last executing test programs:

9.148201496s ago: executing program 1 (id=720):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206030000000000000000000700000705000100070000000900020073797a3100000000140007800800124000000005080013400000000e0500050002000000050004000100dd0011000300686173683a69702c706f727400000000"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r4 = fcntl$dupfd(0xffffffffffffffff, 0x406, r2)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
write$binfmt_elf32(r4, &(0x7f0000000e00)=ANY=[], 0x958)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)
write$binfmt_script(r4, &(0x7f0000000840)={'#! ', './file0', [], 0xa, "574af3849be3"}, 0x11)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4)
shutdown(0xffffffffffffffff, 0x1)

8.030547185s ago: executing program 1 (id=724):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001900)={'wg2\x00', <r6=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="e0100000", @ANYRES16=r5, @ANYBLOB="0500000000000000000001000000060006004e240000901008809005008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691cb40409807c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030000000000f4000080060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000a00000014000200fc0200000000000000000000000000010500030000000000060001000200000008000200e00000020500030003000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030002000000060001000a00000014000200fc0200000000000000000000000000000500030003000000340000800600010002000000080002000a0101010500030004000000060001000200000008000200ac1414aa050003000300000064000080060001000a00000014000200200100000000000000000000000000000500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff010000000000000000000000000001050003000200000094000080060001000200000008000200ac1e00010500030002000000060001000200000008000200e00000010500030002000000060001000a00000014000200fc0000000000000000000000000000000500030002000000060001000200000008000200000000000500030003000000060001000a00000014000200fe80000000000000000000000000000e050003000000000040000080060001000a00000014000200fc0200000000000000000000000000000500030002000000060001000200000008000200ac1414aa050003000000000064000080060001000a00000014000200200100000000000000000000000000020500030001000000060001000a00000014000200fc02000000000000000000000000000105000300020000000600010002000000080002000a010100050003000200000070000080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000a00000014000200000000000000000000000000000000000500030002000000060001000a0000001400020000000000000000000000000000000001050003000000000000010080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200000000000500030003000000060001000200000008000200640101000500030002000000060001000200000008000200640101010500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8000000000000000000000000000bb05000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000200000008000200640101010500030001000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e1803008024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39220600050005000000e802098058000080060001000200000008000200ac1e00010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300010000007c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000060001000a000000140002000000000000000000000000000000000105000300020000000600010002000000080002000a0101010500030003000000f4000080060001000a0000001400020000000000000000000000ffffac1414aa0500030003000000060001000200000008000200ac1414aa05000300000000000600010002000000080002000a01010205000300020000000600010002000000080002007f00000105000300000000000600010002000000080002000a0101010500030003000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc01000000000000000000000000000005000300010000000600010002000000080002000a0101000500030000000000060001000200000008000200ac1e0101050003000200000094000080060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030002000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ffffffff050003000200000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000a00000014000200ff02000000000000000000000000000105000300020000007c000080200004000a004e2100000006fc0100000000000000000000000000010400000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000300000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a549780000800800030001000000080003000400000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e22000000000000000000000000e4060080dc020980f4000080060001000a00000014000200000000000000000000000000000000000500030002000000060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000200000008000200ffffffff050003000100000006d4e23d7500000008000200ac1e00010500030001000000060001000200000008000200e000000105000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000a00000014000200fc010000000000000000000000000001050003000300000034000080060001000200000008000200640101000500030001000000060001000200000008000200ac1414bb050003000200000000010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300020000000600010002000000080002006401010005000300020000000600010002000000080002007f00000105000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc0100000000000000000000000000010500030000000000940000800600010002000000080002006401010005000300010000000600010002000000080002006401010205000300000000000600010002000000080002007f0000010500030003000000060001000200000008000200e00000020500030003000000060001000200000008000200ac1414120500030002000000060001000200000008000200ac14142d05000300020000001c000080060001000200000008000200ffffffff05000300030000000800030002000000200004000a004e2000000005fc010000000000000000000000000001000000009403098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030003000000060001000a00000014000200fe8800000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030003000000060001000a00000014000200fe880000000000000000000000000101050003000100000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030001000000060001000a0000001400020000000000000000000000ffffe00000020500030003000000f4000080060001000200000008000200000000000500030001000000060001000a00000014000200000000000000000000000000000000010500030003000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe80000000000000000000000000003e05000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200ff0200000000000000000000000000010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000058000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414410500030010000000060001000200000008000200ac1e00010500030001000000f4000080060001000200000008000200640101000500030002000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030003000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414270500030000000000060001000a0000001400020020010000000000000000000000000002050003000100000058000080060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe8000000000000000000000000000140500030000000000060001000200000008000200e0000001050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030006000000060006004e24000008000100", @ANYRES32=r6, @ANYBLOB], 0x10e0}}, 0x0)

7.89096329s ago: executing program 2 (id=726):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(r2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c40)={{r4}, &(0x7f0000000bc0), &(0x7f0000000c00)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000008340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x2e, 0x28, 0x65, 0x0, 0x2, 0x6, 0x0, @private=0xa010102, @private=0xa010101}, {{0x4e27, 0x4e27, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0xfffd, 0x0, 0x57}}}}}}, 0x0)

6.900876733s ago: executing program 1 (id=727):
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000061c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da09"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

6.863275325s ago: executing program 2 (id=728):
r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000100)={0x0, 0x0})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r3, 0xc008aec1, &(0x7f00000003c0)={0xa, 0x0, [{0x80000007, 0x4, 0x3, 0x18000000, 0x7fffffff, 0x7, 0x80000000}, {0x0, 0x4, 0x2, 0x7, 0xffff0000, 0x80000000, 0x8}, {0x1, 0x10, 0x1, 0x40, 0x4, 0x5d2c}, {0x80000000, 0x0, 0x3, 0x5, 0x1b, 0xffffc177, 0xfffffffa}, {0x7, 0x0, 0x5, 0x10, 0x6, 0x9f71, 0x6}, {0xc0000001, 0x4, 0x4, 0x0, 0x7, 0x3, 0x400}, {0x6, 0x7, 0x5, 0x18, 0x5bf, 0x40, 0x5}, {0x0, 0x401, 0x0, 0x12, 0x1, 0x7, 0x1}, {0xa, 0x1, 0x1, 0x8, 0x5, 0x2, 0x9}, {0x2, 0x7, 0x1, 0x47e254b, 0x9, 0x8, 0x9}]})

6.628700105s ago: executing program 2 (id=730):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000009b, 0x0, 0xfffffffffffffffc}]})

6.431737353s ago: executing program 2 (id=731):
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x800, &(0x7f0000000240)={[{@datacow}, {@nodatasum}, {@compress_force}, {@metadata_ratio={'metadata_ratio', 0x3d, 0x4}}, {@ssd}, {}, {@acl}, {@datacow}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = openat(0xffffffffffffff9c, 0x0, 0x40942, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="01000000000000e14f003b000000", @ANYRES64=r1, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200), 0xfea7)
copy_file_range(r2, &(0x7f00000001c0), r0, 0x0, 0xa003e458, 0x700000000000000)
write$binfmt_misc(r0, &(0x7f0000000440), 0x200)

5.302016912s ago: executing program 3 (id=733):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup2(r0, 0xffffffffffffffff)

5.10844215s ago: executing program 3 (id=734):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000280), 0x4, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000040)={0xb, 0x1, 0x2, "f819ebf45608e255b61c5deb3eb574d486d27e0600000000040000000006f100"})

4.614597521s ago: executing program 1 (id=736):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(r2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c40)={{r4}, &(0x7f0000000bc0), &(0x7f0000000c00)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000008340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x2e, 0x28, 0x65, 0x0, 0x2, 0x6, 0x0, @private=0xa010102, @private=0xa010101}, {{0x4e27, 0x4e27, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0xfffd, 0x0, 0x57}}}}}}, 0x0)

3.998610778s ago: executing program 3 (id=737):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0x9)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000840)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04f06d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7ff0f6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76c186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.564421847s ago: executing program 0 (id=738):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x6a0, 0x0, 0x7}]})

3.532395028s ago: executing program 1 (id=739):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, &(0x7f0000000180)=[@code={0xa, 0x64, {"66420f3881710065672ef20f51f0c44115650f66baf80cb8ded1498def66bafc0c66ed66baf80cb85047828bef66bafc0c66ed660f3066baa00066edc4e245976fca66bad10466b8ba6766ef3e66660f73d196"}}], 0x64})
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil)
syz_kvm_add_vcpu$x86(r6, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@code={0xa, 0x41, {"45c6f8b8674b0fae07c48205bef8420f3526410f090f072e0f01c866b8f0008ec8450f009c190090000066b867008ec0"}}], 0x41})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.461699121s ago: executing program 2 (id=740):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x20008d0, &(0x7f0000000b00)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa95feffffffdcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf49eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30000000000000001ee5e651f242b1f8beb01e05d73544abf22c2b8f726f25d18963fa5ea6c5ac79627070a8c84f13d4246d362f4acc77b5c072b727bc548c830e4801b5072c5882d3a570e3066895b66cdbf9e3283962616af4de0d21d19aad529c3dc433ab1dee46b3314fd1364a7d2354e0971223a2dac161d2e11464dd60d721d4500d4d720113d1779f6a04f19a3a88905e1784d86636e75e8a09967075313f399dff889eecfa7b1361b825fe2ecd10711a159eb71f920da4170977405df15442d9c49f9bd62b65a3789d924681e3629fbcac7c47bfaeb2fe10b948c1940762"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
r1 = dup(r0)
pwritev2(r1, &(0x7f0000000500)=[{&(0x7f00000000c0)="aa", 0x1}], 0x1, 0xd8c1, 0x0, 0x0)
copy_file_range(r0, 0x0, r1, &(0x7f0000000640)=0xd000, 0xd000, 0x0)

3.294191978s ago: executing program 0 (id=741):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet(0x2, 0x4000000000000001, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r4 = fcntl$dupfd(r0, 0x406, r2)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
write$binfmt_elf32(r4, &(0x7f0000000e00)=ANY=[], 0x958)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)
write$binfmt_script(r4, &(0x7f0000000840)={'#! ', './file0', [], 0xa, "574af3849be3"}, 0x11)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4)
shutdown(r0, 0x1)

3.191121673s ago: executing program 3 (id=742):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b442606838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb026fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e1533135fee831df925e9baabdb846b5bf66855e3f8b751ca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000005000/0x1000)=nil, r3, 0x2, 0x13, r4, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000000)={0x400, 0x2, 0x0, 0x1ff, 0x5})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.138824608s ago: executing program 0 (id=743):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000101}]})

1.905625548s ago: executing program 1 (id=744):
syz_mount_image$hfsplus(&(0x7f0000000480), &(0x7f0000000100)='./file1\x00', 0x2a08800, &(0x7f0000000140)=ANY=[], 0x4, 0x69f, &(0x7f0000000580)="$eJzs3c1rHOcdB/DvrFay1gVHeXHilkBFDGmpqS1Z2K17idtD8SGU4B5CSy/ClmPhtRMkpSihFPX92kP+gPSgQyGnQu+GtPTU5parTiVQ6CUn3Vxmdna1etmV1tGLnX4+MDvPzPP+m5d9EWIC/N+6cSHNhyly48Lrq+X2xvpce2N97lSd3U5SphtJs7NK8SApPk6up7Pkq+XOunwxqJ8PFq/d/PTzjc86W816qco3htU7mLV6yXSSsXq92/hjtXdrYHvDzfdSRW+GZcDOdwMHJ+3RLmujVP+C1y3wJCg675u7TCWnk0zWnwNS3x0axzu6wzfSXQ4AAACeUs9sZjOrOXPS4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICnSf38/6JeGt30dIru8/+b9b7SRJKbjRMe8+iKXurhiY4DAAAAAAAAAA7H1zezmdWc6W4/6vxpvFm9vlC9fiXvZjkLWcrFrGY+K1nJUmaTTPU1NLE6v7KyNJtX9q15ec+al49jtgAAAAAAAADwpfXr3Nj6+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJimSss6qWF7rpqTSaSSaTTJTl1pJPuumnRNFNtPp2PjyZsQAAAMBjm9xr5yd/H1rnmc1sZjVnutuPiuo7/4vV9+XJvJsHWcliVtLOQm7X36HLb/2NjfW59sb63P2N9bmq45896ui08/3/jjT0qsV0fnvYu+dzVYlW7mSx2nMxt6rB3E6jqlk6V4+nt2zv5FflmFqv1Q44stv1uuzsj/2/Ihy2xqgVpqpK472IzNRjKxt6dngk9j06zaE9zabR++XnhSE9dadUjBjz0916SX6/I+av/fvPPzlgM0egF4lGqkhc7jv7XuxF4dTelb/x14/evNt+cO/uneULR3YaHZed58RcXyReGn72PeGRaI5YfqZ3pnemciM/zI9zIdN5I0tZzM9Tng8Lqe+Mma/Lla9TfVFKdkXq+ratN/YbyUR9XDp30UbO9nJ2j2k+K1nIdE5Vqfm8UtU9k8UUeTu3s5Crudq79K7kSq71HeGzA49wVaG60zZGu+rPf3MrhPnDjp9ph/rHQQuOrvOWWsb12b649t9zp6q8/j1bUXruAO9HI94bm1+rE2Ufv6nWP31CfoTfGYnZvkg8PzwSf6qujeX2g3tLd+ffGdD+2o7tV8e30r87ynfmkZUH5LlM1neS7WdHmfd87y6zPV4T9V9cOnmNXXlnq7yi6F6pP+q7Uq/mcmbznfpKnag/w+1u6XKV99LuvLHuyM/15W37vJW3/3ky8QRgRKe/dXqi9Z/Wv1oftn7butt6ffIHp7576uWJjP9t/HvNmbFXGy8Xf8mH+eXW938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODxLb/3/r35dnthae9EY3DW4SaK+kE+g8o008oRDmM8Rz3BPae8dugt57hn8ViJ7pOrvmg7b14/hjGPJccZ1Uzte1UeaqKcXnfPWLay6kO058NFgS+DSyv337m0/N773168P//WwlsLD8avXLk2c+3K1blLdxbbCzOd15MeJXAUtj4PDCrx0fEOCAAAAAAAAAAAANjXcfynQV930yc4VQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOApdeNCmuMpMjtzcabc3lifa5dLN71Vspmk0UiKXyTFx8n1dJZM9TVXDOrng8VrNz/9fOOzrbaa3fKNYfW6JobmrtVLppOM1esR2xjY3q1B7R1Y0ZthGbDz3cDBSftfAAAA///6S/6H")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x8, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x7, 0x5, 0x77}, {@private=0xa010101, 0x4e23, 0x1, 0xcd, 0x12d5f, 0x3}}, 0x44)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f00000000c0)={0x0, 0x80000000}, &(0x7f0000000300)=0x8)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

1.905230058s ago: executing program 3 (id=745):
syz_emit_vhci(0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000001c0)={0x5, &(0x7f00000004c0)=[{}, {}, {}, {}, {}]})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000010000004200000040"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setrlimit(0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
setreuid(0xee01, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, 0x0, 0x140, 0x0)
ioctl$RTC_UIE_ON(r5, 0x7003)
ioctl$RTC_AIE_ON(r5, 0x7001)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000f80)={0x1, 0x10, 0xfa00, {&(0x7f00000001c0)}}, 0x18)
recvmmsg$unix(r0, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000002c0)=""/239, 0xef}, {&(0x7f00000003c0)=""/217, 0xd9}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/124, 0x7c}, {&(0x7f0000000200)=""/23, 0x17}, {&(0x7f0000001540)=""/186, 0xba}], 0x6}}], 0x1, 0x10, 0x0)
write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)

1.791897643s ago: executing program 0 (id=746):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001900)={'wg2\x00', <r6=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="e0100000", @ANYRES16=r5, @ANYBLOB="0500000000000000000001000000060006004e240000901008809005008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691cb40409807c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030000000000f4000080060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000a00000014000200fc0200000000000000000000000000010500030000000000060001000200000008000200e00000020500030003000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030002000000060001000a00000014000200fc0200000000000000000000000000000500030003000000340000800600010002000000080002000a0101010500030004000000060001000200000008000200ac1414aa050003000300000064000080060001000a00000014000200200100000000000000000000000000000500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff010000000000000000000000000001050003000200000094000080060001000200000008000200ac1e00010500030002000000060001000200000008000200e00000010500030002000000060001000a00000014000200fc0000000000000000000000000000000500030002000000060001000200000008000200000000000500030003000000060001000a00000014000200fe80000000000000000000000000000e050003000000000040000080060001000a00000014000200fc0200000000000000000000000000000500030002000000060001000200000008000200ac1414aa050003000000000064000080060001000a00000014000200200100000000000000000000000000020500030001000000060001000a00000014000200fc02000000000000000000000000000105000300020000000600010002000000080002000a010100050003000200000070000080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000a00000014000200000000000000000000000000000000000500030002000000060001000a0000001400020000000000000000000000000000000001050003000000000000010080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200000000000500030003000000060001000200000008000200640101000500030002000000060001000200000008000200640101010500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8000000000000000000000000000bb05000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000200000008000200640101010500030001000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e1803008024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39220600050005000000e802098058000080060001000200000008000200ac1e00010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300010000007c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000060001000a000000140002000000000000000000000000000000000105000300020000000600010002000000080002000a0101010500030003000000f4000080060001000a0000001400020000000000000000000000ffffac1414aa0500030003000000060001000200000008000200ac1414aa05000300000000000600010002000000080002000a01010205000300020000000600010002000000080002007f00000105000300000000000600010002000000080002000a0101010500030003000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc01000000000000000000000000000005000300010000000600010002000000080002000a0101000500030000000000060001000200000008000200ac1e0101050003000200000094000080060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030002000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ffffffff050003000200000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000a00000014000200ff02000000000000000000000000000105000300020000007c000080200004000a004e2100000006fc0100000000000000000000000000010400000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000300000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a549780000800800030001000000080003000400000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e22000000000000000000000000e4060080dc020980f4000080060001000a00000014000200000000000000000000000000000000000500030002000000060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000200000008000200ffffffff050003000100000006d4e23d7500000008000200ac1e00010500030001000000060001000200000008000200e000000105000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000a00000014000200fc010000000000000000000000000001050003000300000034000080060001000200000008000200640101000500030001000000060001000200000008000200ac1414bb050003000200000000010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300020000000600010002000000080002006401010005000300020000000600010002000000080002007f00000105000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc0100000000000000000000000000010500030000000000940000800600010002000000080002006401010005000300010000000600010002000000080002006401010205000300000000000600010002000000080002007f0000010500030003000000060001000200000008000200e00000020500030003000000060001000200000008000200ac1414120500030002000000060001000200000008000200ac14142d05000300020000001c000080060001000200000008000200ffffffff05000300030000000800030002000000200004000a004e2000000005fc010000000000000000000000000001000000009403098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030003000000060001000a00000014000200fe8800000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030003000000060001000a00000014000200fe880000000000000000000000000101050003000100000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030001000000060001000a0000001400020000000000000000000000ffffe00000020500030003000000f4000080060001000200000008000200000000000500030001000000060001000a00000014000200000000000000000000000000000000010500030003000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe80000000000000000000000000003e05000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200ff0200000000000000000000000000010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000058000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414410500030010000000060001000200000008000200ac1e00010500030001000000f4000080060001000200000008000200640101000500030002000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030003000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414270500030000000000060001000a0000001400020020010000000000000000000000000002050003000100000058000080060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe8000000000000000000000000000140500030000000000060001000200000008000200e0000001050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030006000000060006004e24000008000100", @ANYRES32=r6, @ANYBLOB='$\x00'], 0x10e0}}, 0x0)

347.658785ms ago: executing program 0 (id=747):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(r2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c40)={{r4}, &(0x7f0000000bc0), &(0x7f0000000c00)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000008340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x2e, 0x28, 0x65, 0x0, 0x2, 0x6, 0x0, @private=0xa010102, @private=0xa010101}, {{0x4e27, 0x4e27, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0xfffd, 0x0, 0x57}}}}}}, 0x0)

300.322277ms ago: executing program 3 (id=748):
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x800, &(0x7f0000000240)={[{@datacow}, {@nodatasum}, {@compress_force}, {@metadata_ratio={'metadata_ratio', 0x3d, 0x4}}, {@ssd}, {}, {@acl}, {@datacow}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = openat(0xffffffffffffff9c, 0x0, 0x40942, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="01000000000000e14f003b000000", @ANYRES64=r1, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000200), 0xfea7)
copy_file_range(r2, &(0x7f00000001c0), r0, 0x0, 0xa003e458, 0x700000000000000)
write$binfmt_misc(r0, &(0x7f0000000440), 0x200)

121.619315ms ago: executing program 2 (id=749):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$vcs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
shutdown(r0, 0x0)
sync()
sync()
r1 = socket$inet6(0xa, 0x3, 0x103)
sendto(r1, 0x0, 0x0, 0x4000810, &(0x7f00000008c0)=@nl=@unspec={0x0, 0x0, 0x0, 0xe0ff}, 0x80)
sync()
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3}}]}, 0x38}}, 0x0)

0s ago: executing program 0 (id=750):
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x68801, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0x5, &(0x7f0000000140)={0x3, 0x4, 0xfffffff7})
r3 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xb, 0x6}, {0x3, 0xfff9}, {0x2, 0x3}}}, 0x24}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x1, 0x41e, 0x2, {}, {0x0, 0x2710}, {0x3, 0x0, 0x1}, 0x1, @can={{0x0, 0x1, 0x1}, 0x2, 0x3}}, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x40490)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000100)=<r5=>0x0)
prlimit64(r5, 0xf, &(0x7f0000000200)={0x7, 0x8}, &(0x7f0000000240))
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r6 = syz_open_dev$I2C(&(0x7f0000001640), 0x1, 0x2)
fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000080))
ioctl$I2C_RDWR(r6, 0x707, &(0x7f0000001600)={&(0x7f0000001580)=[{0x5e6, 0x5010, 0x5a, &(0x7f00000002c0)="f60e8b27e16059f51df124f72d429a53c1720b53fecda8f7f5aadb18b485f688f4a40fec7bb8da3d63c2a3e9eae7ef8da04c6301ae0fb50c6457c9d45256a0eed7e73a2ef0a17e27d70889c23c14f0adf336b033ca7c183bb957"}, {0x864, 0x0, 0x0, 0x0}], 0x2})
ioctl$I2C_FUNCS(0xffffffffffffffff, 0x705, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts.
syzkaller login: [   82.507224][ T5755] cgroup: Unknown subsys name 'net'
[   82.632147][ T5755] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.330905][ T5755] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.022598][ T5767] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.033957][ T5767] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.042062][ T5767] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.050529][ T5767] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.058523][ T5767] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.073872][ T5767] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.157626][ T5767] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.169604][ T5767] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.177605][ T5767] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.192793][ T5775] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.224460][ T5775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   86.233675][ T5775] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.265233][ T5773] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.274492][ T5773] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.282292][ T5773] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.299950][ T5773] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.308025][ T5775] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.324039][ T5775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.332261][ T5773] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   86.340812][ T5775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.341048][ T5773] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.349879][ T5775] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.364041][ T5775] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   86.372104][ T5775] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.669476][ T5764] chnl_net:caif_netlink_parms(): no params data found
[   86.843533][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.851115][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.858867][ T5764] bridge_slave_0: entered allmulticast mode
[   86.866729][ T5764] bridge_slave_0: entered promiscuous mode
[   86.880382][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.887841][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.895497][ T5764] bridge_slave_1: entered allmulticast mode
[   86.902501][ T5764] bridge_slave_1: entered promiscuous mode
[   86.947346][ T5768] chnl_net:caif_netlink_parms(): no params data found
[   87.062712][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.076784][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.128592][ T5770] chnl_net:caif_netlink_parms(): no params data found
[   87.197013][ T5764] team0: Port device team_slave_0 added
[   87.210897][ T5771] chnl_net:caif_netlink_parms(): no params data found
[   87.233558][ T5764] team0: Port device team_slave_1 added
[   87.333874][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.341248][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.349889][ T5768] bridge_slave_0: entered allmulticast mode
[   87.358406][ T5768] bridge_slave_0: entered promiscuous mode
[   87.383755][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.390941][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.421984][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.436707][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.444852][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.471179][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.484102][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.491278][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.500850][ T5768] bridge_slave_1: entered allmulticast mode
[   87.508853][ T5768] bridge_slave_1: entered promiscuous mode
[   87.595242][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.655386][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.747124][ T5764] hsr_slave_0: entered promiscuous mode
[   87.760390][ T5764] hsr_slave_1: entered promiscuous mode
[   87.806586][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.813938][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.821189][ T5770] bridge_slave_0: entered allmulticast mode
[   87.828707][ T5770] bridge_slave_0: entered promiscuous mode
[   87.841649][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.848929][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.857035][ T5770] bridge_slave_1: entered allmulticast mode
[   87.864591][ T5770] bridge_slave_1: entered promiscuous mode
[   87.874940][ T5768] team0: Port device team_slave_0 added
[   87.922736][ T5768] team0: Port device team_slave_1 added
[   87.974541][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.997527][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.005068][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.012287][ T5771] bridge_slave_0: entered allmulticast mode
[   88.019644][ T5771] bridge_slave_0: entered promiscuous mode
[   88.027700][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.035443][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.042853][ T5771] bridge_slave_1: entered allmulticast mode
[   88.050804][ T5771] bridge_slave_1: entered promiscuous mode
[   88.071785][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.101183][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.108336][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.135597][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.148432][ T5767] Bluetooth: hci0: command tx timeout
[   88.192183][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.199410][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.225679][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.260711][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.283212][ T5767] Bluetooth: hci1: command tx timeout
[   88.300934][ T5770] team0: Port device team_slave_0 added
[   88.310277][ T5770] team0: Port device team_slave_1 added
[   88.321224][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.427151][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.435370][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.462363][ T5767] Bluetooth: hci3: command tx timeout
[   88.464094][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.468420][ T5775] Bluetooth: hci2: command tx timeout
[   88.490030][ T5771] team0: Port device team_slave_0 added
[   88.516718][ T5768] hsr_slave_0: entered promiscuous mode
[   88.524493][ T5768] hsr_slave_1: entered promiscuous mode
[   88.530749][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.538643][ T5768] Cannot create hsr debugfs directory
[   88.545679][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.552683][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.579511][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.598845][ T5771] team0: Port device team_slave_1 added
[   88.694718][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.701807][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.730551][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.782605][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.789687][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.815773][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.884061][ T5770] hsr_slave_0: entered promiscuous mode
[   88.890632][ T5770] hsr_slave_1: entered promiscuous mode
[   88.897171][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.905753][ T5770] Cannot create hsr debugfs directory
[   88.912728][ T5764] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.925160][ T5764] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.975845][ T5764] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.041781][ T5764] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   89.074917][ T5771] hsr_slave_0: entered promiscuous mode
[   89.081519][ T5771] hsr_slave_1: entered promiscuous mode
[   89.091746][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.099974][ T5771] Cannot create hsr debugfs directory
[   89.306770][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   89.321018][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   89.355771][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   89.367052][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   89.479430][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.493513][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.534777][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.546218][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.626895][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.637322][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.666162][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.679040][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.690235][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.768261][ T5764] 8021q: adding VLAN 0 to HW filter on device team0
[   89.822186][ T1325] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.829614][ T1325] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.840940][ T1325] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.848327][ T1325] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.920375][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.959373][ T5764] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   89.985708][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.022400][ T5768] 8021q: adding VLAN 0 to HW filter on device team0
[   90.050890][ T1325] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.058130][ T1325] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.088041][ T5770] 8021q: adding VLAN 0 to HW filter on device team0
[   90.104349][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.111534][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.150566][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.157794][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.208312][ T5775] Bluetooth: hci0: command tx timeout
[   90.221837][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.229246][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.243588][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.316778][ T5771] 8021q: adding VLAN 0 to HW filter on device team0
[   90.363645][ T5775] Bluetooth: hci1: command tx timeout
[   90.377806][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.385067][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.437833][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.445099][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.486014][ T5770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.523741][ T5775] Bluetooth: hci2: command tx timeout
[   90.532158][ T5767] Bluetooth: hci3: command tx timeout
[   90.549874][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.709129][ T5764] veth0_vlan: entered promiscuous mode
[   90.776335][ T5764] veth1_vlan: entered promiscuous mode
[   90.851556][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.891902][ T5764] veth0_macvtap: entered promiscuous mode
[   90.936379][ T5764] veth1_macvtap: entered promiscuous mode
[   90.986278][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.016992][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.031335][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.046551][ T5764] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.056955][ T5764] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.066358][ T5764] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.077695][ T5764] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.156878][ T5768] veth0_vlan: entered promiscuous mode
[   91.170294][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.211078][ T5768] veth1_vlan: entered promiscuous mode
[   91.294364][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.302453][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.305470][ T5770] veth0_vlan: entered promiscuous mode
[   91.369336][ T5768] veth0_macvtap: entered promiscuous mode
[   91.381418][ T5768] veth1_macvtap: entered promiscuous mode
[   91.399529][ T5770] veth1_vlan: entered promiscuous mode
[   91.412748][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.423828][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.460656][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.472466][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.485949][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.501860][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.513515][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.527540][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.539891][ T5771] veth0_vlan: entered promiscuous mode
[   91.585947][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.595013][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.604547][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.613430][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.658259][ T5771] veth1_vlan: entered promiscuous mode
[   91.679297][ T5770] veth0_macvtap: entered promiscuous mode
[   91.707104][ T5770] veth1_macvtap: entered promiscuous mode
[   91.807650][ T5771] veth0_macvtap: entered promiscuous mode
[   91.819395][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.832552][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.844247][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.855058][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.867276][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.105033][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.113655][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.225721][   T27] cfg80211: failed to load regulatory.db
[   92.286008][ T5767] Bluetooth: hci0: command tx timeout
[   92.431393][ T5854] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.443327][ T5767] Bluetooth: hci1: command tx timeout
[   92.456141][ T5854] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.603698][ T5767] Bluetooth: hci3: command tx timeout
[   92.603726][ T5775] Bluetooth: hci2: command tx timeout
[   92.658542][ T5854] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.668228][ T5854] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.678758][ T5854] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.687964][ T5854] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.920573][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.920921][ T5854] syz.2.3 (5854) used greatest stack depth: 20360 bytes left
[   92.938148][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.950619][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.955978][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.965184][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.979653][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.988838][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.018993][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.028340][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.044871][ T5771] veth1_macvtap: entered promiscuous mode
[   93.065282][ T5880] syz.2.5[5880]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   93.091500][ T5880] loop2: detected capacity change from 0 to 256
[   93.150813][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.153691][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.169706][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.179843][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.191610][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.202871][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.216237][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.225265][ T5880] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   93.274438][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.296419][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.308457][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.319522][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.337086][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.369392][ T5771] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.384591][ T5771] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.393723][ T5771] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.402881][ T5771] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.513873][   T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.521780][   T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.618482][ T5882] loop2: detected capacity change from 0 to 1024
[   93.627354][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.668811][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.886694][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.956554][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.259631][ T5876] IPVS: starting estimator thread 0...
[   94.423093][ T5775] Bluetooth: hci0: command tx timeout
[   94.483258][ T5887] IPVS: using max 16 ests per chain, 38400 per kthread
[   94.523904][ T5775] Bluetooth: hci1: command tx timeout
[   94.531259][ T1325] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.586763][ T1325] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.683679][ T5775] Bluetooth: hci2: command tx timeout
[   94.689188][ T5775] Bluetooth: hci3: command tx timeout
[   94.710796][   T59] hfsplus: b-tree write err: -5, ino 4
[   95.918886][ T5884] loop3: detected capacity change from 0 to 32768
[   96.029338][ T5884] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   96.053164][ T5884] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   96.204604][ T5889] loop1: detected capacity change from 0 to 32768
[   96.255464][ T5889] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.2 (5889)
[   96.273928][ T5884] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[   96.324118][  T172] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   96.350819][  T172] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   96.441171][ T5889] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   96.490422][ T5889] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[   96.501370][  T172] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 150ms
[   96.530767][  T172] gfs2: fsid=syz:syz.0: jid=0: Done
[   96.533157][ T5889] BTRFS info (device loop1): metadata ratio 4
[   96.542515][ T5889] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[   96.550948][ T5884] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   96.571184][ T5889] BTRFS info (device loop1): force lzo compression, level 0
[   96.608382][ T5889] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   96.659792][ T5889] BTRFS info (device loop1): trying to use backup root at mount time
[   96.688452][ T5889] BTRFS info (device loop1): use zlib compression, level 3
[   96.717514][ T5889] BTRFS info (device loop1): enabling ssd optimizations
[   96.737733][ T5889] BTRFS info (device loop1): disabling tree log
[   96.757943][ T5889] BTRFS info (device loop1): using free space tree
[   96.849423][ T5896] loop2: detected capacity change from 0 to 32768
[   96.897915][ T5896] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.8 (5896)
[   96.913931][   T49] BTRFS warning (device loop1): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0
[   96.996131][ T5889] BTRFS warning (device loop1): couldn't read tree root
[   97.013467][ T5889] BTRFS warning (device loop1): try to load backup roots slot 1
[   97.025597][   T34] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0
[   97.049427][ T5889] BTRFS warning (device loop1): couldn't read tree root
[   97.059485][ T5889] BTRFS warning (device loop1): try to load backup roots slot 2
[   97.097636][ T5900] loop0: detected capacity change from 0 to 32768
[   97.104857][   T49] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[   97.165119][ T5889] BTRFS warning (device loop1): couldn't read tree root
[   97.172953][ T5889] BTRFS warning (device loop1): try to load backup roots slot 3
[   97.185956][ T5777] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by udevd (5777)
[   97.249492][ T5900] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   97.275167][ T5889] BTRFS info (device loop1): auto enabling async discard
[   97.294331][ T5889] BTRFS info (device loop1): rebuilding free space tree
[   97.587815][ T5889] BTRFS info (device loop1): checking UUID tree
[   97.603284][ T5900] XFS (loop0): Ending clean mount
[   97.609212][ T5889] BTRFS warning (device loop1): failed to start uuid_rescan task
[   97.635906][ T5889] BTRFS warning (device loop1): failed to check the UUID tree: -4
[   98.713021][    C1] sched: RT throttling activated
[   98.856139][ T5771] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   99.738106][ T5889] BTRFS error (device loop1): open_ctree failed: -4
[  101.013366][ T5942] loop3: detected capacity change from 0 to 2048
[  101.046821][ T5942] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  102.190066][ T5954] process 'syz.3.12' launched './file2' with NULL argv: empty string added
[  102.416038][ T5953] UDF-fs: error (device loop3): udf_read_inode: (ino 1347) failed !bh
[  102.427690][ T5954] UDF-fs: error (device loop3): udf_read_inode: (ino 1347) failed !bh
[  103.896102][ T5964] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  104.581473][ T5972] loop0: detected capacity change from 0 to 8192
[  104.613334][ T5972] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  104.633672][ T5972] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  104.645088][ T5972] REISERFS (device loop0): using ordered data mode
[  104.652494][ T5972] reiserfs: using flush barriers
[  104.668190][ T5972] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  104.686178][ T5972] REISERFS (device loop0): checking transaction log (loop0)
[  104.699172][ T5972] REISERFS (device loop0): Using r5 hash to sort names
[  104.709933][ T5972] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  105.173259][ T5986] loop0: detected capacity change from 0 to 1024
[  105.204253][ T5984] loop1: detected capacity change from 0 to 2048
[  105.237465][ T5984] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  105.258427][   T28] audit: type=1800 audit(1765124834.913:2): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.26" name="file1" dev="loop0" ino=20 res=0 errno=0
[  105.272670][ T5901] udevd[5901]: incorrect nilfs2 checksum on /dev/loop1
[  105.405700][ T5987] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  106.730532][ T5993] loop2: detected capacity change from 0 to 32768
[  106.837164][ T5993] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  106.967049][ T5993] XFS (loop2): Ending clean mount
[  107.190830][ T5764] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  107.673712][ T6028] loop2: detected capacity change from 0 to 1024
[  109.088294][ T6037] loop2: detected capacity change from 0 to 4096
[  109.138010][ T6037] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  109.165490][ T6037] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  109.224116][ T6037] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  109.279877][ T6037] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  109.337477][ T6037] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  109.386455][ T6037] ntfs: volume version 3.1.
[  109.411540][ T6037] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  109.433566][ T6037] ntfs: (device loop2): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  109.488607][ T6037] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  109.531739][ T6037] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  110.101839][ T6044] loop1: detected capacity change from 0 to 32768
[  110.219862][ T6044] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  110.441860][ T6039] loop0: detected capacity change from 0 to 40427
[  110.464816][ T6039] F2FS-fs (loop0): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  110.482037][ T6039] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  110.514466][ T6039] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x35f7
[  110.539108][ T6044] XFS (loop1): Ending clean mount
[  110.551772][ T6039] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff
[  110.560780][ T6039] F2FS-fs (loop0): Image doesn't support compression
[  110.587430][ T6039] F2FS-fs (loop0): invalid crc value
[  110.653819][ T5834] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  110.664632][ T6039] F2FS-fs (loop0): Found nat_bits in checkpoint
[  110.713756][ T5876] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xd0, xfs_rmapbt block 0x14 
[  110.744033][ T5876] XFS (loop1): Unmount and run xfs_repair
[  110.760099][ T5876] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  110.765658][ T6069] loop3: detected capacity change from 0 to 1024
[  110.774486][ T5876] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  110.774534][ T5876] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80  ..P.............
[  110.774550][ T5876] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  110.774565][ T5876] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  110.774579][ T5876] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  110.774594][ T5876] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  110.774609][ T5876] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  110.774624][ T5876] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  110.774923][   T27] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x14 len 4 error 74
[  110.872479][ T5770] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  110.872894][   T27] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598).  Shutting down filesystem.
[  110.906310][   T27] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  110.923603][ T6039] F2FS-fs (loop0): Start checkpoint disabled!
[  110.963137][ T5834] usb 3-1: Using ep0 maxpacket: 32
[  110.974430][ T5834] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  110.994757][ T5834] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  111.047271][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.090880][ T5834] usb 3-1: Product: syz
[  111.098569][ T5834] usb 3-1: Manufacturer: syz
[  111.128670][ T5834] usb 3-1: SerialNumber: syz
[  111.159079][ T6039] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  111.167217][ T6039] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  111.199999][ T5834] usb 3-1: config 0 descriptor??
[  111.219613][ T6064] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  111.526328][ T5834] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input5
[  111.795494][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  111.818297][ T5834] usb 3-1: USB disconnect, device number 2
[  113.412859][ T6092] loop3: detected capacity change from 0 to 64
[  114.234325][ T6092] Zero length message leads to an empty skb
[  115.601938][ T1128] Trying to write to read-only block-device loop0
[  115.910601][ T1128] kworker/u4:6: attempt to access beyond end of device
[  115.910601][ T1128] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  116.412829][ T1128] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  116.696060][ T6109] loop3: detected capacity change from 0 to 1024
[  119.232240][ T6137] hub 8-0:1.0: USB hub found
[  119.239188][ T6137] hub 8-0:1.0: 1 port detected
[  119.275982][ T6137] loop3: detected capacity change from 0 to 1024
[  119.801059][ T6137] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  119.812499][ T6137] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  119.825985][ T6137] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  119.909409][ T6137] EXT4-fs error (device loop3): ext4_get_journal_inode:5800: inode #5: comm syz.3.64: unexpected bad inode w/o EXT4_IGET_BAD
[  120.126853][ T6137] EXT4-fs (loop3): no journal found
[  120.133201][ T6137] EXT4-fs (loop3): can't get journal size
[  120.373191][ T6137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  121.667241][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.958538][ T6151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.69'.
[  123.639341][ T5869] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  123.847306][ T5869] usb 4-1: Using ep0 maxpacket: 32
[  123.867555][ T5869] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  123.898261][ T6166] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196608 (393216 ns) > initial count (131120 ns). Using initial count to start timer.
[  123.906485][ T5869] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  123.943344][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.968684][ T5869] usb 4-1: Product: syz
[  123.975770][ T5869] usb 4-1: Manufacturer: syz
[  123.980867][ T5869] usb 4-1: SerialNumber: syz
[  124.008364][ T5869] usb 4-1: config 0 descriptor??
[  124.014808][ T6156] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  124.027305][ T5869] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input6
[  124.259796][ T5775] Bluetooth: hci0: command tx timeout
[  124.300801][ T5869] usb 4-1: USB disconnect, device number 2
[  124.306829][    C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  126.548526][ T6176] loop2: detected capacity change from 0 to 32768
[  126.587372][ T6176] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.75 (6176)
[  126.623900][ T6176] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  126.641824][ T6176] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  126.667524][ T6176] BTRFS info (device loop2): setting nodatasum
[  126.676883][ T6176] BTRFS info (device loop2): force zlib compression, level 3
[  126.690944][ T6176] BTRFS info (device loop2): metadata ratio 4
[  126.698118][ T6176] BTRFS info (device loop2): enabling ssd optimizations
[  126.706892][ T6176] BTRFS info (device loop2): allowing degraded mounts
[  126.714318][ T6176] BTRFS info (device loop2): using free space tree
[  126.793415][ T6176] BTRFS info (device loop2): auto enabling async discard
[  128.505324][ T5764] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  129.037766][ T5775] Bluetooth: hci2: command tx timeout
[  132.793185][ T6253] loop3: detected capacity change from 0 to 64
[  133.167913][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  133.278281][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  133.463136][ T5775] Bluetooth: hci3: command tx timeout
[  134.271927][ T6268] loop1: detected capacity change from 0 to 512
[  134.447661][ T6268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.533483][ T6268] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  134.890723][ T6065] udevd[6065]: incorrect jbd checksum on /dev/loop1
[  134.955832][ T6268] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 37: comm syz.1.96: lblock 0 mapped to illegal pblock 37 (length 1)
[  135.021853][ T6268] EXT4-fs (loop1): Remounting filesystem read-only
[  135.043501][   T28] kauditd_printk_skb: 5 callbacks suppressed
[  135.043518][   T28] audit: type=1800 audit(1765124864.693:3): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.96" name="file1" dev="loop1" ino=15 res=0 errno=0
[  135.668652][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.672553][ T1077] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  135.903412][ T6264] loop2: detected capacity change from 0 to 32768
[  135.955846][ T6264] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  136.087550][ T6264] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  136.162642][ T6264] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  136.202606][ T5869] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  136.220142][ T5869] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  136.330541][ T5869] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 110ms
[  136.341624][ T5869] gfs2: fsid=syz:syz.0: jid=0: Done
[  136.350907][ T6264] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  137.654098][ T6264] syz.2.95 (6264): drop_caches: 2
[  139.803129][ T5775] Bluetooth: hci1: command tx timeout
[  140.701440][ T6301] loop3: detected capacity change from 0 to 32768
[  140.709044][ T6301] =======================================================
[  140.709044][ T6301] WARNING: The mand mount option has been deprecated and
[  140.709044][ T6301]          and is ignored by this kernel. Remove the mand
[  140.709044][ T6301]          option from the mount to silence this warning.
[  140.709044][ T6301] =======================================================
[  140.956548][ T6301] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  141.131439][ T6319] loop1: detected capacity change from 0 to 4096
[  141.201209][ T6319] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  141.243570][ T6319] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  141.268233][ T6319] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  141.293131][ T6319] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  141.313462][ T6319] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  141.341176][ T6319] ntfs: volume version 3.1.
[  141.367479][ T6319] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  141.403334][ T6319] ntfs: (device loop1): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  141.427884][ T6319] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  141.468828][ T6319] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  141.493125][ T6319] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  141.739512][ T5768] ocfs2: Unmounting device (7,3) on (node local)
[  141.794729][ T6326] loop1: detected capacity change from 0 to 64
[  144.446820][ T5775] Bluetooth: hci0: command tx timeout
[  144.536650][ T6352] loop2: detected capacity change from 0 to 4096
[  144.562076][ T6352] ntfs: volume version 3.1.
[  147.214859][ T5775] Bluetooth: hci3: command tx timeout
[  147.788301][ T6387] loop2: detected capacity change from 0 to 4096
[  147.933593][ T6387] __ntfs_error: 18 callbacks suppressed
[  147.933614][ T6387] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  148.018234][ T6387] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  148.059315][ T6370] loop1: detected capacity change from 0 to 32768
[  148.072316][ T6387] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  148.084053][ T6387] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  148.097879][ T6387] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  148.098240][ T6370] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  148.124541][ T6370] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  148.573494][ T6387] ntfs: volume version 3.1.
[  149.051670][ T6370] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  149.107607][ T6387] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  149.153540][ T6387] ntfs: (device loop2): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  149.183799][ T1200] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  149.191484][ T1200] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  149.214157][ T6387] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  149.253933][ T6387] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  149.301041][ T6387] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  149.500325][ T1200] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 308ms
[  149.534406][ T1200] gfs2: fsid=syz:syz.0: jid=0: Done
[  149.540612][ T6370] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  152.657880][ T6430] loop3: detected capacity change from 0 to 4096
[  153.364304][ T5775] Bluetooth: hci2: command tx timeout
[  153.433381][ T6430] __ntfs_error: 4 callbacks suppressed
[  153.433398][ T6430] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  153.464185][ T6430] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  153.574978][ T6430] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  153.612391][ T6430] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  153.655307][ T6430] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  153.734748][ T6430] ntfs: volume version 3.1.
[  153.796479][ T6430] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty.
[  153.826906][ T6430] ntfs: (device loop3): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  153.881358][ T6430] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5.
[  153.914249][ T6430] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
[  153.938438][ T6430] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated.  Will not be able to remount read-write.  Run chkdsk.
[  155.812717][ T6435] loop2: detected capacity change from 0 to 32768
[  156.285698][ T6435] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  156.474246][ T6435] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  156.552226][ T6435] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  156.635381][ T5856] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  156.642452][ T5856] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  156.800631][ T6458] loop1: detected capacity change from 0 to 16
[  156.815974][ T6458] erofs: (device loop1): mounted with root inode @ nid 36.
[  156.849900][ T6458] syz.1.149: attempt to access beyond end of device
[  156.849900][ T6458] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[  156.854511][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  156.876082][ T6458] syz.1.149: attempt to access beyond end of device
[  156.876082][ T6458] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16
[  156.894099][ T6458] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  156.924537][ T6458] syz.1.149 (6458) used greatest stack depth: 19888 bytes left
[  156.955967][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  156.976881][ T5856] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 334ms
[  157.029548][ T5856] gfs2: fsid=syz:syz.0: jid=0: Done
[  157.046115][ T6435] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  157.189510][ T6463] loop3: detected capacity change from 0 to 512
[  157.282478][ T6463] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.313295][ T6463] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.454328][ T6463] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #15: block 37: comm syz.3.151: lblock 0 mapped to illegal pblock 37 (length 1)
[  157.490894][ T6463] EXT4-fs (loop3): Remounting filesystem read-only
[  157.558320][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.568344][ T5767] Bluetooth: hci1: command tx timeout
[  157.902134][ T6474] loop2: detected capacity change from 0 to 4096
[  158.046126][ T6474] ntfs: volume version 3.1.
[  160.878299][ T6498] loop3: detected capacity change from 0 to 32768
[  161.075112][ T6498] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  161.873445][ T6498] XFS (loop3): Ending clean mount
[  161.946252][ T6498] XFS (loop3): Quotacheck needed: Please wait.
[  162.095880][ T6505] loop2: detected capacity change from 0 to 32768
[  162.142079][ T6498] XFS (loop3): Quotacheck: Done.
[  162.215968][ T6505] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  162.423381][ T6505] XFS (loop2): Ending clean mount
[  162.597606][ T6537] damon-dbgfs: DAMON debugfs interface is deprecated, so users should move to DAMON_SYSFS. If you cannot, please report your usecase to damon@lists.linux.dev and linux-mm@kvack.org.
[  163.410980][ T5764] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  163.826816][ T5768] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  165.988290][ T5856] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  166.183188][ T5856] usb 2-1: Using ep0 maxpacket: 16
[  166.263077][ T5856] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  167.065685][ T5856] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  167.078141][ T5856] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  167.113051][ T5856] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.121123][ T5856] usb 2-1: Product: syz
[  167.129881][ T5856] usb 2-1: Manufacturer: syz
[  167.143354][ T5856] usb 2-1: SerialNumber: syz
[  167.596143][ T5856] usb 2-1: 0:2 : does not exist
[  167.821813][ T5856] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  167.899625][ T5856] usb 2-1: USB disconnect, device number 2
[  167.913535][ T6580] loop2: detected capacity change from 0 to 32768
[  167.945215][ T6580] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  167.998058][ T6065] udevd[6065]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  168.068449][ T6580] XFS (loop2): Ending clean mount
[  168.296823][ T5764] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  170.624773][ T5856] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  170.850408][ T5856] usb 4-1: Using ep0 maxpacket: 32
[  170.973289][ T5856] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  171.205507][ T5856] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  171.247637][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.283333][ T5856] usb 4-1: Product: syz
[  171.305901][ T5856] usb 4-1: Manufacturer: syz
[  171.322611][ T5856] usb 4-1: SerialNumber: syz
[  171.484596][ T5856] usb 4-1: config 0 descriptor??
[  171.517717][ T6611] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  171.588435][ T5856] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7
[  171.893437][ T6611] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.194'.
[  171.969422][  T172] usb 4-1: USB disconnect, device number 3
[  171.969485][    C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  172.463136][ T5856] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  172.579833][ T6642] netlink: 12 bytes leftover after parsing attributes in process `syz.3.203'.
[  172.643107][ T5856] usb 1-1: Using ep0 maxpacket: 16
[  172.675818][ T5856] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  172.692459][ T5856] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  172.745756][ T5856] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  172.764081][ T5856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.779381][ T5856] usb 1-1: Product: syz
[  172.789994][ T5856] usb 1-1: Manufacturer: syz
[  172.796702][ T5856] usb 1-1: SerialNumber: syz
[  173.055124][ T6646] loop1: detected capacity change from 0 to 1024
[  174.008419][ T5856] usb 1-1: 0:2 : does not exist
[  174.029270][ T6640] loop2: detected capacity change from 0 to 32768
[  174.052252][ T5856] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  174.098534][ T6640] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  174.107354][ T5856] usb 1-1: USB disconnect, device number 2
[  174.127546][ T6640] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  174.279694][ T6065] udevd[6065]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  174.411127][ T6640] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  174.431655][  T172] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  174.500584][  T172] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  175.323435][  T172] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 822ms
[  175.351637][  T172] gfs2: fsid=syz:syz.0: jid=0: Done
[  175.379742][ T6640] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  175.845662][ T6640] gfs2: fsid=syz:syz.0: can't create quotad thread: -4
[  176.204858][ T5767] Bluetooth: hci2: command tx timeout
[  176.466593][ T6684] loop2: detected capacity change from 0 to 16
[  176.476877][ T6684] erofs: (device loop2): mounted with root inode @ nid 36.
[  176.502067][ T6684] syz.2.215: attempt to access beyond end of device
[  176.502067][ T6684] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16
[  176.520327][ T6684] syz.2.215: attempt to access beyond end of device
[  176.520327][ T6684] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  176.535265][ T6684] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  176.549096][   T28] kauditd_printk_skb: 21 callbacks suppressed
[  176.549111][   T28] audit: type=1800 audit(1765124906.203:6): pid=6684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.215" name="file3" dev="loop2" ino=89 res=0 errno=0
[  176.880388][ T6677] loop0: detected capacity change from 0 to 32768
[  176.959013][ T6065] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  177.639202][ T6680] loop1: detected capacity change from 0 to 32768
[  178.042735][ T6680] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  178.216198][ T6680] XFS (loop1): Ending clean mount
[  178.291941][ T6703] loop0: detected capacity change from 0 to 256
[  178.368621][ T5770] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  178.767292][ T6687] loop3: detected capacity change from 0 to 32768
[  178.783386][ T5777] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  178.965468][ T6687] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  179.033971][ T6687] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  179.083114][ T5767] Bluetooth: hci0: command tx timeout
[  179.462342][ T6687] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  179.473471][ T6710] syzkaller0: entered promiscuous mode
[  179.479002][ T6710] syzkaller0: entered allmulticast mode
[  179.547829][ T5856] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  179.574419][ T5856] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  179.716991][ T6710] tipc: Started in network mode
[  179.722304][ T6710] tipc: Node identity 9ad4f89e9ac6, cluster identity 4711
[  179.736836][ T6714] kernel profiling enabled (shift: 5)
[  179.751297][ T6710] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  179.785586][ T6708] tipc: Resetting bearer <eth:syzkaller0>
[  179.851502][ T5856] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 277ms
[  179.868312][ T6708] tipc: Disabling bearer <eth:syzkaller0>
[  179.879055][ T5856] gfs2: fsid=syz:syz.0: jid=0: Done
[  179.896527][ T6687] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  180.619114][ T6721] loop2: detected capacity change from 0 to 16
[  180.640309][ T6721] erofs: (device loop2): mounted with root inode @ nid 36.
[  180.651658][ T6721] syz.2.227: attempt to access beyond end of device
[  180.651658][ T6721] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16
[  180.674478][ T6721] syz.2.227: attempt to access beyond end of device
[  180.674478][ T6721] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  180.688704][ T6721] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  180.700329][   T28] audit: type=1800 audit(1765124910.353:7): pid=6721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.227" name="file3" dev="loop2" ino=89 res=0 errno=0
[  183.083272][ T5767] Bluetooth: hci2: command tx timeout
[  183.763297][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  185.743716][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!!
[  185.762517][ T6763] loop3: detected capacity change from 0 to 2048
[  185.812239][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  186.054254][ T6767] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  186.801087][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  186.869460][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  187.791097][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  187.944947][ T6780] netlink: 12 bytes leftover after parsing attributes in process `syz.2.241'.
[  190.777778][  T172] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  190.780049][ T5775] Bluetooth: hci2: command tx timeout
[  191.033111][  T172] usb 4-1: Using ep0 maxpacket: 16
[  191.050666][  T172] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.104259][  T172] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  191.145074][  T172] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  191.189470][  T172] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.241505][  T172] usb 4-1: Product: syz
[  191.284422][  T172] usb 4-1: Manufacturer: syz
[  191.289105][  T172] usb 4-1: SerialNumber: syz
[  191.413268][  T172] usb 4-1: can't set config #1, error -71
[  191.456574][  T172] usb 4-1: USB disconnect, device number 4
[  191.549553][ T6806] loop1: detected capacity change from 0 to 256
[  191.573734][ T6806] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  191.643269][ T6806] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  191.887686][ T6806] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  192.662507][ T6816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.252'.
[  193.143332][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  193.155181][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  194.563227][ T5856] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  194.610171][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  194.616838][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  194.767508][ T5856] usb 3-1: Using ep0 maxpacket: 16
[  194.804805][ T5856] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  194.965543][ T5856] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  195.183176][ T5775] Bluetooth: hci0: command tx timeout
[  195.206764][ T5856] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.216174][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.224264][ T5856] usb 3-1: Product: syz
[  195.228479][ T5856] usb 3-1: Manufacturer: syz
[  195.248236][ T5856] usb 3-1: SerialNumber: syz
[  197.619134][ T6850] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196608 (393216 ns) > initial count (131120 ns). Using initial count to start timer.
[  197.680305][ T6838] loop1: detected capacity change from 0 to 32768
[  197.695296][ T5856] usb 3-1: can't set config #1, error -71
[  197.705313][ T5856] usb 3-1: USB disconnect, device number 3
[  197.892925][ T6838] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  198.043964][ T6838] XFS (loop1): Ending clean mount
[  198.126159][ T6862] netlink: 12 bytes leftover after parsing attributes in process `syz.0.264'.
[  198.369080][ T5770] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  199.130469][ T6867] loop0: detected capacity change from 0 to 4096
[  199.313265][ T6065] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  199.542011][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.266'.
[  200.223291][ T5775] Bluetooth: hci0: command tx timeout
[  200.594811][ T6880] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  201.713553][ T6885] loop1: detected capacity change from 0 to 16
[  201.729795][ T6885] erofs: (device loop1): mounted with root inode @ nid 36.
[  201.740677][ T6885] syz.1.271: attempt to access beyond end of device
[  201.740677][ T6885] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[  201.784583][ T6885] syz.1.271: attempt to access beyond end of device
[  201.784583][ T6885] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16
[  201.798399][ T6885] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  201.809850][   T28] audit: type=1800 audit(1765124931.463:8): pid=6885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.271" name="file3" dev="loop1" ino=89 res=0 errno=0
[  203.903773][ T6897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.274'.
[  206.484270][ T5775] Bluetooth: hci2: command tx timeout
[  206.704453][ T6926] loop1: detected capacity change from 0 to 16
[  206.715855][ T6926] erofs: (device loop1): mounted with root inode @ nid 36.
[  206.728493][ T6926] syz.1.282: attempt to access beyond end of device
[  206.728493][ T6926] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[  206.744793][ T6926] syz.1.282: attempt to access beyond end of device
[  206.744793][ T6926] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16
[  206.758755][ T6926] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  206.770683][   T28] audit: type=1800 audit(1765124936.423:9): pid=6926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.282" name="file3" dev="loop1" ino=89 res=0 errno=0
[  206.969279][ T6934] netlink: 12 bytes leftover after parsing attributes in process `syz.1.285'.
[  208.376197][ T6947] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  208.738237][ T6949] loop0: detected capacity change from 0 to 4096
[  208.843719][ T6065] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  208.862850][ T6953] loop1: detected capacity change from 0 to 256
[  208.894790][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.289'.
[  208.902727][ T6953] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  208.963231][ T6953] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  209.006112][ T6953] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  209.257819][ T5775] Bluetooth: hci2: command tx timeout
[  210.015715][ T6964] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  212.188076][ T5774] Bluetooth: hci0: command 0x0406 tx timeout
[  212.194298][ T5774] Bluetooth: hci2: command 0x0406 tx timeout
[  212.201034][ T5774] Bluetooth: hci1: command 0x0406 tx timeout
[  212.207728][ T5774] Bluetooth: hci3: command 0x0406 tx timeout
[  213.257186][ T6993] loop3: detected capacity change from 0 to 256
[  213.313649][ T6993] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  213.362288][ T6993] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  213.450637][ T6993] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  214.369283][ T5775] Bluetooth: hci0: command 0x0406 tx timeout
[  215.000711][ T7005] netlink: 12 bytes leftover after parsing attributes in process `syz.3.305'.
[  215.064016][   T27] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  215.492922][   T27] usb 1-1: config 0 has no interfaces?
[  215.504411][   T27] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  215.513834][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.521920][   T27] usb 1-1: Product: syz
[  215.526756][   T27] usb 1-1: Manufacturer: syz
[  215.531417][   T27] usb 1-1: SerialNumber: syz
[  215.549826][   T27] usb 1-1: config 0 descriptor??
[  216.267244][ T7003] Bluetooth: MGMT ver 1.22
[  216.317592][ T7003] Bluetooth: hci0: invalid length 0, exp 2 for type 25
[  216.386328][ T5865] usb 1-1: USB disconnect, device number 3
[  216.517755][ T7022] loop1: detected capacity change from 0 to 4096
[  216.670674][ T7026] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  216.714325][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'.
[  216.749079][   T28] audit: type=1800 audit(1765124946.403:10): pid=7022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.311" name="file1" dev="loop1" ino=15 res=0 errno=0
[  216.777168][ T7028] loop3: detected capacity change from 0 to 256
[  216.787224][ T7028] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  216.801792][ T7028] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  216.942625][ T7028] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  217.088597][ T7030] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  217.323237][ T5775] Bluetooth: hci1: command 0x0406 tx timeout
[  217.581021][ T7035] netlink: 32 bytes leftover after parsing attributes in process `syz.0.314'.
[  220.828016][ T7063] Bluetooth: hci0: invalid length 0, exp 2 for type 26
[  221.484506][ T5775] Bluetooth: hci2: command 0x0406 tx timeout
[  223.983114][ T5869] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  224.083272][ T7094] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  224.183169][ T5869] usb 1-1: Using ep0 maxpacket: 32
[  224.199916][ T5869] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  224.237200][ T5869] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  224.281316][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.318158][ T5869] usb 1-1: Product: syz
[  224.322557][ T5869] usb 1-1: Manufacturer: syz
[  224.337488][ T5869] usb 1-1: SerialNumber: syz
[  224.429056][ T5869] usb 1-1: config 0 descriptor??
[  224.541866][ T7086] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  224.686000][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  224.773577][ T5869] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input8
[  224.996898][ T5869] usb 1-1: USB disconnect, device number 4
[  225.002853][    C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  225.257682][ T7102] Bluetooth: hci0: invalid length 0, exp 2 for type 26
[  225.349535][ T7096] loop1: detected capacity change from 0 to 32768
[  225.359085][ T7096] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.335 (7096)
[  225.410001][ T7096] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  225.432816][ T7096] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  225.442122][ T7096] BTRFS info (device loop1): setting nodatasum
[  225.448871][ T7096] BTRFS info (device loop1): force zlib compression, level 3
[  225.456577][ T7096] BTRFS info (device loop1): metadata ratio 4
[  225.473131][ T7096] BTRFS info (device loop1): enabling ssd optimizations
[  225.512110][ T7096] BTRFS info (device loop1): allowing degraded mounts
[  225.523503][ T7096] BTRFS info (device loop1): using free space tree
[  225.696002][ T7096] BTRFS info (device loop1): auto enabling async discard
[  226.044074][ T5770] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  228.287689][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  228.360453][ T7149] loop1: detected capacity change from 0 to 4096
[  228.608699][ T7152] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  228.749001][ T7149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.347'.
[  229.065864][   T28] audit: type=1800 audit(1765124958.703:11): pid=7149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.347" name="file1" dev="loop1" ino=15 res=0 errno=0
[  229.577482][ T7163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.350'.
[  229.607857][ T7161] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  229.625616][ T7164] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  233.273110][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  234.971841][ T7199] netlink: 12 bytes leftover after parsing attributes in process `syz.3.360'.
[  237.413780][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  237.662755][ T7231] netlink: 12 bytes leftover after parsing attributes in process `syz.3.370'.
[  237.960817][ T7236] loop0: detected capacity change from 0 to 64
[  240.165898][ T7241] loop2: detected capacity change from 0 to 4096
[  240.505062][ T6065] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  240.653398][ T7244] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  241.387141][ T7241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.373'.
[  241.413323][   T28] audit: type=1800 audit(1765124971.053:12): pid=7241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.373" name="file1" dev="loop2" ino=15 res=0 errno=0
[  241.491846][ T7243] loop3: detected capacity change from 0 to 16
[  241.501190][ T7243] erofs: (device loop3): mounted with root inode @ nid 36.
[  241.514880][ T7243] syz.3.374: attempt to access beyond end of device
[  241.514880][ T7243] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16
[  241.533581][ T7243] syz.3.374: attempt to access beyond end of device
[  241.533581][ T7243] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  241.547406][ T7243] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  241.559161][   T28] audit: type=1800 audit(1765124971.213:13): pid=7243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.374" name="file3" dev="loop3" ino=89 res=0 errno=0
[  242.915722][ T7260] netlink: 32 bytes leftover after parsing attributes in process `syz.3.380'.
[  243.893178][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  244.470609][ T7282] loop3: detected capacity change from 0 to 64
[  245.733806][ T7285] loop2: detected capacity change from 0 to 16
[  245.757892][ T7285] erofs: (device loop2): mounted with root inode @ nid 36.
[  246.311512][ T7285] syz.2.386: attempt to access beyond end of device
[  246.311512][ T7285] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16
[  246.346402][ T7285] syz.2.386: attempt to access beyond end of device
[  246.346402][ T7285] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  246.360229][ T7285] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  246.372802][   T28] audit: type=1800 audit(1765124976.033:14): pid=7285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.386" name="file3" dev="loop2" ino=89 res=0 errno=0
[  246.588720][ T7288] xt_CT: You must specify a L4 protocol and not use inversions on it
[  246.686467][ T7290] loop2: detected capacity change from 0 to 64
[  246.939071][ T7278] loop0: detected capacity change from 0 to 32768
[  248.143126][ T5856] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  248.387165][ T5856] usb 3-1: Using ep0 maxpacket: 32
[  249.123611][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  249.734561][ T5856] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  249.758592][ T5856] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  250.704741][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.729799][ T5856] usb 3-1: Product: syz
[  250.743155][ T5856] usb 3-1: Manufacturer: syz
[  250.748003][ T5856] usb 3-1: SerialNumber: syz
[  250.781478][ T5856] usb 3-1: config 0 descriptor??
[  250.844568][ T5856] usb 3-1: can't set config #0, error -71
[  250.878836][ T5856] usb 3-1: USB disconnect, device number 4
[  250.961100][ T7323] xt_CT: You must specify a L4 protocol and not use inversions on it
[  251.062466][ T7326] loop3: detected capacity change from 0 to 64
[  255.217718][ T7328] loop0: detected capacity change from 0 to 32768
[  255.258555][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  255.345841][ T7324] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  256.088717][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  256.096215][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  256.428867][ T7337] loop3: detected capacity change from 0 to 32768
[  256.495677][ T7337] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  256.628929][ T7360] loop0: detected capacity change from 0 to 256
[  256.726335][ T7337] XFS (loop3): Ending clean mount
[  257.087233][ T1200] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  257.712819][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  257.713065][ T1200] usb 2-1: Using ep0 maxpacket: 32
[  257.744904][ T1200] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  257.771359][ T1200] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  257.823116][ T1200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.831196][ T1200] usb 2-1: Product: syz
[  257.845651][ T1200] usb 2-1: Manufacturer: syz
[  257.873056][ T1200] usb 2-1: SerialNumber: syz
[  257.881532][ T1200] usb 2-1: config 0 descriptor??
[  257.891031][ T7348] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  257.907834][ T1200] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input9
[  258.171633][ T7373] loop3: detected capacity change from 0 to 64
[  258.188103][ T7348] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.406'.
[  258.264502][ T1200] usb 2-1: USB disconnect, device number 3
[  258.270466][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  258.748491][ T7375] loop3: detected capacity change from 0 to 1024
[  260.390850][ T7389] loop2: detected capacity change from 0 to 32768
[  260.449998][ T7389] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  260.767087][ T7389] XFS (loop2): Ending clean mount
[  261.673698][ T5764] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  261.905613][ T7410] loop3: detected capacity change from 0 to 16
[  261.915064][ T7410] erofs: (device loop3): mounted with root inode @ nid 36.
[  261.925021][ T7410] syz.3.421: attempt to access beyond end of device
[  261.925021][ T7410] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16
[  261.941091][ T7410] syz.3.421: attempt to access beyond end of device
[  261.941091][ T7410] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  261.955290][ T7410] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  261.966820][   T28] audit: type=1800 audit(1765124991.623:15): pid=7410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.421" name="file3" dev="loop3" ino=89 res=0 errno=0
[  262.389198][ T7403] loop1: detected capacity change from 0 to 32768
[  262.451523][ T7403] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  262.573421][ T7403] XFS (loop1): Ending clean mount
[  262.896727][ T5770] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  264.328886][ T7436] loop0: detected capacity change from 0 to 64
[  264.346447][ T7437] loop2: detected capacity change from 0 to 1024
[  264.443421][ T6065] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  264.498571][ T7441] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196608 (393216 ns) > initial count (131120 ns). Using initial count to start timer.
[  265.476472][ T7443] loop3: detected capacity change from 0 to 32768
[  265.550933][ T7443] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  265.652038][ T7443] XFS (loop3): Ending clean mount
[  265.967136][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  267.222316][ T7468] loop3: detected capacity change from 0 to 4096
[  267.315932][ T7475] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  267.379096][ T7468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.434'.
[  267.408250][   T28] audit: type=1800 audit(1765124997.063:16): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.434" name="file1" dev="loop3" ino=15 res=0 errno=0
[  267.523172][ T5856] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  267.703274][ T5856] usb 3-1: Using ep0 maxpacket: 32
[  267.722643][ T5856] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  267.750425][ T5856] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  267.769876][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.787806][ T5856] usb 3-1: Product: syz
[  267.797519][ T5856] usb 3-1: Manufacturer: syz
[  267.807567][ T5856] usb 3-1: SerialNumber: syz
[  267.824589][ T5856] usb 3-1: config 0 descriptor??
[  267.833448][ T7473] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  267.876935][ T5856] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input10
[  268.135356][ T7478] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  268.241213][ T7473] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.435'.
[  268.279829][ T5869] usb 3-1: USB disconnect, device number 5
[  268.279957][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  269.317936][ T7485] loop0: detected capacity change from 0 to 64
[  269.373332][ T7487] loop1: detected capacity change from 0 to 512
[  269.471081][ T7487] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.520489][ T7487] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  270.162638][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.851118][ T7500] loop2: detected capacity change from 0 to 16
[  270.862042][ T7500] erofs: (device loop2): mounted with root inode @ nid 36.
[  270.872653][ T7500] syz.2.443: attempt to access beyond end of device
[  270.872653][ T7500] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16
[  270.887250][ T7500] syz.2.443: attempt to access beyond end of device
[  270.887250][ T7500] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  270.901063][ T7500] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  270.912489][   T28] audit: type=1800 audit(1765125000.573:17): pid=7500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.443" name="file3" dev="loop2" ino=89 res=0 errno=0
[  270.962590][ T7503] loop0: detected capacity change from 0 to 1024
[  273.847739][ T7527] loop1: detected capacity change from 0 to 512
[  273.921620][ T7527] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.970177][ T5772] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  274.023494][ T7527] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  274.193387][ T5772] usb 4-1: Using ep0 maxpacket: 32
[  274.220236][ T5772] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  274.242456][ T5772] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  274.253614][ T5772] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.263672][ T7534] loop0: detected capacity change from 0 to 16
[  274.282452][ T5772] usb 4-1: Product: syz
[  274.287482][ T5772] usb 4-1: Manufacturer: syz
[  274.292207][ T5772] usb 4-1: SerialNumber: syz
[  274.307348][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.308650][ T5772] usb 4-1: config 0 descriptor??
[  274.324837][ T7525] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  274.337029][ T5772] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input11
[  274.370502][ T7324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  274.646082][ T5772] usb 4-1: USB disconnect, device number 5
[  274.652118][    C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  274.735484][ T7541] xt_CT: You must specify a L4 protocol and not use inversions on it
[  275.930665][ T7547] loop1: detected capacity change from 0 to 4096
[  275.953159][ T7553] loop3: detected capacity change from 0 to 64
[  276.008634][ T7554] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  276.043780][ T7547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.458'.
[  276.086576][   T28] audit: type=1800 audit(1765125005.743:18): pid=7547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.458" name="file1" dev="loop1" ino=15 res=0 errno=0
[  276.111499][ T7555] kvm: pic: non byte write
[  276.121901][ T7555] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196608 (393216 ns) > initial count (131120 ns). Using initial count to start timer.
[  276.469760][ T7558] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  277.030542][ T7561] loop3: detected capacity change from 0 to 1024
[  278.061919][ T7567] loop1: detected capacity change from 0 to 16
[  278.113765][ T7567] erofs: (device loop1): mounted with root inode @ nid 36.
[  278.123406][ T7567] syz.1.463: attempt to access beyond end of device
[  278.123406][ T7567] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[  278.145074][ T7567] syz.1.463: attempt to access beyond end of device
[  278.145074][ T7567] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16
[  278.159341][ T7567] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  278.170803][   T28] audit: type=1800 audit(1765125007.823:19): pid=7567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.463" name="file3" dev="loop1" ino=89 res=0 errno=0
[  280.305406][ T7586] netlink: 12 bytes leftover after parsing attributes in process `syz.3.468'.
[  280.512563][ T7588] loop3: detected capacity change from 0 to 64
[  281.846961][ T7582] loop2: detected capacity change from 0 to 32768
[  281.908136][ T7582] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.467 (7582)
[  281.971459][ T7582] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  282.013176][ T7582] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  282.021989][ T7582] BTRFS info (device loop2): setting nodatasum
[  282.037171][ T7607] loop3: detected capacity change from 0 to 1024
[  282.204201][ T7582] BTRFS info (device loop2): force zlib compression, level 3
[  282.341494][ T7582] BTRFS info (device loop2): metadata ratio 4
[  282.482572][ T7582] BTRFS info (device loop2): enabling ssd optimizations
[  282.641365][ T7582] BTRFS info (device loop2): allowing degraded mounts
[  282.763146][ T7582] BTRFS info (device loop2): using free space tree
[  283.034034][ T7582] BTRFS info (device loop2): auto enabling async discard
[  283.221805][ T5764] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  283.551905][ T7632] netlink: 12 bytes leftover after parsing attributes in process `syz.2.478'.
[  284.027668][ T7638] loop0: detected capacity change from 0 to 64
[  284.125436][ T7324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  286.369894][ T7653] loop0: detected capacity change from 0 to 16
[  286.406648][ T7636] loop1: detected capacity change from 0 to 32768
[  286.441727][ T7324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  286.497569][ T7636] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  286.538655][ T7642] loop2: detected capacity change from 0 to 32768
[  286.544702][ T7660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.487'.
[  286.565323][ T7642] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.483 (7642)
[  286.628207][ T7642] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  286.656458][ T7642] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  286.687990][ T7636] XFS (loop1): Ending clean mount
[  286.710291][ T7642] BTRFS info (device loop2): setting nodatasum
[  286.776459][ T7642] BTRFS info (device loop2): force zlib compression, level 3
[  286.826760][ T7642] BTRFS info (device loop2): metadata ratio 4
[  286.858600][ T7642] BTRFS info (device loop2): enabling ssd optimizations
[  286.893703][ T7642] BTRFS info (device loop2): allowing degraded mounts
[  286.900577][ T7642] BTRFS info (device loop2): using free space tree
[  286.936233][ T5770] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  287.111281][ T7642] BTRFS info (device loop2): auto enabling async discard
[  287.966677][ T5764] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  288.304495][ T7693] loop3: detected capacity change from 0 to 1024
[  288.790482][ T7702] loop2: detected capacity change from 0 to 256
[  288.855487][ T7702] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  288.941878][ T7702] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  289.027570][ T7702] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  289.777338][ T7708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.497'.
[  290.064179][ T7711] loop1: detected capacity change from 0 to 512
[  290.178493][ T7711] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.255498][ T7711] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.415002][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.228851][ T7730] loop2: detected capacity change from 0 to 64
[  292.540945][ T7739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.507'.
[  292.619954][ T7740] loop0: detected capacity change from 0 to 64
[  292.634170][ T7722] loop1: detected capacity change from 0 to 32768
[  292.650197][ T7722] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.501 (7722)
[  292.675769][ T7324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  292.701470][ T7722] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  292.738028][ T7722] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  292.775613][ T7722] BTRFS info (device loop1): setting nodatasum
[  292.798071][ T7722] BTRFS info (device loop1): force zlib compression, level 3
[  292.826694][ T7722] BTRFS info (device loop1): metadata ratio 4
[  292.856835][ T7722] BTRFS info (device loop1): enabling ssd optimizations
[  292.882407][ T7722] BTRFS info (device loop1): allowing degraded mounts
[  292.908394][ T7722] BTRFS info (device loop1): using free space tree
[  293.002008][ T7722] BTRFS info (device loop1): auto enabling async discard
[  293.018842][ T7760] loop2: detected capacity change from 0 to 1024
[  294.657684][ T7773] loop3: detected capacity change from 0 to 256
[  294.689428][ T7773] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  294.740241][ T5770] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  294.771357][ T7773] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  294.828340][ T7773] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  295.201190][ T7775] loop0: detected capacity change from 0 to 16
[  295.293302][ T7324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  295.647762][ T7786] netlink: 12 bytes leftover after parsing attributes in process `syz.1.517'.
[  295.668286][ T7785] kvm: pic: non byte write
[  295.682800][ T7785] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196608 (393216 ns) > initial count (131120 ns). Using initial count to start timer.
[  296.584438][ T7795] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  297.589032][ T7802] loop3: detected capacity change from 0 to 64
[  297.920363][ T7806] loop1: detected capacity change from 0 to 16
[  297.929955][ T7806] erofs: (device loop1): mounted with root inode @ nid 36.
[  298.799408][ T7806] syz.1.524: attempt to access beyond end of device
[  298.799408][ T7806] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[  298.822747][ T7806] syz.1.524: attempt to access beyond end of device
[  298.822747][ T7806] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16
[  298.836919][ T7806] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  298.848558][   T28] audit: type=1800 audit(1765125028.503:20): pid=7806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.524" name="file3" dev="loop1" ino=89 res=0 errno=0
[  298.962238][ T7812] netlink: 12 bytes leftover after parsing attributes in process `syz.2.526'.
[  299.072643][ T7794] loop0: detected capacity change from 0 to 32768
[  299.238670][ T7818] loop2: detected capacity change from 0 to 1024
[  299.323333][ T1200] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  300.338021][ T1200] usb 2-1: Using ep0 maxpacket: 32
[  300.345997][ T1200] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  300.365871][ T1200] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  300.382994][ T1200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.401489][ T1200] usb 2-1: Product: syz
[  300.406602][ T1200] usb 2-1: Manufacturer: syz
[  300.411268][ T1200] usb 2-1: SerialNumber: syz
[  300.436253][ T1200] usb 2-1: config 0 descriptor??
[  300.448744][ T7814] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  300.468430][ T1200] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12
[  300.737649][ T5772] usb 2-1: USB disconnect, device number 4
[  300.737774][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  301.160986][ T7828] loop2: detected capacity change from 0 to 32768
[  301.185939][ T7828] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.532 (7828)
[  301.263019][ T7828] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  301.282653][ T7828] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  301.307801][ T7828] BTRFS info (device loop2): setting nodatasum
[  301.320461][ T7828] BTRFS info (device loop2): force zlib compression, level 3
[  301.340802][ T7828] BTRFS info (device loop2): metadata ratio 4
[  301.357050][ T7828] BTRFS info (device loop2): enabling ssd optimizations
[  301.383729][ T7828] BTRFS info (device loop2): allowing degraded mounts
[  301.401282][ T7828] BTRFS info (device loop2): using free space tree
[  301.546808][ T7843] loop3: detected capacity change from 0 to 64
[  302.951562][ T7828] BTRFS info (device loop2): auto enabling async discard
[  303.989074][ T5764] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  304.381251][ T7865] loop0: detected capacity change from 0 to 1024
[  306.315518][ T7877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.538'.
[  307.693268][  T172] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  307.924628][  T172] usb 1-1: unable to read config index 0 descriptor/start: -61
[  307.951065][  T172] usb 1-1: can't read configurations, error -61
[  308.189179][  T172] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  308.307582][ T7895] loop3: detected capacity change from 0 to 16
[  308.315370][ T7895] erofs: (device loop3): mounted with root inode @ nid 36.
[  308.326645][ T7895] syz.3.549: attempt to access beyond end of device
[  308.326645][ T7895] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16
[  308.341253][ T7895] syz.3.549: attempt to access beyond end of device
[  308.341253][ T7895] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  308.355122][ T7895] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  308.366619][   T28] audit: type=1800 audit(1765125038.023:21): pid=7895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.549" name="file3" dev="loop3" ino=89 res=0 errno=0
[  308.425761][  T172] usb 1-1: unable to read config index 0 descriptor/start: -61
[  308.443140][  T172] usb 1-1: can't read configurations, error -61
[  308.451688][  T172] usb usb1-port1: attempt power cycle
[  308.547851][ T7897] loop1: detected capacity change from 0 to 1024
[  308.577707][ T7889] loop2: detected capacity change from 0 to 32768
[  308.598917][ T7889] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.546 (7889)
[  309.636496][ T7889] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  309.675481][  T172] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  309.717979][ T7889] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  309.785709][  T172] usb 1-1: device descriptor read/8, error -71
[  309.824053][ T7889] BTRFS info (device loop2): setting nodatasum
[  309.861185][ T7889] BTRFS info (device loop2): force zlib compression, level 3
[  309.919843][ T7889] BTRFS info (device loop2): metadata ratio 4
[  309.967604][ T7889] BTRFS info (device loop2): enabling ssd optimizations
[  309.997909][ T7889] BTRFS info (device loop2): allowing degraded mounts
[  310.004897][ T7889] BTRFS info (device loop2): using free space tree
[  310.015855][ T7909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.553'.
[  311.299084][ T7889] BTRFS error (device loop2): open_ctree failed: -4
[  311.810756][ T7947] loop1: detected capacity change from 0 to 64
[  312.990608][ T7955] loop1: detected capacity change from 0 to 1024
[  313.834404][ T7944] loop3: detected capacity change from 0 to 32768
[  313.901872][ T7944] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  314.069961][ T7944] XFS (loop3): Ending clean mount
[  314.133120][ T5865] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  314.225231][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  315.243442][ T5865] usb 3-1: unable to read config index 0 descriptor/start: -61
[  315.256325][ T5865] usb 3-1: can't read configurations, error -61
[  315.274581][ T7974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.566'.
[  315.435909][ T5865] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  315.711987][ T5865] usb 3-1: unable to read config index 0 descriptor/start: -61
[  315.779381][ T5865] usb 3-1: can't read configurations, error -61
[  315.857387][ T5865] usb usb3-port1: attempt power cycle
[  316.688160][ T7994] loop1: detected capacity change from 0 to 64
[  317.536539][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  317.548529][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  317.605131][ T5869] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  317.701183][ T7996] loop2: detected capacity change from 0 to 1024
[  318.064687][ T5869] usb 4-1: Using ep0 maxpacket: 32
[  318.782874][ T5869] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  318.835954][ T5869] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  318.904617][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.949958][ T5869] usb 4-1: Product: syz
[  318.970262][ T5869] usb 4-1: Manufacturer: syz
[  318.996656][ T5869] usb 4-1: SerialNumber: syz
[  319.025953][ T5869] usb 4-1: config 0 descriptor??
[  319.065494][ T7990] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  319.122834][ T5869] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input13
[  319.490870][  T172] usb 4-1: USB disconnect, device number 6
[  319.497107][    C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  320.768885][ T8008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.575'.
[  320.815257][ T8000] loop2: detected capacity change from 0 to 32768
[  320.841585][ T8000] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  320.975478][ T8000] XFS (loop2): Ending clean mount
[  321.074857][ T5764] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  321.902763][ T8026] loop1: detected capacity change from 0 to 1024
[  323.989160][ T8039] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  324.172021][ T8029] loop3: detected capacity change from 0 to 32768
[  324.227120][ T8029] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  324.332377][ T8029] XFS (loop3): Ending clean mount
[  324.557938][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  324.648557][ T8055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.586'.
[  325.468000][ T8060] loop2: detected capacity change from 0 to 4096
[  325.537478][ T8064] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  325.571706][ T8060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'.
[  325.589723][   T28] audit: type=1800 audit(1765125055.243:22): pid=8060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.589" name="file1" dev="loop2" ino=15 res=0 errno=0
[  325.947220][ T8068] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  326.165714][ T8067] loop0: detected capacity change from 0 to 1024
[  327.730861][ T8087] netlink: 12 bytes leftover after parsing attributes in process `syz.1.597'.
[  327.845531][ T8090] loop2: detected capacity change from 0 to 64
[  328.050067][ T8074] loop3: detected capacity change from 0 to 32768
[  328.127909][ T8074] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  328.752061][ T8074] XFS (loop3): Ending clean mount
[  329.027240][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  329.351461][ T8108] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  329.847364][ T8113] loop1: detected capacity change from 0 to 16
[  329.867130][ T8113] erofs: (device loop1): mounted with root inode @ nid 36.
[  329.888387][ T8113] syz.1.602: attempt to access beyond end of device
[  329.888387][ T8113] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[  329.934866][ T8113] syz.1.602: attempt to access beyond end of device
[  329.934866][ T8113] loop1: rw=524288, sector=16, nr_sectors = 40 limit=16
[  329.956424][ T8113] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  330.023167][   T28] audit: type=1800 audit(1765125059.623:23): pid=8113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.602" name="file3" dev="loop1" ino=89 res=0 errno=0
[  330.982781][ T8130] netlink: 12 bytes leftover after parsing attributes in process `syz.1.608'.
[  331.163879][ T8133] loop0: detected capacity change from 0 to 64
[  331.190428][ T8134] loop3: detected capacity change from 0 to 1024
[  333.154373][ T8154] loop2: detected capacity change from 0 to 512
[  333.330012][ T8154] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  333.404038][ T8154] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  333.605705][ T5764] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.861115][ T8165] netlink: 12 bytes leftover after parsing attributes in process `syz.3.619'.
[  333.924166][ T8164] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  334.552157][ T8175] loop1: detected capacity change from 0 to 1024
[  335.648677][ T8181] tap0: tun_chr_ioctl cmd 2147767506
[  335.689436][ T8181] tap0: tun_chr_ioctl cmd 2148553947
[  336.331690][ T8191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.628'.
[  336.837458][ T8195] kvm: pic: non byte write
[  336.854012][ T8195] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196608 (393216 ns) > initial count (131120 ns). Using initial count to start timer.
[  337.714475][ T8207] snd_dummy snd_dummy.0: control 6:65278:0:syz0:-259 is already present
[  338.639714][ T8216] loop2: detected capacity change from 0 to 512
[  338.712390][ T8216] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  338.886649][ T8216] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6
[  340.269715][ T8251] loop0: detected capacity change from 0 to 64
[  341.433498][ T8267] loop2: detected capacity change from 0 to 256
[  341.468299][ T8267] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  341.527253][ T8267] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  341.610970][ T8267] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  342.033993][ T8274] netlink: 12 bytes leftover after parsing attributes in process `syz.1.660'.
[  342.523689][ T8284] netlink: 36 bytes leftover after parsing attributes in process `syz.1.662'.
[  344.707893][ T8296] hub 8-0:1.0: USB hub found
[  344.717340][ T8296] hub 8-0:1.0: 1 port detected
[  344.839257][ T8296] loop2: detected capacity change from 0 to 1024
[  344.937136][ T8296] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  344.947138][ T8296] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  344.958751][ T8296] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  344.989152][ T8296] EXT4-fs error (device loop2): ext4_get_journal_inode:5800: inode #5: comm syz.2.668: unexpected bad inode w/o EXT4_IGET_BAD
[  345.015816][ T8296] EXT4-fs (loop2): no journal found
[  345.021219][ T8296] EXT4-fs (loop2): can't get journal size
[  345.086516][ T8296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  346.144923][ T8292] loop1: detected capacity change from 0 to 32768
[  346.255984][ T8292] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  346.416196][ T8292] XFS (loop1): Ending clean mount
[  346.669838][ T8307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.669'.
[  346.720768][ T5869] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_bnobt block 0x4 
[  346.757818][ T5869] XFS (loop1): Unmount and run xfs_repair
[  346.777017][ T5869] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  346.799658][ T5869] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  346.827232][ T5869] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 08  ................
[  346.851173][ T5869] 00000020: 00 00 00 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ...Ny.B..... ...
[  346.891481][ T5869] 00000030: 00 00 00 00 9f 6b f4 9e 00 00 00 07 00 00 00 01  .....k..........
[  346.951662][ T5869] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  346.986189][ T5869] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  347.174200][ T5764] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.271125][ T8310] loop3: detected capacity change from 0 to 16
[  347.321409][ T8310] erofs: (device loop3): mounted with root inode @ nid 36.
[  347.341402][ T8310] syz.3.670: attempt to access beyond end of device
[  347.341402][ T8310] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16
[  347.374903][ T8310] syz.3.670: attempt to access beyond end of device
[  347.374903][ T8310] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  347.391524][ T8310] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  347.407343][   T28] audit: type=1800 audit(1765125077.063:24): pid=8310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.670" name="file3" dev="loop3" ino=89 res=0 errno=0
[  347.780630][ T5869] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  347.864056][ T5869] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  347.873922][ T8292] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x4 len 4 error 74
[  347.886209][ T8292] XFS (loop1): page discard on page ffffea00016bb000, inode 0x1806, pos 0.
[  348.073732][ T5770] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  348.724703][ T8327] netlink: 36 bytes leftover after parsing attributes in process `syz.1.673'.
[  349.069005][ T8326] loop3: detected capacity change from 0 to 256
[  349.262994][ T8326] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  349.533089][ T8326] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  349.606791][ T8326] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  349.754954][ T8333] netlink: 12 bytes leftover after parsing attributes in process `syz.0.678'.
[  350.030367][ T8341] loop0: detected capacity change from 0 to 16
[  353.035194][ T8379] loop3: detected capacity change from 0 to 16
[  353.060995][ T8379] erofs: (device loop3): mounted with root inode @ nid 36.
[  353.081129][ T8379] syz.3.692: attempt to access beyond end of device
[  353.081129][ T8379] loop3: rw=524288, sector=8, nr_sectors = 24 limit=16
[  353.102131][ T8379] syz.3.692: attempt to access beyond end of device
[  353.102131][ T8379] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  353.116686][ T8379] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  353.128693][   T28] audit: type=1800 audit(1765125082.783:25): pid=8379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.692" name="file3" dev="loop3" ino=89 res=0 errno=0
[  353.883151][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  353.968038][ T8387] netlink: 12 bytes leftover after parsing attributes in process `syz.2.696'.
[  354.408606][ T8398] netlink: 36 bytes leftover after parsing attributes in process `syz.2.699'.
[  355.528774][ T8390] loop3: detected capacity change from 0 to 32768
[  355.618730][ T8390] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  356.253124][ T8390] XFS (loop3): Ending clean mount
[  356.493388][  T172] XFS (loop3): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_bnobt block 0x4 
[  356.494744][ T8423] netlink: 12 bytes leftover after parsing attributes in process `syz.0.707'.
[  356.562347][  T172] XFS (loop3): Unmount and run xfs_repair
[  356.587894][  T172] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  356.618961][  T172] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  356.643389][  T172] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 08  ................
[  356.669096][  T172] 00000020: 00 00 00 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d  ...Ny.B..... ...
[  356.695035][  T172] 00000030: 00 00 00 00 9f 6b f4 9e 00 00 00 07 00 00 00 01  .....k..........
[  356.709972][  T172] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0  ........... ....
[  356.719544][  T172] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  356.739183][  T172] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  356.765286][  T172] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  356.803068][ T8390] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x4 len 4 error 74
[  356.823267][ T8390] XFS (loop3): page discard on page ffffea00016c55c0, inode 0x1806, pos 0.
[  356.883555][ T5768] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  357.044189][ T8437] netlink: 36 bytes leftover after parsing attributes in process `syz.2.711'.
[  357.404617][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  359.199710][ T8454] loop0: detected capacity change from 0 to 1024
[  359.718378][ T7324] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  360.043798][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  360.473815][ T8472] netlink: 36 bytes leftover after parsing attributes in process `syz.1.724'.
[  361.567438][ T8487] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  361.601528][ T8487] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  361.693022][  T172] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  361.892997][  T172] usb 2-1: Using ep0 maxpacket: 32
[  361.905086][  T172] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  361.925977][  T172] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  361.942942][  T172] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.961491][  T172] usb 2-1: Product: syz
[  361.965860][  T172] usb 2-1: Manufacturer: syz
[  361.970506][  T172] usb 2-1: SerialNumber: syz
[  361.997539][  T172] usb 2-1: config 0 descriptor??
[  362.020645][ T8480] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  362.077702][  T172] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input14
[  362.881614][ T8480] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.727'.
[  362.934839][  T172] usb 2-1: USB disconnect, device number 5
[  362.941397][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  363.227225][ T8496] loop2: detected capacity change from 0 to 32768
[  363.314618][ T8496] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.731 (8496)
[  363.448953][ T8496] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  363.478252][ T8496] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  363.512864][ T8496] BTRFS info (device loop2): setting nodatasum
[  363.553035][ T8496] BTRFS info (device loop2): force zlib compression, level 3
[  363.560599][ T8496] BTRFS info (device loop2): metadata ratio 4
[  363.620359][ T8496] BTRFS info (device loop2): enabling ssd optimizations
[  363.640814][ T8496] BTRFS info (device loop2): allowing degraded mounts
[  363.648825][ T8496] BTRFS info (device loop2): using free space tree
[  363.895492][ T8496] BTRFS info (device loop2): auto enabling async discard
[  364.813382][ T8529] kvm: user requested TSC rate below hardware speed
[  364.814052][ T5764] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  364.824820][ T8529] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  366.381372][ T8554] loop1: detected capacity change from 0 to 1024
[  367.807074][ T8548] loop2: detected capacity change from 0 to 32768
[  367.957034][ T8548] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  368.079927][ T5764] ocfs2: Unmounting device (7,2) on (node local)
[  368.550512][ T8574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.750'.
[  368.683989][    C0] ------------[ cut here ]------------
[  368.690038][    C0] ODEBUG: free active (active state 0) object: ffff88801a24b890 object type: timer_list hint: rose_t0timer_expiry+0x0/0x350
[  368.703563][    C0] WARNING: CPU: 0 PID: 8571 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x446/0x540
[  368.713686][    C0] Modules linked in:
[  368.717648][    C0] CPU: 0 PID: 8571 Comm: syz.1.744 Not tainted syzkaller #0
[  368.725107][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  368.735253][    C0] RIP: 0010:debug_check_no_obj_freed+0x446/0x540
[  368.741662][    C0] Code: 4c 8b 4d 00 48 c7 c7 40 79 fc 8a 48 c7 c6 a0 75 fc 8a 48 c7 c2 c0 7a fc 8a 8b 0c 24 4d 89 f8 41 55 e8 3e b9 29 fd 48 83 c4 08 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 43 02 24
[  368.761399][    C0] RSP: 0018:ffffc90000007a50 EFLAGS: 00010296
[  368.767565][    C0] RAX: ad897f3269204700 RBX: ffffffff9711d620 RCX: ffff88802d58bc00
[  368.775745][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  368.783817][    C0] RBP: ffffffff8aac9f00 R08: ffffc90000007647 R09: 1ffff92000000ec8
[  368.791852][    C0] R10: dffffc0000000000 R11: fffff52000000ec9 R12: ffff88801a24ba00
[  368.800034][    C0] R13: ffffffff89603730 R14: ffff88801a24b000 R15: ffff88801a24b890
[  368.808111][    C0] FS:  00007f03fb3606c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  368.817265][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  368.823937][    C0] CR2: 00007f75a5f98000 CR3: 00000000212f9000 CR4: 00000000003526f0
[  368.831972][    C0] Call Trace:
[  368.835335][    C0]  <IRQ>
[  368.838254][    C0]  slab_free_freelist_hook+0xd2/0x1b0
[  368.843762][    C0]  ? rose_timer_expiry+0x4c6/0x5f0
[  368.848933][    C0]  __kmem_cache_free+0xba/0x1f0
[  368.853914][    C0]  rose_timer_expiry+0x4c6/0x5f0
[  368.858912][    C0]  ? call_timer_fn+0x15a/0x530
[  368.863848][    C0]  call_timer_fn+0x16e/0x530
[  368.868500][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  368.873644][    C0]  ? call_timer_fn+0xbf/0x530
[  368.878389][    C0]  ? __run_timers+0x7d0/0x7d0
[  368.883279][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  368.888546][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  368.893862][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  368.898945][    C0]  __run_timers+0x52d/0x7d0
[  368.903569][    C0]  ? detach_timer+0x2b0/0x2b0
[  368.908309][    C0]  ? lock_chain_count+0x20/0x20
[  368.913277][    C0]  run_timer_softirq+0x67/0xf0
[  368.918202][    C0]  handle_softirqs+0x280/0x820
[  368.923546][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  368.928391][    C0]  ? do_softirq+0x180/0x180
[  368.933090][    C0]  __irq_exit_rcu+0xc7/0x190
[  368.937775][    C0]  ? irq_exit_rcu+0x20/0x20
[  368.942366][    C0]  irq_exit_rcu+0x9/0x20
[  368.946732][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  368.952433][    C0]  </IRQ>
[  368.955475][    C0]  <TASK>
[  368.958459][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  368.963127][ T5856] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  368.964538][    C0] RIP: 0010:kasan_check_range+0x1be/0x290
[  368.977822][    C0] Code: 01 f3 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 49 ff cc 75 ee 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 45 84 ff 75 61 41 f7 c7 00 ff 00 00
[  368.997663][    C0] RSP: 0018:ffffc900048ff6d0 EFLAGS: 00000256
[  369.003828][    C0] RAX: ffff888025b49001 RBX: ffff888025b49060 RCX: ffffffff891cbdbc
[  369.011874][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888025b49060
[  369.019947][    C0] RBP: ffffc900048ff898 R08: ffff888025b49067 R09: 1ffff11004b6920c
[  369.028023][    C0] R10: dffffc0000000000 R11: ffffed1004b6920d R12: 0000000000000001
[  369.036301][    C0] R13: 1ffff9200091fef0 R14: ffffed1004b6920d R15: 1ffff11004b6920c
[  369.044391][    C0]  ? __unix_dgram_recvmsg+0x69c/0xd60
[  369.049858][    C0]  __unix_dgram_recvmsg+0x69c/0xd60
[  369.055284][    C0]  ? unix_unhash+0x10/0x10
[  369.059808][    C0]  ? asm_sysvec_call_function_single+0x1a/0x20
[  369.066095][    C0]  ? mark_lock+0x94/0x320
[  369.070495][    C0]  ? unix_dgram_recvmsg+0xad/0xd0
[  369.075907][    C0]  ? unix_dgram_sendmsg+0x1720/0x1720
[  369.081336][    C0]  sock_recvmsg_nosec+0x82/0xd0
[  369.086281][    C0]  ____sys_recvmsg+0x49b/0x5b0
[  369.091113][    C0]  ? __sys_recvmsg_sock+0x50/0x50
[  369.096273][    C0]  ? import_iovec+0x73/0xa0
[  369.100940][    C0]  ___sys_recvmsg+0x1b6/0x510
[  369.105730][    C0]  ? __sys_recvmsg+0x270/0x270
[  369.110659][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  369.115806][    C0]  ? __might_fault+0xc6/0x120
[  369.120541][    C0]  ? __might_fault+0xaa/0x120
[  369.125333][    C0]  do_recvmmsg+0x360/0x7d0
[  369.129815][    C0]  ? __sys_recvmmsg+0x280/0x280
[  369.134792][    C0]  ? __ia32_sys_get_robust_list+0x110/0x110
[  369.140886][    C0]  ? rcu_read_lock_sched_held+0x8a/0x100
[  369.146847][    C0]  __x64_sys_recvmmsg+0x191/0x240
[  369.151983][    C0]  ? do_recvmmsg+0x7d0/0x7d0
[  369.156702][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  369.162053][    C0]  do_syscall_64+0x55/0xb0
[  369.166615][    C0]  ? clear_bhb_loop+0x40/0x90
[  369.171352][    C0]  ? clear_bhb_loop+0x40/0x90
[  369.176115][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.182060][    C0] RIP: 0033:0x7f03fa58f749
[  369.186606][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.206744][    C0] RSP: 002b:00007f03fb360038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  369.215284][    C0] RAX: ffffffffffffffda RBX: 00007f03fa7e6090 RCX: 00007f03fa58f749
[  369.219001][ T5856] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.223332][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[  369.223353][    C0] RBP: 00007f03fa613f91 R08: 0000000000000000 R09: 0000000000000000
[  369.249603][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  369.257848][    C0] R13: 00007f03fa7e6128 R14: 00007f03fa7e6090 R15: 00007ffdd0aff6b8
[  369.265949][    C0]  </TASK>
[  369.267910][ T5856] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  369.269003][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  369.269016][    C0] CPU: 0 PID: 8571 Comm: syz.1.744 Not tainted syzkaller #0
[  369.269032][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  369.269047][    C0] Call Trace:
[  369.269057][    C0]  <IRQ>
[  369.269067][    C0]  dump_stack_lvl+0x16c/0x230
[  369.269115][    C0]  ? show_regs_print_info+0x20/0x20
[  369.269151][    C0]  ? load_image+0x3b0/0x3b0
[  369.269198][    C0]  panic+0x2c0/0x710
[  369.269234][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  369.269281][    C0]  __warn+0x2e0/0x470
[  369.269307][    C0]  ? debug_check_no_obj_freed+0x446/0x540
[  369.269343][    C0]  ? debug_check_no_obj_freed+0x446/0x540
[  369.269374][    C0]  report_bug+0x2be/0x4f0
[  369.269398][    C0]  ? debug_check_no_obj_freed+0x446/0x540
[  369.269429][    C0]  ? debug_check_no_obj_freed+0x446/0x540
[  369.269461][    C0]  ? debug_check_no_obj_freed+0x448/0x540
[  369.269492][    C0]  handle_bug+0xcf/0x120
[  369.269515][    C0]  exc_invalid_op+0x1a/0x50
[  369.269538][    C0]  asm_exc_invalid_op+0x1a/0x20
[  369.269565][    C0] RIP: 0010:debug_check_no_obj_freed+0x446/0x540
[  369.269598][    C0] Code: 4c 8b 4d 00 48 c7 c7 40 79 fc 8a 48 c7 c6 a0 75 fc 8a 48 c7 c2 c0 7a fc 8a 8b 0c 24 4d 89 f8 41 55 e8 3e b9 29 fd 48 83 c4 08 <0f> 0b 4c 8b 6c 24 18 48 b9 00 00 00 00 00 fc ff df ff 05 43 02 24
[  369.269617][    C0] RSP: 0018:ffffc90000007a50 EFLAGS: 00010296
[  369.269640][    C0] RAX: ad897f3269204700 RBX: ffffffff9711d620 RCX: ffff88802d58bc00
[  369.269657][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[  369.269671][    C0] RBP: ffffffff8aac9f00 R08: ffffc90000007647 R09: 1ffff92000000ec8
[  369.269687][    C0] R10: dffffc0000000000 R11: fffff52000000ec9 R12: ffff88801a24ba00
[  369.269704][    C0] R13: ffffffff89603730 R14: ffff88801a24b000 R15: ffff88801a24b890
[  369.269723][    C0]  ? rose_transmit_link+0x740/0x740
[  369.269788][    C0]  slab_free_freelist_hook+0xd2/0x1b0
[  369.269831][    C0]  ? rose_timer_expiry+0x4c6/0x5f0
[  369.269853][    C0]  __kmem_cache_free+0xba/0x1f0
[  369.269901][    C0]  rose_timer_expiry+0x4c6/0x5f0
[  369.269922][    C0]  ? call_timer_fn+0x15a/0x530
[  369.269948][    C0]  call_timer_fn+0x16e/0x530
[  369.269969][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  369.269992][    C0]  ? call_timer_fn+0xbf/0x530
[  369.270013][    C0]  ? __run_timers+0x7d0/0x7d0
[  369.270046][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  369.270073][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  369.270099][    C0]  ? rose_start_t1timer+0xd0/0xd0
[  369.270123][    C0]  __run_timers+0x52d/0x7d0
[  369.270160][    C0]  ? detach_timer+0x2b0/0x2b0
[  369.270190][    C0]  ? lock_chain_count+0x20/0x20
[  369.270222][    C0]  run_timer_softirq+0x67/0xf0
[  369.270260][    C0]  handle_softirqs+0x280/0x820
[  369.270286][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  369.270316][    C0]  ? do_softirq+0x180/0x180
[  369.270348][    C0]  __irq_exit_rcu+0xc7/0x190
[  369.270371][    C0]  ? irq_exit_rcu+0x20/0x20
[  369.270402][    C0]  irq_exit_rcu+0x9/0x20
[  369.270421][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  369.270449][    C0]  </IRQ>
[  369.270457][    C0]  <TASK>
[  369.270466][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  369.270494][    C0] RIP: 0010:kasan_check_range+0x1be/0x290
[  369.270522][    C0] Code: 01 f3 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 49 ff cc 75 ee 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 45 84 ff 75 61 41 f7 c7 00 ff 00 00
[  369.270540][    C0] RSP: 0018:ffffc900048ff6d0 EFLAGS: 00000256
[  369.270561][    C0] RAX: ffff888025b49001 RBX: ffff888025b49060 RCX: ffffffff891cbdbc
[  369.270579][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888025b49060
[  369.270594][    C0] RBP: ffffc900048ff898 R08: ffff888025b49067 R09: 1ffff11004b6920c
[  369.270611][    C0] R10: dffffc0000000000 R11: ffffed1004b6920d R12: 0000000000000001
[  369.270627][    C0] R13: 1ffff9200091fef0 R14: ffffed1004b6920d R15: 1ffff11004b6920c
[  369.270652][    C0]  ? __unix_dgram_recvmsg+0x69c/0xd60
[  369.270699][    C0]  __unix_dgram_recvmsg+0x69c/0xd60
[  369.270751][    C0]  ? unix_unhash+0x10/0x10
[  369.270795][    C0]  ? asm_sysvec_call_function_single+0x1a/0x20
[  369.270828][    C0]  ? mark_lock+0x94/0x320
[  369.270852][    C0]  ? unix_dgram_recvmsg+0xad/0xd0
[  369.270876][    C0]  ? unix_dgram_sendmsg+0x1720/0x1720
[  369.270909][    C0]  sock_recvmsg_nosec+0x82/0xd0
[  369.270936][    C0]  ____sys_recvmsg+0x49b/0x5b0
[  369.270978][    C0]  ? __sys_recvmsg_sock+0x50/0x50
[  369.271022][    C0]  ? import_iovec+0x73/0xa0
[  369.271059][    C0]  ___sys_recvmsg+0x1b6/0x510
[  369.271092][    C0]  ? __sys_recvmsg+0x270/0x270
[  369.271142][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  369.271176][    C0]  ? __might_fault+0xc6/0x120
[  369.271196][    C0]  ? __might_fault+0xaa/0x120
[  369.271221][    C0]  do_recvmmsg+0x360/0x7d0
[  369.271257][    C0]  ? __sys_recvmmsg+0x280/0x280
[  369.271298][    C0]  ? __ia32_sys_get_robust_list+0x110/0x110
[  369.271319][    C0]  ? rcu_read_lock_sched_held+0x8a/0x100
[  369.271363][    C0]  __x64_sys_recvmmsg+0x191/0x240
[  369.271393][    C0]  ? do_recvmmsg+0x7d0/0x7d0
[  369.271422][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  369.271455][    C0]  do_syscall_64+0x55/0xb0
[  369.271475][    C0]  ? clear_bhb_loop+0x40/0x90
[  369.271501][    C0]  ? clear_bhb_loop+0x40/0x90
[  369.271530][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  369.271556][    C0] RIP: 0033:0x7f03fa58f749
[  369.271577][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.271594][    C0] RSP: 002b:00007f03fb360038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  369.271632][    C0] RAX: ffffffffffffffda RBX: 00007f03fa7e6090 RCX: 00007f03fa58f749
[  369.271647][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[  369.271663][    C0] RBP: 00007f03fa613f91 R08: 0000000000000000 R09: 0000000000000000
[  369.271676][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  369.271691][    C0] R13: 00007f03fa7e6128 R14: 00007f03fa7e6090 R15: 00007ffdd0aff6b8
[  369.271724][    C0]  </TASK>
[  369.278125][    C0] Kernel Offset: disabled