memory at:
[  304.400970][ T4232]  copy_page_from_iter_atomic+0x12b7/0x2ae0
[  304.407063][ T4232]  generic_perform_write+0x4c1/0xc60
[  304.412570][ T4232]  ext4_buffered_write_iter+0x564/0xaa0
[  304.418278][ T4232]  ext4_file_write_iter+0x208/0x3450
[  304.423651][ T4232]  __kernel_write_iter+0x64d/0xc80
[  304.428895][ T4232]  dump_user_range+0x8dc/0xee0
[  304.433778][ T4232]  elf_core_dump+0x57c7/0x5ae0
[  304.438652][ T4232]  do_coredump+0x32d5/0x4920
[  304.443337][ T4232]  get_signal+0x267e/0x2d00
[  304.447959][ T4232]  arch_do_signal_or_restart+0x53/0xcb0
[  304.453629][ T4232]  syscall_exit_to_user_mode+0x5d/0x160
[  304.459366][ T4232]  do_syscall_64+0xdc/0x1e0
[  304.463974][ T4232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.470005][ T4232] 
[  304.472362][ T4232] Uninit was created at:
[  304.476743][ T4232]  __alloc_pages+0x9d6/0xe70
[  304.481410][ T4232]  alloc_pages_mpol+0x299/0x990
[  304.486357][ T4232]  alloc_pages+0x1bf/0x1e0
[  304.490858][ T4232]  dump_user_range+0x4a/0xee0
[  304.495632][ T4232]  elf_core_dump+0x57c7/0x5ae0
[  304.500526][ T4232]  do_coredump+0x32d5/0x4920
[  304.505233][ T4232]  get_signal+0x267e/0x2d00
[  304.509832][ T4232]  arch_do_signal_or_restart+0x53/0xcb0
[  304.515516][ T4232]  syscall_exit_to_user_mode+0x5d/0x160
[  304.521182][ T4232]  do_syscall_64+0xdc/0x1e0
[  304.525793][ T4232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.531797][ T4232] 
[  304.534172][ T4232] Bytes 0-4095 of 4096 are uninitialized
[  304.539861][ T4232] Memory access of size 4096 starts at ffff88813e66d000
[  304.546855][ T4232] 
[  304.549235][ T4232] CPU: 1 PID: 4232 Comm: kworker/u8:24 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0
[  304.559272][ T4232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  304.569427][ T4232] Workqueue: writeback wb_workfn (flush-8:0)
[  304.575562][ T4232] =====================================================
[  304.582534][ T4232] Disabling lock debugging due to kernel taint
[  304.588752][ T4232] Kernel panic - not syncing: kmsan.panic set ...
[  304.595219][ T4232] CPU: 1 PID: 4232 Comm: kworker/u8:24 Tainted: G    B              6.9.0-syzkaller-02707-g614da38e2f7a #0
[  304.606708][ T4232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  304.616877][ T4232] Workqueue: writeback wb_workfn (flush-8:0)
[  304.623016][ T4232] Call Trace:
[  304.626345][ T4232]  <TASK>
[  304.629322][ T4232]  dump_stack_lvl+0x216/0x2d0
[  304.634121][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.640058][ T4232]  dump_stack+0x1e/0x30
[  304.644331][ T4232]  panic+0x4e2/0xcd0
[  304.648332][ T4232]  ? kmsan_get_metadata+0xf1/0x1d0
[  304.653552][ T4232]  kmsan_report+0x2d5/0x2e0
[  304.658147][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  304.663436][ T4232]  ? kmsan_internal_set_shadow_origin+0x66/0xe0
[  304.669808][ T4232]  ? kmsan_internal_check_memory+0x48c/0x560
[  304.675909][ T4232]  ? kmsan_handle_dma+0xac/0xc0
[  304.680854][ T4232]  ? virtqueue_add+0x1e86/0x65c0
[  304.685978][ T4232]  ? virtqueue_add_sgs+0x186/0x1b0
[  304.691221][ T4232]  ? virtscsi_add_cmd+0x838/0xad0
[  304.696355][ T4232]  ? virtscsi_queuecommand+0x898/0xa60
[  304.701921][ T4232]  ? scsi_queue_rq+0x4cc7/0x5a80
[  304.706975][ T4232]  ? blk_mq_dispatch_rq_list+0x79b/0x3440
[  304.712896][ T4232]  ? __blk_mq_sched_dispatch_requests+0x11b7/0x26e0
[  304.719617][ T4232]  ? blk_mq_sched_dispatch_requests+0x12f/0x270
[  304.725979][ T4232]  ? blk_mq_run_hw_queue+0x6e4/0xbc0
[  304.731376][ T4232]  ? blk_mq_flush_plug_list+0x1683/0x2b20
[  304.737223][ T4232]  ? __blk_flush_plug+0x671/0x740
[  304.742370][ T4232]  ? writeback_sb_inodes+0xe3d/0x1e00
[  304.747837][ T4232]  ? wb_writeback+0x4df/0xea0
[  304.752594][ T4232]  ? wb_workfn+0x40b/0x1940
[  304.757204][ T4232]  ? process_scheduled_works+0xa81/0x1bd0
[  304.763025][ T4232]  ? worker_thread+0xea5/0x1560
[  304.767970][ T4232]  ? kthread+0x3e2/0x540
[  304.772311][ T4232]  ? ret_from_fork+0x6d/0x90
[  304.776987][ T4232]  ? ret_from_fork_asm+0x1a/0x30
[  304.782043][ T4232]  ? blk_mq_flush_plug_list+0x1683/0x2b20
[  304.787912][ T4232]  ? __blk_flush_plug+0x671/0x740
[  304.793059][ T4232]  ? writeback_sb_inodes+0xe3d/0x1e00
[  304.798520][ T4232]  ? wb_writeback+0x4df/0xea0
[  304.803276][ T4232]  ? wb_workfn+0x40b/0x1940
[  304.807884][ T4232]  ? process_scheduled_works+0xa81/0x1bd0
[  304.813706][ T4232]  ? worker_thread+0xea5/0x1560
[  304.818653][ T4232]  ? kthread+0x3e2/0x540
[  304.822998][ T4232]  ? ret_from_fork+0x6d/0x90
[  304.827681][ T4232]  ? ret_from_fork_asm+0x1a/0x30
[  304.832726][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.838655][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  304.843962][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.849871][ T4232]  ? should_fail_ex+0x4a/0x800
[  304.854877][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  304.860171][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.866076][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  304.871367][ T4232]  kmsan_internal_check_memory+0x48c/0x560
[  304.877665][ T4232]  kmsan_handle_dma+0xac/0xc0
[  304.882435][ T4232]  virtqueue_add+0x1e86/0x65c0
[  304.887309][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.893214][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  304.898534][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  304.903834][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.909765][ T4232]  virtqueue_add_sgs+0x186/0x1b0
[  304.914824][ T4232]  virtscsi_add_cmd+0x838/0xad0
[  304.919807][ T4232]  virtscsi_queuecommand+0x898/0xa60
[  304.925205][ T4232]  ? __pfx_virtscsi_queuecommand+0x10/0x10
[  304.931117][ T4232]  scsi_queue_rq+0x4cc7/0x5a80
[  304.936016][ T4232]  ? __pfx_scsi_queue_rq+0x10/0x10
[  304.941242][ T4232]  blk_mq_dispatch_rq_list+0x79b/0x3440
[  304.946914][ T4232]  ? sbitmap_get+0x431/0x670
[  304.951622][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  304.957567][ T4232]  ? dd_dispatch_request+0x9a1/0xa20
[  304.962990][ T4232]  __blk_mq_sched_dispatch_requests+0x11b7/0x26e0
[  304.969554][ T4232]  ? __blk_mq_sched_dispatch_requests+0x1031/0x26e0
[  304.976294][ T4232]  blk_mq_sched_dispatch_requests+0x12f/0x270
[  304.982496][ T4232]  blk_mq_run_hw_queue+0x6e4/0xbc0
[  304.987729][ T4232]  ? __pfx_dd_insert_requests+0x10/0x10
[  304.993394][ T4232]  blk_mq_flush_plug_list+0x1683/0x2b20
[  304.999068][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  305.004407][ T4232]  __blk_flush_plug+0x671/0x740
[  305.009388][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  305.014801][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  305.020783][ T4232]  writeback_sb_inodes+0xe3d/0x1e00
[  305.026161][ T4232]  wb_writeback+0x4df/0xea0
[  305.030770][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  305.036069][ T4232]  ? kmsan_get_metadata+0x146/0x1d0
[  305.041357][ T4232]  ? queue_io+0x481/0x780
[  305.045779][ T4232]  wb_workfn+0x40b/0x1940
[  305.050216][ T4232]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  305.056135][ T4232]  ? __pfx_wb_workfn+0x10/0x10
[  305.061004][ T4232]  process_scheduled_works+0xa81/0x1bd0
[  305.066673][ T4232]  worker_thread+0xea5/0x1560
[  305.071470][ T4232]  kthread+0x3e2/0x540
[  305.075640][ T4232]  ? __pfx_worker_thread+0x10/0x10
[  305.080858][ T4232]  ? __pfx_kthread+0x10/0x10
[  305.085547][ T4232]  ret_from_fork+0x6d/0x90
[  305.090050][ T4232]  ? __pfx_kthread+0x10/0x10
[  305.094744][ T4232]  ret_from_fork_asm+0x1a/0x30
[  305.099629][ T4232]  </TASK>
[  305.102822][ T4232] Kernel Offset: disabled
[  305.107200][ T4232] Rebooting in 86400 seconds..