last executing test programs:

8m43.8119696s ago: executing program 32 (id=42):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f00000012c0)={0x0, 0xb, 0x5, {0x5, 0xc, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

7m45.832037716s ago: executing program 33 (id=640):
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@mcast2, 0x2e, r1})

7m14.893502638s ago: executing program 34 (id=1002):
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9)

6m57.399019439s ago: executing program 35 (id=1271):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000001208000440240000150900020073797a32"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

5m14.441376502s ago: executing program 36 (id=2876):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@caif=@rfm={0x25, 0x5, "cdfaaf7254f4ef6249f068fcdd7e1cbd"}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000300)="27050200340f14000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e57000010", 0xfdef}], 0x1}, 0x800)

4m8.716158149s ago: executing program 37 (id=4041):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001780)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r0, &(0x7f0000009a80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000001c00)=""/189, 0xbd}, {&(0x7f0000001cc0)=""/101, 0x65}, {&(0x7f0000004a80)=""/4096, 0x1000}, {&(0x7f0000001d40)=""/188, 0xbc}, {&(0x7f0000001e00)=""/74, 0x4a}], 0x5}, 0x8}], 0x3, 0x42, 0x0)

1m55.877183737s ago: executing program 38 (id=6060):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r0, r0, 0x0, 0x200000)

1m41.954368333s ago: executing program 39 (id=6376):
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

1m39.660252863s ago: executing program 8 (id=6407):
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x28d, &(0x7f0000000400)="$eJzs3U1rE0Ecx/HfbNIm2lK3DyKIp2rBk/ThIl4KknfgxZNomwjFUEErqKfqWTyL974FX4BHT+JZ8NaTLyC3yMxOmk2ym01D103S7weSbrrzn53pznbmv6WsAFxaD2t/TnZO7ctIJZUkPZACSVWpLOm6blTfHB4dHDUb9WEVlVyEfRlFkWagzP5hIynUxrkIL7SfylqMfw/5qP7WcdFtQPHc1Z8gkCr+6nT7q/+9Zfm47IPetNTSWy0V3Q4AQLGC7hc7zy/69XsQSBt+2u+d/6d8Am0V3YCcfc/YH5v/XZbVNvb8XnO7uvmeS+HKmvNBJzun47RlXtHI6llgmqys0rUluPL8oNm4t/+yWQ/0UbveXLfYmnuvn41gp5PT2u0Pg1Wv+9x0xPwyXtv5LLg+zNk+bMfbHyuyerFHzGZ+mJ/miQn1VfWz9V+5bexpcmcq7DtTUfs302t0vZyXK5XSy2V3kJv+CN7QXpaUkpGoM6KW+05gmNVOF7XSFxX1bisjajUxajsjaq0/qjua0yPzZj6bx2Zdf/VNtdj6P7A/7Q2NcmXaMq6kHxlD+1N2JUM3n/g7Qse3EksG4/YIY/ikPd3X0ut37188azYbr6ZsY+9L1I3swvZKnIw2T85GZxBMSntmdmO0IZrDRmfeGb+e9F8d3JafHd2Tfs5ABsGssOsuE+V/sXxl0y3W7FvYu06vxGPbWZXHatxKyQ1W3PvV9Ayuh3G3HhYS/ro4eMShOdftu9KdUY4YCX07J8/uOEGmpl96yv1/AAAAAAAAAAAAAAAAAACAaXNx/3JQVdquovsIAAAAAAAAAAAAAAAAAAAAAMC0S3j+b6XQ5/8+UvSJ5/8CufsXAAD//8+PcJg=")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x2004019, 0x0, 0xfc, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x18d)
getdents(r0, 0xfffffffffffffffd, 0x58)

1m39.308510575s ago: executing program 8 (id=6409):
syz_mount_image$hfs(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1218001, &(0x7f0000000700)={[{@gid}, {@type={'type', 0x3d, "5ed07ee6"}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@codepage={'codepage', 0x3d, 'koi8-u'}}]}, 0x2, 0x342, &(0x7f0000000100)="$eJzs3T1rFEEcBvBn9uWyZ0Jck0jASqIBq5DEQrExSLDxC1hIMCYXCFkjaAQNiNFaxE4QLO2sRb+CNuIX0CqFWGkTLFyZ2Z19u9nN5XLJ5sjzA4+93Zmd/9zM7M0kxAERHVvX5r+/u7gt/wkXgA3gCmAB8AAHwGmMew/XN9pzDuTf2smRQJRTtGVZWm+ZYvAQ54j58p2Doew5OhhhGIY/dk31+1BiofqI7AjOsKKB7ugR7h16ZAdjq+0BdgxkWljsYAePMFxnOEREVL/4+9+KvyWG4vm7ZQGT8Ty837//c/ObnfriOBKS738reh8K+fmcVJfkem91I2gtR0s42fqWXiWa7mXsE2H6cTcQ9Sx7MDPlypRipmKxmiurQWtqS93gOa7GMsnG1OsydEWUsmgbUaoJw9q0QlXdqw2qOriyDrMl8Y9WlWhcAH/6idfm4ha+mM4W6io+i69iQfh4g+Vk/ueEQjaTaim/MFSi+KcraqnDDFrTuVqm4Z9ShZyJS8DH92ktm2WfqwdbxpLXSOtRnL/7Os5XDfMN1ekR5H+sENVuprx2Ktco4Ai1asjmmk0S/TXmGiuW1Vxxg9bU0r2grNP3lnFFJ16Km2ICv/AB85n5vyVTT6J8ZOZGuVAp455RWR9HpWxrRwM1NO/uaWSScj0/XjvK8wJ3cBnDDx5vri0GQet+/Qd6qHSZ/WyP44k6Ytwd5RmoJ1ySBp48cAH0rNB/YRgaLzk4jCZwVVUvvU2rvLm2KOJn3v6KkE/OwqW58sQA5gDEZ/QToZvSnya5BtIb7pLLV2X9ka2tzuQ6pKsPdFTqku66B9M6uqjcJRsDHY2UZheF3niythh09SSiPpM2OsZv1R0M1UHOF0S0/susV6bVU0e++BXrHzf/ttmWIHPHmZIV0Ih6PdHZCi65bek8cVAf7LLmOncBOF8o0YIu8Vnxtn4cJ47ibyX3/qsMMY9vuM2f/xMRERERERERERERERERERERERER9Zu9/jVCN39OkC9x+xj+xxtERERERERERERERERERERERERERERERPuT2f8XsNWOMQ3T/r9VOzUpdrRDjNeL/X/tDvb/FVv9vBcZ0ZHwPwAA//+ekVe5")
syz_mount_image$exfat(&(0x7f0000006c00), &(0x7f0000001b40)='./file0\x00', 0x208008de, &(0x7f0000001b80)=ANY=[@ANYBLOB='utf8,errors=continue,namecase=1,utf8,gid=', @ANYRESHEX=0x0, @ANYBLOB=',umask=00000000000000000000077,umask=00000000000000000005676,uid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0x0, @ANYRESDEC=0x0], 0x1, 0x1503, &(0x7f0000000580)="$eJzs3Au4T9XWMPAx5pyLbSf928lls8Yci3/amCRJLgm5JEmSJLklJCRJQmKTWxKSkHuSe0guO3Zyv99yT5Ij7SQJyS3M79Hp/Zz3dN7T936n7/M+Z4/f88zHHNZ/jP9Ye+xnr7X+z7P3952HVmtQvXI9ZoZ/Cf71n1QASACAAQBwAwAEAFAqqVTSlePZNKb+a28i/lyPzrjWHYhrSeafucn8MzeZf+Ym88/cZP6Zm8w/c5P5Z24yfyEys20z894oK/Mu+fw/M5Pr/7+RjGLjvt5Q7OYu/40UmX/mJvP/N5f1nx+W+WduMv/MTeafucn8//1V+ifHZP6Zm8xfiMzsWn/+LOvarmv9/SeEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQInM4568yAPAf+2vdlxBCCCGEEEIIIf48Puu17kAIIYQQQgghhBD/7yEo0GAggCyQFRIgGyTCdZAdrocccAPE4EZIgpsgJ9wMuSA35IG8kAz5ID+EQGCBIYICUBDicAsUglshBQpDESgKDopBcbgNSsDtUBLugFJwJ5SGu6AMlIVyUB7uhgpwD1SESlAZ7oUqUBWqQXW4D2rA/VATHoBa8CDUhoegDjwMdeERqAePQn14DBrA49AQnoBG0BiaQFNo9n+V/zJ0h1egB/SEVOgFveFV6AN9oR/0hwHwGgyE12EQvAGDYQgMhTdhGLwFw+FtGAEjYRS8A6NhDIyFcTAeJsBEeBcmwXswGd6HKTAVpsF0mAEzYRZ8ALNhDsyFD2EefATzYQEshEWQBh/DYlgC6fAJLIVPYRkshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG3wG22EH7IRdsBv2wF74HPbBF7AfvoQD8NV/M//s3+V3QUBAhQoNGsyCWTABEzAREzE7ZsccmANjGMMkTMKcmBNzYS7Mg3kwGZMxP+ZHQkJGxgJYAOMYx0JYCFMwBYtgEXTosDgWxxJ4O5bEklgKS2FpLI1lsCyWxfJYHitgBayIFbEyVsYqWAWrYTW8D+/D+7Em1sRaWAtrY22sg3WwLtbFelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBdtgO22N77IAdsCN2xE7YCTtjZ+yCXbErvowv4yv4CvbEKqoX9sbe2Af7YD/sj/3xNRyIr+Pr+AYOxiE4FN/EN/EtHI5ncASOxFE4CiuoMTgWxyGrCTgRJ+IknISTcTJOwak4FafjDJyJs3AWzsY5OAc/xHn4EX6EC3ABLsI0TMPFuATTMR2X4llchstxBa7EVbgaV+FaXIdrcQNuxA24GTfjVtyKn+FnuAN34C7chXtwD36On+MX+AUOxgN4AA/iQTyEh/AwHsYMzMAjeASP4lE8hsfwOB7HE3gST+FJPI2n8QyexXN4Di/gBbyILyZ/W39P4fWDQV1hlFFZVBaVoBJUokpU2VV2lUPlUDEVU0kqSeVUOVUulUvlUXlUskpW+VV+RYoUq0gVUAUSAEAVUoVUikpRRVQR5ZRTxVVxVUKVUCVVSVVK3alKq7tUGVVWtXTlVXlVQbVyFVUlVVlVVlVUVVVNVVfVVQ1VQ9VUNVUtVUvVVrVVHfWwqqt6YT98VF2ZTAM1BBuqodhINVZNVFP1Fj6pmqvh2EK1VK3U02okjsA2qrlrp55V7dVY7KCeV+PwBdVJTcDO6iXVRXVV3dTLqrtq4XqonmoK9lK91XTso/qqfqq/mo1V1ZWJVVNvqMFqiBqq3lSL8C01XL2tRqiRapR6R41WY9RYNU6NVxPURPWumqTeU5PV+2qKmqqmqelqhpqpZqkP1Gw1R81VH6p56iM1Xy1QC9UilaY+VovVEpWuPlFL1adqmVquVqiVapVardaotWqdWq82qI1qk9qstqitapv6TG1XO9ROtUvtVnvUXvW52qe+UPvVl+qA+kodVH9Rh9TX6rD6RmWob9UR9Z06qr5Xx9QP6rj6UZ1QJ9Up9ZM6rX5WZ9RZdU6dVxfUL+qiuqQuK69Ao1Zaa6MDnUVn1Qk6m07U1+ns+nqdQ9+gY/pGnaRv0jn1zTqXzq3z6Lw6WefT+XWoSVvNOtIFdEEd17foQvpWnaIL6yK6qHa6mC6ub9Ml9O26pL5Dl9J36tL6Ll1Gl9XldHl9t66g79EVdSVdWd+rq+iqupquru/TNfT9uqZ+QNfSD+ra+iFdRz+s6+pHdD39qK6vH9MN9OO6oX5CN9KNdRPdVDfTT+rm+indQrfUrfTTurV+RrfRbXU7/axur5/THfTzuqN+QXfSL+rO+iXdRXfV3fQlfVl73UP31Km6l+6tX9V9dDr00/31AP2aHqhf14P0G3qwHqKH6jf1MP2WHq7f1iP0SD1Kv6NH6zF6rB6nx+sJeqJ+V0/S7+nJ+n09RU/V0/R0PUPP1P1+qzT37/J7/XbV/dv89/5B/qBf332r3qY/09v1Dr1T79K79R69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WGTpDH9FH9FF9VB/Tx/RxfVyf0Cf1ef2TPq1/1mf0WX1Wn9cX9AV98bevARg0ymhjTGCymKwmwWQzieY6k91cb3KYG0zM3GiSzE0mp7nZ5DK5TR6T1ySbfCa/CQ0Za9hEpoApaOLmFlPI3GpSTGFTxBQ1zhQzxc1t/3L+H/XXzDQzzU1z08K0MK1MK9PatDZtTBvTzrQz7U1708F0MB1NR9PJdDKdTWfTxXQx3Uw30910Nz1MD5NqUk1v86rpY/qafqa/GWBeMwPNQDPIDDKDzWAz1Aw1w8wwM9wMNyPMCDPKjDKjzWgz1ow14814M9FMNJPMJDPZTDZTzBQzzUwzM8wMM8vMMrPNbDPXzDXzzDwz38w3C81Ck2bSzGKz2KSbdLPULDXLzHKz3Kw0K81qs9qsNWvNerPebDQbzWaz2Swz28w2s91sNzvNTrPb7DZ7zV6zz+wz+81+c8AcMAfNQXPIHDKHzWGTYTLMEXPEHDVHzTFzrNdxc9ycMCfMKXPKnDanzRlzxpwz58wFc8FcNBfNZXP5ym1foAIVmMAEWYIsQUKQECQGiUH2IHuQI8gRxIJYkBQkBTmDm4NcQe4gT5A3SA7yBfmDMKDABhxEQYGgYBAPbgkKBbcGKUHhoEhQNHBBsaB4cFtQIrg9KBncEZQK7gxKB3cFZYKyQbmgfHB3UCG4J6gYVAoqB/cGVYKqQbWgenBfUCO4P6gZPBDUCh4MagcPBXWCh4O6wSNBveDRoH7wWNAgeDxoGDwRNAoaB02CpkGzP7W+92dyP+V6hD3D1LBX2Dt8NewT9g37hf3DAeFr4cDw9XBQ+EY4OBwSDg3fDIeFb4XDw7fDEeHIcFT4Tjg6HKMBIBwfTggnhu+Gk8L3wsnh++GUcGo4LZwezghnhrPCD8LZ4ZxwbvhhOC/8KJwfLggXhovCtPDjcHG4JEwPPwmXhp+Gy8Ll4YpwZbgqXH3+RoBwXbg+3BBuDDeFm8Mt4dZwW/hZuD3cEe4Md4W7wz3h3vDzcF/4Rbg//DI8EH4VHgz/Eh4Kvw4Ph9+EGeG34ZHwu/Bo+H14LPwhPB7+GJ4IT4anwp/C0+HP4ZnwbHguPB9eCH8JL4aXwsuhv3Jzf+XyToYMZaEslEAJlEiJlJ2yUw7KQTGKURIlUU7KSbkoF+WhPJRMyZSf8tMVTEwFqADFKU6FqBClUAoVoSLkyFFxKk4lqASVpJJUikpRaSpNZagMlaNydDfdTffQPVSJKtG9dC9VpapUnapTDapBNakm1aJaVJtqUx2qQ3WpLtWjelSf6lMDakANqSE1okbUhJpQM2pGzak5taAW1IpaUWtqTW2oDbWjdtSe2lMH6kAdqSN1ok7UmTpTF+pC3agbdafu1IN6UCqlUm/qTX2oD/WjfjSABtBAGkiDaBANpsE0lIbSMBpGw2k4jaCRNIreodE0hsbSOBpPE2giTaRJNIkm02SaQlNoGk2jGTSDZtEsmk2zaS7NpXk0j+bTfFpICymN0mgxLaZ0SqeltJSW0TJaQStoFa2iNbSG1tE62kAbaBNtoi20hbbRNtpO22kn7aTdtJv20l7aR/toP+2nA3SADtJBOkSH6DAdpgzKoCN0hI7SUTpGx+g4HacTdIJO0Sk6TafpDJ2hc3SOLtAvdJEu0WXylGAVJNrrbHZ7vc1hb7AJNpv92ziPzWuTbT6b34Y2l839n2Ky1qbYwraILWqdLWaL29t+F5exZW05W97ebSvYe2zF38U17P22pn3A1rIP2ur2vt/irL/Gte1Dto593Na1T9h6trGtb5vaBvZx29A+YRvZxraJbWpb22dsG9vWtrPP2vb2ud/Fi+0Su86utxvsRrvPfmHP2fP2qP3eXrC/2B62px1gX7MD7et2kH3DDrZDfhePsu/Y0XaMHWvH2fF2wu/iaXa6nWFn2ln2AzvbzvldnGY/tvNsup1vF9iFdtGv8ZWe0u0ndqn91C6zy+0Ku9KusqvtGrv2f/e60m62W+xWu9d+brfbHXan3WV32z2/xlfOY7/90h6wX9kj9jt7yH5tD9tjNsN++2t85fyO2R/scfujPWFP2lP2J3va/mzP2LO/nv+Vc//JXrKXrbfAyIo1Gw44C2flBM7GiXwdZ+frOQffwDG+kZP4Js7JN3Muzs15OC8ncz7OzyETW2aOuAAX5DjfwoX4Vk7hwlyEi7LjYlycb+MSfDuX5Du4FN/JpfkuLsNluRyX57u5At/DFbkSV+Z7uQpX5Wpcne/jGnw/1+QHuBY/yLX5Ia7DD3NdfoTr8aNcnx/jBvw4N+QnuBE35ibclJvxk9ycn+IW3JJb8dPcmp/hNtyW2/Gz3J6f4w78PHfkF7gTv8id+SXuwl25G7/M3fkV7sE9OZV7cW9+lftwX+7H/XkAv8YD+XUexG/wYB7CQ/lNHsZv8XB+m0fwSB7F7/BoHsNjeRyP5wk8kd/ls2lt81y515vCU3kaT+cZPJNn8Qc8m+fwXP6Q5/FHPJ8X8EJexGn8MS/mJZzOn/BS/pSX8XJewSt5Fa/mNbyW1/F63sAbeRNv5i28lbfxZ7ydd/BO3sW7eQ/v5c95H3/B+/lLPsBf8UH+Cx/ir/kwf8MZ/C0f4e/4KH/Px/gHPs4/8gk+yaf4Jz7NP/MZPsvn+Dxf4F/4Il/iy+wZIoxUpCMTBVGWKGuUEGWLEqProuzR9VGO6IYoFt0YJUU3RTmjm6NcUe4oT5Q3So7yRfmjMKLIRhxFUYGoYBSPbokKRbdGKVHhqEhUNHJRsah4dFtUIro9KhndEZWK7oxKR3dFZaKy0eMPlo/ujipE90QVo0pR5ejeqEpUNaoWVY/ui2pE90c1oweiWtGDUcnooahO9HBUN3okqhc9GtWPHosaRI9HDaMnokZR46hJ1DRqFj0ZNY+eilpELaNW0dNR6+iZqE3UNmoXPRu1j577w+OpUa+od/Rq9Grk/QN6YXxRPC3+cXxxfEk8Pf5JfGn80/iy+PL4ivjK+Kr46via+Nr4uvj6+Ib4xvim+Ob4lvjWuPfVs4JDp5x2xgUui8vqElw2l+iuc9nd9S6Hu8HF3I0uyd3kcrqbXS6X2+VxeV2yy+fyu9CRs45d5Aq4gi7ubnGF3K0uxRV2RVxR51wxV9w1dc1cM9fcPeVauJaulXvaPe2ecc+4tq6te9a1d8+5Du5519G94Dq5F92L7iXXxXV13dzLrrt7xfVwPV2qS3W9XW/Xx/Vx/Vw/N8ANcAPdQDfIDXKD3WA31A11w9wwN9wNdyPcCDfKjXKj3Wg31o114914N9FNdJPcJDfZTXZT3BQ3zU1zM9wMN8vNcrPdbDfXzXXzUua5+W6+W+gWujSX5ha7xS7dpbulbqlb5pa5FW6FW+VWuTVujVvn1rkNboPb5Da5LW6L2+a2ue1uu9vpdrrdbrfb6/a6fW6f2+/2uwPugDvoDrpD7pA77L5xGe5bd8R95466790x94M77n50J9xJd8r95E67n90Zd9adc+fdBfeLu+guucvOu4mxd2OTYu/FJsfej02JTY1Ni02PzYjNjM2KfRCbHZsTmxv7MDYv9lFsfmxBbGFsUSwt9nFscWxJLD32SWxp7NPYstjy2IrYytiq2OqY9/m2R76AL+jj/hZfyN/qU3xhX8QX9c4X88X9bb6Ev92X9Hf4Uv5OX9rf5cv4sr6cf8I38o19E9/UN/NP+ub+Kd/Ct/St/NO+tX/Gt/FtfTv/rG/vn/Md/PO+o3/Bd/Iv+s7+Jd/Fd/Xd/Mu+u3/F9/A9farv5Xv7V30f39f38/39AP+aH+hf94P8G36wH+KH+jf9MP+WH+7f9iP8SD/Kv+NH+zF+rB/nx/sJfqJ/10/y7/nJ/n0/xU/10/x0P8PP9LP8B362n+Pn+g/9PP+Rn+8X+IV+kU/zH/vFfolP95/4pf5Tv8wv9yv8Sr/Kr/Zr/Fq/zq/3G/xGv8lv9lv8Vr/Nf+a3+x1+p9/ld/s9fq//3O/zX/j9/kt/wH/lD/q/+EP+a3/Yf+Mz/Lf+iP/OH/Xf+2P+B3/c/+hP+JP+lP/Jn/Y/+zP+rD/nz/sL/hd/0V/yl+V31oQQQggh/o/oPzje6x/8n/ptXdEbAK7fkTfj72tuyvXXfV+V3DoGAM/27Pzof6wqVVJTU3977TINQcEFABC7mp8FrsbLoRU8A+2gJZT4h/31VV0v8B/Uj98JkHi18q8S4e/r3/5f1H/y6VGLS0fnkv5J/QUAKQWv5mSDq/HV+iX/i/q5m/9B/9m+ngjQ4m9yssPV+Gr94vAUPAft/tMrhRBCCCGEEEKIv+qrynX8o+fnK8/nyeZqTla4Gv/R87kQQgghhBBCCCGuvRe6dmv7ZLt2LTvK5l/YVPyf0YZsZPOnba71TyYhhBBCCCHEn+3qTf+17kQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhMi8/n/8ObFrfY5CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHEtfa/AgAA//9OvTcs")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)

1m39.058357188s ago: executing program 8 (id=6410):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x38, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x1c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0x8}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x10}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4002001}, 0x2400400c)

1m36.949378624s ago: executing program 8 (id=6432):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

1m36.480349733s ago: executing program 8 (id=6439):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x4810, &(0x7f0000000380)={[{@sysvgroups}, {@max_batch_time}, {@noauto_da_alloc}, {@errors_remount}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@nolazytime}], [{@flag='async'}]}, 0x0, 0x4ec, &(0x7f0000000c40)="$eJzs3ElvHMUeAPB/j5fEL8mzX957QBbIQEBYIOLYWQ8cCAIpFyQkEApHYztRiJOg2EhJZBGzKEgcQPkEAW5IfAJOcEGAOIC4EsERIUXIBxw4oEE10zOMPTPe4iWxfz9pnKru6q6q7q64lmkHsGEV048sYmtE/BgR3ZXozATFyj+3piaG/piaGMqiVHrht6ycbnpq4sNq0upxW/JIbyGi8E4Wu5rkO3bp8pnB0dGRC5Xo2zfGC/mes4OnRk6NnBs4evTgga4jhwcOLUs9U5mmd75xfveO4y9fe27oxLVXvv40lbeU75+emhiaeUTPInNoa9hSjOLMa1nnkUWe/U63rS6ctaefhbUrDAuWntp0uzrK7b872sqxiu549q1aImDdKZVKpU0NW2sNfrJUL8sqBwDrRKZJwwa0ve43/vRUGqlODDWOg9e3m8eiPAJK9b6Vfyp72ssj2GJPZWzUsUL5/y8iTkz+eT19ouk8BADA8vr8WETp5987Ur+j+qnsKcQ9den+na8N9UTEfyIi9R3/m/df/h9RTntvRNxXd0zqUW6eJ//irHhj/+f7rjyQuqxLrmcrqf/3ZL62NbP/V1u/6GnLY9vK9e/ITp4eHdmfX5Pe6NiU4v2Np65Nq33xzA8ftMq/WNf/S5+Uf7UvmJfj1/ZZE3TDg+ODt1vvqptvli/slcb6Z9GeVUMROyJi5xLOn67Z6cc+2d1qf63+bXH9RKpnQ/3fb33y9iUUaJbSRxGPVu7/ZMyqf9KZh/rGz77WN3bp8hOn69cn+48cHjjUtzlGR/b3VZ+KRt98d/X5PNgwjJj//q+sdP//1fT5r61c9mT167Vji8/j6o13W45plvr8d2YvlsOd+baLg+PjF/ojOrPJxu0D/xx7cbBrRvpU/969zdv/9oi/qovbuyIiPcT3R8QDEbEnL/uDEfFQROydo/5fPf3wq62GkHfC/R9e1P1vFXjq24jmu9rOfPlZQ8bvFRdY/3T/D5ZDvfmW4cHx+X6txFwlrQ/c9gUEAACAu8CeiNgaWWFfPse5NQqFffsittRmUMbGHz95/vVzw5V3BHqio1Cd6equmw/tz+eGUzwdNVAXT/sPlOeNS6VSqSvF0/h9dNvaVh02vC0t2n/yi+/9w/q3qHW0Vm+0AXelpa+jL/8XMoDVtQzfowHuUto/bFwLbv8r9RYcsGaatf8rEbfWoCjAKmvW/l9ag3IAq8/4HzYu7R82Lu0fNqQFvSS/hMD247O31OWVta9Mpq0DhZj7rwD0RFS3VL/gOPcJfypELE8J25a1pl0z7mmhaZrNsRx5RWHeNO2L+EMMqxso3BnFqAQ2RcQ8T2/tYbtSDVxe6YKVG8HHa/u/EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO37OwAA//8GPdEz")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x1d4)
getdents64(r0, 0x0, 0x0)
getdents64(r0, 0xfffffffffffffffe, 0x29)

1m36.146162208s ago: executing program 8 (id=6443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x0, 0x25dfdbfd, {0x54}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r1, 0x1, 0x0, 0x25cfdbfc, {0x54}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40010)

1m35.899855117s ago: executing program 40 (id=6443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r1, 0x1, 0x0, 0x25dfdbfd, {0x54}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x8000)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r1, 0x1, 0x0, 0x25cfdbfc, {0x54}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40010)

52.408723447s ago: executing program 9 (id=7067):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r1 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r1, 0x505, 0x5000003a, r0, 0x0)

52.408422941s ago: executing program 0 (id=7068):
creat(&(0x7f0000000100)='./file0\x00', 0x3)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500), 0x0, 0x100000}}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b1"], 0x0}, 0x94)

52.347500589s ago: executing program 9 (id=7069):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYBLOB="100029bd7000ffdbdf250e000000340002800800080006040000060002004e200000080007000800000005000d0001000000080006"], 0x48}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e64000000001800028014"], 0x48}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

52.232332012s ago: executing program 9 (id=7070):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001e80)=@newlink={0x3c, 0x10, 0x1, 0x10, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x2008, 0x840}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_WINDOW={0x8, 0x5, 0x6}]}}}]}, 0x3c}}, 0x0)

52.124547045s ago: executing program 9 (id=7071):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x2c, &(0x7f00000002c0)=[@in6={0xa, 0x4e24, 0x78, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x2}, @in={0x2, 0x4e24, @loopback}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r1=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000b40)={r1, @in={{0x2, 0x4e21, @empty}}, 0x0, 0xb92}, 0x90)

51.980008388s ago: executing program 3 (id=7072):
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r1=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9c, '\x00', r1}, 0x50)

51.632563212s ago: executing program 0 (id=7074):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000700)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xae9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x4374, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x9b6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x89fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffff]}, 0x45c)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0x5501, 0x0)
writev(r0, &(0x7f0000000e00)=[{&(0x7f0000000100)="f723", 0x2}], 0x1)

51.632178049s ago: executing program 3 (id=7075):
r0 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x400826e, 0x40, 0x3, 0xf0})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/11, 0xb}], 0x1)
syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46)
io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1)

51.590911041s ago: executing program 3 (id=7077):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000600000000000000fcffffff180100002020752500000000002020207b1af8ff00000000bfa1000000000000070100000bffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18)
bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r1, 0x4)

51.538460672s ago: executing program 0 (id=7078):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7, 0x1, 0xff, 0x6}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r0, 0x8b32, &(0x7f0000000040))

51.537776644s ago: executing program 3 (id=7079):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

51.446696442s ago: executing program 0 (id=7081):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000080)=0x4, 0x4)

51.360486055s ago: executing program 3 (id=7083):
r0 = socket(0x2, 0x3, 0x67)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c)
sendto$unix(r0, &(0x7f0000000000)="e7e62001", 0x4, 0x4008000, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x7, 0xd0000e0}, 0x6e)

51.323099087s ago: executing program 0 (id=7084):
r0 = syz_io_uring_setup(0x64b2, &(0x7f0000002600)={0x0, 0xffffff7c, 0x13580, 0x3, 0x35c}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x6000, @fd=r0, 0xffffffffffffffff, 0xfffffffffffffab2, 0x8007, 0x5, 0x1})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000800)=[{&(0x7f00000005c0)=""/92, 0x5c}], 0x1)
io_uring_enter(r0, 0x54, 0x0, 0x0, 0x0, 0x0)

51.176865613s ago: executing program 9 (id=7085):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xecbd5a155ab96c04}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)

51.068720941s ago: executing program 3 (id=7086):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000100), 0x6)

50.884815856s ago: executing program 41 (id=7086):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000100), 0x6)

50.630801669s ago: executing program 9 (id=7088):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})

50.630071743s ago: executing program 42 (id=7088):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})

49.352737322s ago: executing program 0 (id=7090):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x40000000000000, &(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x1000001, @loopback, 0x5}, r1}}, 0x30)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r1}}, 0x18)

49.05380429s ago: executing program 43 (id=7090):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x40000000000000, &(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x1000001, @loopback, 0x5}, r1}}, 0x30)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r1}}, 0x18)

30.405194892s ago: executing program 2 (id=7273):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000e40))

30.136306869s ago: executing program 2 (id=7283):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000640)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@discard}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000dc0)={0x9, 0x1, 0x5, 0x7f})

29.907859226s ago: executing program 2 (id=7289):
r0 = shmget$private(0x0, 0x800000, 0x100, &(0x7f0000173000/0x800000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
mbind(&(0x7f000046d000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x6, 0x8b, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

29.75176025s ago: executing program 2 (id=7293):
r0 = syz_open_dev$dri(&(0x7f0000000480), 0xf2ef, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000100)="41c2b1af4b9e2afb08fbfa8795ae198eb98603501824b278e7af60824251a6b1334031aac5f7421d7ea02310f3f6dad9592da8773525688000a5f6a49c37b23832cc040c84e783080c453e1088ece52fc69e24c3e1ae2c1037d5ce4993609bee3f15bec55d55dc9e7628af08d52ef57f853e1e37981fbde83dcef7e62652a8134c50c7228bd9dd014e8fb12da0beba609df04014981d5b909c40d62f8520adf12fa8d1214304592069042f66a842d82d7d1066eb523222ddd454ffabbf8f42ff0ac2f20598b329547ab02665210da6927ec3b6dc80802b2349e5c1059214af03419fb04bbc4a0f147f8f170c960fd3cdae0e9ff5d5c8f431543fade614db2ed4297d74b4ccbe9a8cb22105ce48dbf2c00f8ad06f13416476", 0xfd29})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000240)="9f", 0x1})
close(r0)

29.59651861s ago: executing program 2 (id=7297):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file2\x00', 0x10, &(0x7f00000001c0)={[{@nolazytime}, {@fault_injection={'fault_injection', 0x3d, 0x4e6}}, {@fault_type={'fault_type', 0x3d, 0x7fff}}, {@grpjquota}, {@noflush_merge}, {@nocheckpoint_merge}, {@acl}, {@gc_merge}, {@compress_cache}, {@alloc_mode_def}, {@noinline_xattr}, {@background_gc_off}, {@checkpoint_diasble}]}, 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x20080, 0x51)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8})
fstat(r0, &(0x7f0000000100))

28.347257196s ago: executing program 2 (id=7323):
r0 = syz_io_uring_setup(0x3ac6, &(0x7f00000001c0)={0x0, 0x1, 0x10100, 0x4, 0x37a}, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x10}, 0x0, 0xe3d08660d3cd4684, 0xf8c5000cf0158dfe})
io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0)

13.253586311s ago: executing program 44 (id=7323):
r0 = syz_io_uring_setup(0x3ac6, &(0x7f00000001c0)={0x0, 0x1, 0x10100, 0x4, 0x37a}, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x10}, 0x0, 0xe3d08660d3cd4684, 0xf8c5000cf0158dfe})
io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0)

2.282631373s ago: executing program 4 (id=7649):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001300010027bd70000000000007000000", @ANYRES32=r1, @ANYBLOB="a2100400884101000c001a800800058004000280"], 0x2c}}, 0x0)

2.156592988s ago: executing program 4 (id=7652):
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close$binfmt(r0)
syz_clone3(&(0x7f0000000340)={0x200103000, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

2.122835824s ago: executing program 1 (id=7654):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_NESTED_STATE(r2, 0xc048aeca, &(0x7f0000000dc0)={{0x7, 0x0, 0x80, {0xf000, 0xeeee0000, 0x2}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606000000000000007fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc557aa5509defcb77c236e43b579c0000e5c8d8f8fa71ad876b96069f2e4352c8aa716e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0531d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f486e379601514219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fc0987c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b0700b1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1df5dcf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d5cbefd0b3406af2b3816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b90165a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7ba0ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f08e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be212d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa398b279048c7e31d07b125bac68deed34253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a5965f80d2f7c5c60a0dc04b40c2c93b9f922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c8abac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e543178502e59b927c7015436237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e694599766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})

1.937927805s ago: executing program 1 (id=7657):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newtaction={0x70, 0x30, 0x871a15abc695f30d, 0x9, 0x25dfdbfc, {}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0xff}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0xd, 0x7, 0x7f, 0x404}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x800}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.860353021s ago: executing program 4 (id=7658):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_EXPRESSIONS={0x4}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

1.82819005s ago: executing program 1 (id=7659):
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x4)

1.77043337s ago: executing program 4 (id=7660):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, 0x0}, 0x4004090)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a11800150006001400000000120800030043000040a8002b000a", 0x35}], 0x1}, 0x20000880)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

1.69077937s ago: executing program 5 (id=7661):
unshare(0x6020400)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000020000000000000000003f2900000000009afc"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@union={0x4, 0x0, 0x0, 0x5, 0x1, 0xffff6ebe}]}, {0x0, [0x30, 0x30, 0x30, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1, 0x3}, 0x28)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x58}, 0x10)

1.673238407s ago: executing program 1 (id=7662):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000500)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x4000054)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)

1.641115041s ago: executing program 5 (id=7663):
socket$tipc(0x1e, 0x2, 0x0)
r0 = io_uring_setup(0x13b5, &(0x7f0000000140)={0x0, 0x911c, 0x40, 0x3, 0x2fa})
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0x14, &(0x7f0000003480)={0x4, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0}, 0x2)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r0, 0x1e, &(0x7f0000000000)={r0}, 0x1)

1.62313507s ago: executing program 6 (id=7664):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000044d564b00000000fe"])

1.440679036s ago: executing program 4 (id=7665):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000140)={0x3, 0xb5, 0x0, 0x8009, &(0x7f0000001600)})

1.282818067s ago: executing program 5 (id=7666):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20902, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_TSC_KHZ_cpu(r2, 0xaea3)

1.22082653s ago: executing program 6 (id=7667):
r0 = fsopen(&(0x7f0000000140)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})
close_range(r1, 0xffffffffffffffff, 0x0)

1.106648616s ago: executing program 6 (id=7668):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x4fb, &(0x7f00000009c0)=<r0=>0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
io_submit(r0, 0x2, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x40, r1, &(0x7f0000000040)='B', 0x1, 0x4, 0x0, 0x997f18199400164}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xfffb, r1, 0x0, 0x0, 0xc}])

1.091331936s ago: executing program 1 (id=7669):
syz_mount_image$jfs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x4000, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0], 0x1, 0x5ee7, &(0x7f0000006580)="$eJzs3cuOHFcZB/CvL9NzSeJYEYqMxWLiQEgI8d2GcIvDggUsQEJZY2syiQwOINsgEll4Ii8QG+ARYJMNi7wCD5BnQDwAluyssiAUqplz7Jpyj3sGz3R1z/n9pHHVV6dr+pT/U1PdU1V9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIH/7gp2d6EXH5t2nB0YinYxDRj1iu69WoZy7lxw8j4lhsNsfzETFYjKjX3/zn2YjzEfHJkYh792+t1YvP7rIfF07fvP75j77/zz/8+c6xn7/9s4/a7T/5wrmP/3g74uiPX//489v7s+0AAABQiqqqql56m388vb/vd90pAGAq8vG/SvJytVqtVu9r/af+Xh7/9FNd91d9SOumarzbzSIiNprr1K8ZnI4HgDmzEZ913QU6JP+iDSPiqa47Acy0Xtcd4EDcu39rrZfy7TWPB6tb7fnvlNvy3+g9uL9jp+kk7WtMpvXzdScG8dwO/VmeUh9mSc6/387/8lb7KD3uoPOflp3yH23d+lScnP+gnX/Ltvz/EhFzm39/bP6lyvkP95L/xmCO93/5AwAAAABw+OW//x/t+Pzv4pNvyq487vzv6pT6AAAAAAAAAAD77UnH/3vA+H8AAAAws+r36rW/Hnm4bKfPYquXv9WLeKb1eKAwq40PBwQAAAAAAAAAAAAApmMYsZKu61+IiGdWVqqqqr+a2vVePen686707YeSdf1LHgAAtnxypHUvfy9iKSLeSp/1t7CyslJVS8sr1Uq1vJhfz44Wl6rlxvvaPK2XLY528YJ4OKrqb7bUWK9p0vvlSe3t71c/16ga7KJj09Fh4AAQEVtHo3uOSIdMVT0bXb/KYT7Y/w8f+z+70fXPKQAAAHDwqqqqeunjvI+nc/79rjsFAExFPv63zwuo1Wp1MfWnWwtnpj9q9QHWTdV4t5tFRGw016lfMxiOHwDmzEZ81nUX6JD8izaMiGNddwKYab2uO8CBuHf/1lov5dtrHg9Wt9rztSDb8t/oba6X1x83naR9jcm0fr7uxCCe26E/z0+pD7Mk599v5395qz0P8X/Q+U/LTvnX23m0g/50Lec/aOffcnjy74/Nv1Q5/+Ge8h/IHwAAAAAAZlj++/9R53/zJgMAAAAAAADA3Ll3/9Zavu81n///0pjH9Zpz7v88NHL+vV3n7/7fwyTn32/n37ogZ9CYv/vmw/w/vX9r7aOb//5ins58/guDUf3cC73+YJiu+akW3omrcS3W4/Qjjx9uaz/zSPvCtvazE9rPPdI+qtuXc/vJWItfxbV4+0H74oQLo5YmtFcT2nP+A/t/kXL+w8ZXnf9Kau+1prW7H/Yf2e+b03HPc+nv/3np0b1r+u7E4MG2NdXbd6KD/mz+nzw1it/cWL9+8ndXbt68fibSZNvSs5Em+yznv5C+cv4vv7jVnn/vN/fXux+O9pz/rLgTwx3zf7ExX2/vK1PuWxdy/qP0lfPPR6Dx+/8857/z/v9qB/0BAAAAAAAAAAAAAACAx6mqavMW0UsRcTHd/9PVvZkAwHTl43+V5OVqtVqtVqsPX91UjfdGs4iIfzTXqV8z/H7cNwMAZtl/I+JfXXeCzsi/YPnz/urpl7vuDDBVN97/4BdXrl1bv36j654AAAAAAAAAAP+vPP7namP8583rgFrjRm8b//XNWJ3b8T/7o8HmWOdpg16Ix4//fSIeP/73cMLzLUxoH01oX5zQvjShfeyNHg05/xdSxjn/42nDShr/9eUO+tO1nP+JNNZzzv+rrcc186/+Ns/597flf+rme78+deP9D167+t6Vd9ffXf/lmdMXz5+7cP7chQun3rl6bf301r8d9vhg5fzz2NeuAy1Lzj9nLv+y5Py/kmr5lyXn/1Kq5V+WnH9+vSf/suT883sf+Zcl5/9KquVflpz/11It/7Lk/F9NtfzLkvP/eqrlX5ac/2upln9Zcv4nUy3/suT8T6Va/mXJ+eczXPIvS84/X9kg/7Lk/M+mWv5lyfmfS7X8y5LzP59q+Zcl538h1fIvS87/YqrlX5ac/zdSLf+y5Py/mWr5lyXn/3qq5V+WnP+3Ui3/suT8v51q+Zcl5/+dVMu/LDn/76Za/mXJ+X8v1fIvS87/jVTLvywPP//fzJ5nVmajG2bM7P9M17+ZAAAAAAAAAAAAAIC2aVxO3PU2AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYW9e4uRq77vAH72Zq8NATfciQO2uRlY2F3fwCEGk4SUkl4oCWnTkhrHXhsnvtW7JoBQ2RTaEgWpSO0DfWiaRGkUqa1AVaSmEo2QGql9a54a8RK1Uh5cCSoHJZVSBTY6c/7/v2dmZ2fWa6/3zDmfD7J/3p0zM/85c2Z2vou+MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLONH536s4Esy/I/jb/WZdnF+b/XZLvzL2d3rPQKAQAAgHP1buPvv780fWP3Is7UtM2/Xfcf35mbm5vLPvfOqff+Ym4unbAhy4ZWZ1njtOjff/6zueZtguez0YHBpq8He1z9UI/Th3ucPtLj9FU9Tl/d4/TRHqfP2wHzrCl+H9O4sBsb/1xX7NLs8mykcdqNHc71/MDqwcH4u5yGgcZ55kYOZIeyw9lUNjHvPAON/7Ls9Y35dT2YxesabLqu9VmWnf7Js/viGgbCPr4xa7myhub77u37sw3v/OTZfd+aeeuaTrPnbpi30izbvClf5wtZdubXVdlAtjrtk7jOwaZ1ru+wzqGWdQ40zpf/u32dpxe5zni7R8M6f9BlnevD9566Icuy2WzBbdo9nw1ma9uuNe3v0eKIyC8jvyvfnw2f1XGycRHHSX6eH9/Qepy0H5Nx/28M+2R4gTU03x1vf2nVvP2+1OMkv9VlOFbzy344v9LR0eZfrbYcq/k2z9608DHQ8b7rcAykY7npGNjU6xgYXDXUOAYGz6x5U8sxMDnvPIPZQOO6Tt3U/RgYnzlyfHz66WfuOHRk78Gpg1NHJyd2bNu6fdvW7dvHDxw6PDVR/H12u7SPrM0G0zG4KTzXxGPwlrZtmw/Jua+fv8fBaEkeB/lt/9TN+YIuHswWOMbzbV7YfO6Pg/Rzv+lxMNz0OOj4nNrhcTC8iMdBvs3pzYv7mTnc9KfTGpbruXBd0zGwkj8P8+t87NaFnwvXh3W9eNvZ/jwcmncMxJs1EB57+XfS673Ru8N+mX9cXJufcNGq7OT01Ik7n9o7M3NiMgvjgris6b5qP17WNt2mbN7xMnjWx8vuv/vFzdd2+P66sK9Gb+9+X+XbbBvrfl81nt0778+W727JwjjPLvT+7PTTLN+fKUt02Z/5Ni/cce6vBVMuaXr+G+n1/Dc0Mlw8/w2lvTHS8vw3/64Zaqwsy07fsbjnv5Hw50I//11ekue/fF89dmf3YyDf5sXxsz0Ghrs+/90Q5kBYz60hMYw25f73GqfPFodp033Z87gZHh4Jx81wvMbW42brvPPkl5Zf9+aJpR03m29ova9aXrdU8LjJ99VfTnQ/bvJt3pg89+eONfGfTc8dq3odAyNDq/L1jqSDoHi+m1sTj4E7s33Zsexwtj+dJ7+X8+sa27K4Y2BV+HOhnzuuLskxkO+rV7Z0Pwbybb6/9fy+dtocvpO2aXrt1P77hYUy/7XDZy6vfbed78yfr/Nj27r/bijf5q1tZ5szuu+n28N3Luqwn9ofPwsd0/uzC7Ofrg7rPLy9+++m8m0u37HI42l3lmVvTr7Z+H1X+P3uP578z++0/N630++U35x886HxR354NusHAGDp3mv8PbuqeK3Z9H+sF/P//wEAAIC+EHP/YJiJ/A8AAACVEXP/UJiJ/A8AAACVEXP/cJhJTfL/E3fvfPXd57L0boBzQTw97oaH7y22ix3v2fD1hrkz8u9/5Jsjr375ucVd92CWZb946AMdt3/i3riuwvG4zg+1fn+eq69f1PU//uiZ7ZrfP+H0zuLy4+1Z7GEQu8qvj29pXO6Gpycb842HssZ8ZPbF54vLL76O25/aWmz/1+FNS3YfGGg5/+awnhvD3BDeU+bh3Wf2Qz7j+V5df92/XvbpM9cXzzew6ZLGzXzlj4rLje8R9fJlxfbxdi+0/n/5yrdfzbd/6qbO639usPP6T4XL/XGYP99VbN+8z7/ctP4/CeuP1xfPd+c3vtdx/a9dVWz/WjguvhZm+/rv//MPvtvp/orXs/ue4nzx+if+b1vjfPHy4uW3r3/0ucmW/dF++W+8U1zOrid/OtS8ffx+vJ7o8Xtaj++BcP+29MizLPv2n2Yt+zn7cHG+f25bf7y84/d0Xv/tbes8PnB94/xnbs+6ltv11b/d0vH2xvXs/od1Lbfn5QfC/ntn/Pv55Z56JByP4fT//0Fxee3vZfraA63PN3H7r60rHrfx8sbb1v9y2/pnr8/3Xe/1P/hOsf7X7lvdsv7dHw/H04PF7LX+g39zacv5v/6t4v448cWxo8emTx7a37RXmx/Hq0fXrL3o4vddcml4Lm3/es+xmSemTmyY2DCRZRv68C0Dl3v93wjzf4sxe/6vofDDnxbH3UufKH5u3fKz4uuXw/cfD/dn/Pn41b8aaTle2+/32fuKea7rvy2sY7Gu+sp/X7+oDU999vWT//THb7W/Loi35/gVo43b98rGKxunDbxRnN7+fNXLf13R+rj+0fBEY3437Ne58M7Mm64srq/98uN7k7z0yeLxG1/JxfNnbe8nsm6o9Xac6/p/FF7HfO/q1ue/eHx897m2d3Nelw3kS5gNzw/ZbHF63Cru75dOX9nx+uL78GSz15zNMhc0/fT0+OFDR08+NT4zNT0zPv30M3uOHDt5dGZP471L93y+1/nPPL7XNh7f+6d2bMsaj/ZjxVhmK73+44/u23/XxM37pw7sPXlg5tHjUycO7pue3je1f/rmvQcOTH2x1/kP7d81uWXn1ru2jB08tH/X3Tt3bt05dujosXwZxaJ62DHxhbGjJ/Y0zjK9a9vOye3bt02MHTm2f2rXXRMTYyd7nb/xs2ksP/eTYyemDu+dOXRkamz60DNTuyZ37tixpee7Px45fmB6w/iJk0fHT05PnRgvbsuGmca38599vc5PPUwfC893bQbCq/PP3L4jvT9u7ptfWvCiik1aX55mb4f3goo/33p9HXP/SJhJTfI/AAAA1EHM/eGN/8+cIP8DAABAZcTcvzrMRP4HAACAyoi5fzTMpCb5X/9f/1//X/9f/1//fznp/+v/d6P/r//fz+vX/9f/p7ey9f9j7l+TZbXM/wAAAFAHMfevDTOR/wEAAKAyYu6/KMxE/gcAAIDKiLn/4jCTeuT/kfZ/6v/r/+v/N/f/47b6/5n+v/7/Eun/6/93o/+v/9/P6y9h/3+N/j9lU7b+f8z97wszqUf+BwAAgFqIuf+SMBP5HwAAACoj5v5Lw0zkfwAAAKiMmPvXhZnUJP/7/H/9f/1/n/+v/6//v5z0//X/u9H/1//v5/WXsP/v8/8pnbL1/2Pu/5Uwk5rkfwAAAKiDmPvfH2Yi/wMAAEBlxNx/WZiJ/A8AAACVEXP/5WEmNcn/+v/6//r/+v/6//r/y0n/vw/6/526lvr/i6L/r/+v/6//T3dl6//H3H9FmElN8j8AAADUQcz9V4aZyP8AAABQGTH3XxVmIv8DAABAZcTcf3WYSU3yv/6//r/+v/6//r/+/3LS/++D/n8n+v+Lov+v/6//r/9Pd2Xr/8fcf02YSU3yPwAAANRBzP3XhpnI/wAAAFAZMfd/IMxE/gcAAIDKiLl/fZhJTfK//r/+v/5/tfr/g/r/+v8l01/9/8EFT9H/L+j/t9L/1//X/9f/p7uy9f9j7v9gmElN8j8AAADUQcz914WZyP8AAABQGTH3Xx9mIv8DAABAZcTcvyHMpCb5X/9f/1//v1r9f5//r/9fNv3V/1+Y/n9B/7+V/r/+v/6//j/dla3/H3P/xjCTmuR/AAAAqIOY+zeFmcj/AAAAUBkx998QZiL/AwAAQGXE3H9jmElN8r/+v/6//r/+v/6//v9y0v/X/+9G/1//v5/Xr/+/uP7/ql4XRKWVrf8fc/9NYSY1yf8AAABQBzH33xxmIv8DAABAZcTcf0uYifwPAAAAlRFz/+Ywk5rkf/1//X/9f/1//X/9/+Wk/7/o/v+apaxL/7+g/780K92f7/f16//7/H96K1v/P+b+W8NMapL/AQAAoA5i7r8tzET+BwAAgMqIuf/2MBP5HwAAACoj5v6xMJOa5H/9f/1//X/9f/1//f/lVNX+f3oe9fn/+v/6//r/+v/6/yyobP3/mPvvCDOpSf4HAACAOoi5/84wE/kfAAAAKiPm/vEwE/kfAAAAKiPm/okwk5rk/9T//x/9/0z/X/9f/1//X///vKtq/38ZPv9/SevX/y/o/y/NSvfn+339+v/6//RWtv5/zP2TYSY1yf8AAABQBzH3bwkzkf8BAACgMmLu3xpmIv8DAABAZcTcvy3MpCb53+f/6//r/+v/6//r/y8n/X/9/270//X/+3n9+v/6/7Qa7PC9svX/Y+7fHmZSk/wPAAAAdRBz/44wE/kfAAAAKiPm/rvCTOR/AAAAqIyY++8OM6lJ/tf/1//X/9f/L2//v/X69f/1/zvR/9f/z/T/l2yl+/P9vn79f/1/eju//f9Lz7n/H3P/zjCTmuR/AAAAqIOY+z8UZiL/AwAAQGXE3H9PmIn8DwAAAH2l0+cQRjH3fzjMpCb5X/+/6v3/udX6//r//dv/b92f+v/6/53o/+v/Z/r/S7bS/fl+X7/+v/4/vZ3f/v+8l6dn3f+PuX9XmElN8j8AAADUQcz994aZyP8AAABQGTH33xdmIv8DAABAZcTcvzvMpCb5X/+/6v3/8n3+/0Cm/6//X9D/1/8/H/T/9f8z/f8lW2p/Prxs0f8vUf8/P4b0/ymjsvX/Y+6/P8ykJvkfAAAA6iDm/o+Emcj/AAAAUBkx9380zET+BwAAgMqIuf9jYSY1yf/6//r/Pv9f/1//X/9/Oen/6/93o//fn/3/SP+/PP1/n/9PWZWt/x9z/wNhJjXJ/wAAAFAHMfd/PMxE/gcAAIDKiLn/V8NM5H8AAACojJj7HwwzqUn+1//X/9f/1//X/9f/X076//r/3ej/6//38/r1//X/6a1s/f+Y+38tzKQm+R8AAADqIOb+h8JM5H8AAACojJj7PxFmIv8DAABAZcTc/+thJjXJ//r/F6b/P5guX/9f/1//X/9f//980v/X/8/0/5dspfvz/b5+/X/9f3orW/8/5v7fCDOpSf4HAACAOoi5/zfDTOR/AAAAqIyY+38rzET+BwAAgMqIuf/hMJOa5H/9f5//r/+v/1/a/v9w6/7U/9f/70T/X/8/0/9fspXuz/f7+vX/9f/prWz9/5j7fzvMpCb5HwAAAOog5v5HwkzkfwAAAKiMmPs/GWYi/wMAAEBlxNz/qTCTmuR//X/9f/1//f/S9v/b9qf+v/5/J/r/+v+Z/v+SrXR/vt/Xr/+v/09vZev/x9z/aJhJTfI/AAAA1EHM/Z8OM5H/AQAAoDJi7v+dMBP5HwAAACoj5v7fDTOpSf7X/9f/1//X/9f/1/9fTvr/8/v/+XPYSvb/Vy1mQ/3/RdH/1//X/9f/p7uy9f9j7v9MmElN8j8AAADUQcz9vxdmIv8DAABAZcTc//thJvI/AAAAVEbM/Y+FmdQk/+v/6//r/+v/6//r/y8n/X+f/9+N/r/+fz+vX/9f/5/eytb/j7n/s2EmNcn/AAAAUAcx9/9BmIn8DwAAAJURc/+eMBP5HwAAACoj5v7Hw0xqkv/1//X/9f/1//X/9f+Xk/6//n83+v/6//28fv1//X96K1v/P+b+vWEmNcn/AAAAUAcx938uzET+BwAAgMqIuX9fmIn8DwAAAJURc//+MJOa5H/9f/1//X/9f/1//f/lpP+v/9+N/r/+fz+vX/9f/5/eytb/j7l/KsykJvkfAAAA6iDm/gNhJvI/AAAAVEbM/QfDTOR/AAAAqIyY+58IM6lJ/tf/1//X/9f/1//X/19O+v/6/93o/+v/9/P69f/1/+mtbP3/mPsPhZnUJP8DAABAHcTc//kwE/kfAAAAKiPm/i+Emcj/AAAAUBkx9x8OM6lJ/tf/1//X/69g/39Y/z/T/y8N/X/9/270//X/+3n9+v/6//RWjv7/bPo65v4jYSY1yf8AAABQBzH3Hw0zkf8BAACgMmLuPxZmIv8DAABAZcTcfzzMpCb5X/9f/1//v4L9f5//36D/Xw76//r/3ej/6//38/r1//X/6a0c/f8zX8fc/4dhJjXJ/wAAAFAHMfefCDOR/wEAAKAyYu6fDjOR/wEAAKAyYu6fCTOpSf7X/9f/1//X/9f/1/9fTvr/+v/d6P/r//fz+vX/9f/prWz9/5j7T4aZ1CT/AwAAQB3E3P9kmIn8DwAA/JK9+8zR5Kz6OPzMa70YhBBrYQUsgTXwhS2QczQ555yTyTnnnHPOGQwmg0Eywn3OGfD0VPWMn6Lvus91fTmyMcytaWnQX9ZPBUwjd/894xb7HwAAAKaRu/9ecUuT/a//1//r/4fp/086P/2//l//f0X0//r/g/7/qp13P7/39+v/9f+sG63/z91/77ilyf4HAACADnL33ydusf8BAABgGrn77xu32P8AAAAwjdz994tbmux//b/+X/8/TP/v+//5c52x/79w8ZfV/x+X/l//f9D/X7Xz7uf3/n79v/6fdaP1/7n77x+3NNn/AAAA0EHu/gfELfY/AAAATCN3/wPjFvsfAAAAppG7/0FxS5P9r//X/+v/9f/6f9//35L+X/+/RP+v/9/z+/X/+n/Wjdb/5+5/cNzSZP8DAABAB7n7HxK32P8AAAAwjdz9D41b7H8AAACYRu7+h8UtTfa//l//r//X/+v/9f9b0v/r/5fo//X/e36//l//z7rR+v/c/Q+PW5rsfwAAAOggd/8j4hb7HwAAAKaRu/+RcYv9DwAAANPI3f+ouKXJ/tf/6//1//p//b/+f0v6f/3/Ev2//n/P75+3/79e/8/RbN7/3+26W+5Z+//c/dfFLU32PwAAAHSQu//RcYv9DwAAANPI3f+YuMX+BwAAgGnk7n9s3NJk/5/S/19z0P837f9vvqD/1/+P2f/fFH/K6P/1/5fS/+v/D/r/q3b5fv5svxP6/1n7f9//53g27/9Xev9b/3Xu/sfFLU32PwAAAHSQu//xcYv9DwAAANPI3f+EuMX+BwAAgGnk7n9i3NJk//v+v/7/mN//z/9d/f8J/b/v/+v/9f/6/2Ub9v/3yN/MM/T/tzvo/33//8j9/13P8H79Px2M1v/n7n9S3NJk/wMAAEAHufufHLfY/wAAADCN3P1PiVvsfwAAAJhG7v6nxi1N9r/+X/9/zP6/zff/73Dy39f///d79P/6/9Po//X/S3z/X/+/5/f7/r/+n3Wj9f+5+58WtzTZ/wAAANBB7v6nxy32PwAAAEwjd/8z4hb7HwAAAKaRu/+ZcUuT/a//1//r/33//zb1/9fo//X/y/T/+v8l+n/9/57fr//X/7NutP4/d/+z4pYm+x8AAAA6yN3/7LjF/gcAAIBp5O5/Ttxi/wMAAMA0cvc/N25psv/1//p//b/+3/f/9f9b0v9P1/9f0P9fpP/X/+v/9f8sG63/z93/vLilyf4HAACADnL3Pz9usf8BAABgGrn7XxC32P8AAAAwjdz9L4xbmux//b/+X/+v/9f/6/+3pP+frv/3/f//oP/X/+v/9f8sG63/z93/orilyf4HAACADnL3vzhusf8BAABgGrn7XxK32P8AAAAwjdz9L41bmux//b/+X/+v/9f/6/+3pP/X/y+Zuv+/9R9uh7P3/7e/zK+n/x/r/cfp//Onr/9nTqP1/7n7Xxa3NNn/AAAA0EHu/pfHLfY/AAAATCN3/yviFvsfAAAAppG7/5VxS5P9f7n+/8Y7nvzn+v+z0f+f/n79v/5f/6//1//r/5dM3f/7/v9R3jjy+33/X//PutH6/9z9r4pbmux/AAAA6CB3/6vjFvsfAAAAppG7/zVxi/0PAAAA08jd/9q4pcn+9/1//b/+X/+v/9f/b0n/r/9fsqP+/9rT/qb+X/+v/9f/s2y0/j93//VxS5P9DwAAAB3k7n9d3GL/AwAAwDRy978+brH/AQAAYBq5+98QtzTZ//p//f+59///p/9P+v/4uer/9f9XQP+v/z/4/v9VO+9+fu/v1//r/1k3Wv+fu/+NcUuT/Q8AAAAd5O5/U9xi/wMAAMA0cve/OW6x/wEAAGAaufvfErc02f/6f/3/uff/vv9f9P/xc9X/6/+vgP5f/3/Q/1+18+7n9/5+/b/+n3Wj9f+5+98atzTZ/wAAANBB7v63xS32PwAAAEwjd//b4xb7HwAAAKaRu/8dcUuT/a//1//r//X/+n/9/5b0//r/Jfp//f+e36//1/+zbrT+P3f/O+OWJvsfAAAAOsjd/664xf4HAACAaeTuf3fcYv8DAADANHL3vyduabL/9f977//vfkO8QP+v/9f/6/+HpP/X/y/R/+v/9/x+/b/+n3Wj9f+5+98btzTZ/wAAANBB7v73xS32PwAAAEwjd//74xb7HwAAAKaRu/8DcUuT/d+j////S/6xefp/3//X/+v/9f9j0//r/5fo//X/e36//l//z7rR+v/c/R+MW5rsfwAAAOggd/+H4hb7HwAAAKaRu//DcYv9DwAAANPI3f+RuKXJ/u/R/19K/3/i6P3/zXfW/+v/i/5f/3/Q/+v/V+j/9f97fv/U/f+Fg/6foxit/8/d/9G4pcn+BwAAgA5y938sbrH/AQAAYAa3jP3c/R+/+LdO2P8AAAAwjdz9n4gb7nKn83vS/5T+X//v+//6f/2//n9L+n/9/xL9v/5/z++fuv/3/X+OZLT+P3f/J+MW//4fAAAAppG7/1Nxi/0PAAAA08jd/+m4xf4HAACAaeTu/0zc0mT/6//1//p//b/+X/+/Jf2//n+J/l//v+f36//1/6wbrf/P3f/ZuKXJ/gcAAIAOcvd/Lm6x/wEAAGAaufs/H7fY/wAAADCN3P1fiFua7H/9v/5f/6//1//r/7ek/9f/L9H/6//3/H79v/6fdaP1/7n7vxi3NNn/AAAA0EHu/i/FLfY/AAAATCN3/5fjFvsfAAAAppG7/ytxS5P9r//X/+v/9f/6f/3/lvT/+v8l+n/9/57fr//X/7NutP4/d/9X45Ym+x8AAAA6yN3/tbjF/gcAAIBp5O7/etxi/wMAAMA0cvd/I25psv9n7v+X/jH9/wn9v/7/oP/X/29M/6//X6L/1//v+f36f/0/60br/3P3fzNuabL/AQAAoIPc/d+KW+x/AAAAmEbu/m/HLfY/AAAATCN3/3filib7f+b+f4n+/4T+X/9/0P/r/zem/9f/L9H/6//3/H79v/6fdaP1/7n7vxu3NNn/AAAA0EHu/u/FLfY/AAAATCN3//fjFvsfAAAAppG7/wdxS5P9r//X/+v/9f/6/w37//wL/b/+X/9/Kv2//n/P79f/6/9ZN1r/n7v/h3FLk/0PAAAAHeTu/1HcYv8DAADANHL3/zhusf8BAABgGrn7fxK3NNn/+n/9v/5f/6//9/3/Len/9f9L9P/6/z2/X/+v/2fdaP1/7v6fxi1N9j8AAAB0kLv/Z3GL/Q8AAADTyN3/87jF/gcAAIBp5O7/RdzSZP/fpv7/Wv1/0v+f/n79v/5f/6//b9v///v/VvX/q/T/+v89v1//r/9n3Wj9f+7+X8YtTfY/AAAAdJC7/1dxi/0PAAAA08jd/+u4xf4HAACAaeTu/03c0mT/+/6//l//r//X/+v/t9S2//f9/zPR/+v/9/x+/b/+n3Wj9f+5+2+IW5rsfwAAAOggd/9v4xb7HwAAAKaRu/93cYv9DwAAANPI3X9j3NJk/+v/9f9T9v/X6v/1//r/Uej/9f9L9P/6/z2/X/+v/2fdaP1/7v7fxy1N9j8AAAB0kLv/D3GL/Q8AAADTyN3/x7jF/gcAAIBp5O7/U9zSZP/r//X/U/b/vv+v/9f/D0P/r/9fov/X/+/5/fp//T/rRuv/c/f/OW5psv8BAACgg9z9f4lb7H8AAACYRu7+v8Yt9j8AAABMI3f/3+KWJvtf/6//1//r//X/+v8t6f/1/0v0//r/Pb9f/6//Z91o/X/u/r/HLU32PwAAAHSQu/+muMX+BwAAgGnk7v9H3GL/AwAAwDRy9/8zbmmy//X/+n/9v/5f/6//35L+X/+/RP+v/9/z+/X/+n/Wjdb/5+7/VwAAAP//byMklQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)

930.59923ms ago: executing program 5 (id=7671):
capset(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2a8000, 0x0, 0x3ff})
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x4, 0x10000000, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8)

803.55309ms ago: executing program 5 (id=7672):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f0000000300)=""/69, 0x45}, {&(0x7f0000000380)=""/182, 0xb6}], 0x3)
r1 = gettid()
rt_sigqueueinfo(r1, 0x21, &(0x7f00000002c0)={0x1f, 0x0, 0x1})

692.370653ms ago: executing program 6 (id=7673):
r0 = socket$packet(0x11, 0x3, 0x300)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x0, 0x8001, 0x0, 0x9, 0x0, 0xfffffdfffffffffe, 0x5, 0xffffffff}, 0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0xfea8, 0x1)

680.744761ms ago: executing program 7 (id=7674):
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r0 = syz_io_uring_setup(0x231, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)

602.491355ms ago: executing program 5 (id=7675):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic', 0x3)

573.252517ms ago: executing program 7 (id=7676):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000140)=@abs={0x1}, 0x6e)

444.573855ms ago: executing program 7 (id=7677):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000080)=@ethtool_per_queue_op={0x4b, 0x1, [0x878c, 0x5, 0x10000, 0xd955, 0x762, 0x3, 0x3, 0x10000, 0xa1, 0xfffffffc, 0x8f1, 0xf, 0x3ff, 0x4800, 0x4, 0x8, 0x2, 0x6, 0xc05f, 0x3, 0x7, 0x7, 0x9, 0x5, 0x2, 0xb0, 0x0, 0x6, 0x200, 0x80000000, 0x3, 0x3, 0x1, 0x2, 0x3, 0x5, 0x1c8, 0xfffffffa, 0xfffffffa, 0x3, 0x1ff, 0x7, 0x3, 0x5ff6, 0x100, 0x3, 0x1, 0xd, 0x7, 0x3, 0x5dc3, 0x0, 0x10, 0xfffffffb, 0x40, 0x0, 0x16db, 0xf, 0x1, 0x3d, 0x7f, 0x1, 0x0, 0x8000, 0x3, 0x9, 0x5b44, 0x80, 0x3, 0xe96, 0xffff, 0x3, 0xa, 0x216d, 0x3ff, 0x91, 0x2, 0x2, 0x2, 0x3, 0x9, 0x6, 0x6, 0xc30f, 0xd740, 0xe648, 0x2, 0x6, 0x400, 0x9, 0x89f, 0x9, 0x6c2, 0x8, 0x5, 0x5, 0x101, 0x8, 0x9, 0x6, 0xfffffff8, 0x9, 0x2, 0x4, 0x8, 0x0, 0x3, 0x5f, 0x3, 0xc0, 0xffffff33, 0x3, 0x80, 0x80000001, 0x6, 0x1e42, 0x0, 0x8000, 0x5, 0x81, 0xddda, 0x0, 0x1000, 0x4, 0x7, 0x1, 0x7, 0x3]}})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'vlan0\x00', 0x0})

390.633016ms ago: executing program 7 (id=7678):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4)

279.001119ms ago: executing program 7 (id=7679):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0xfdbd, 0x10000}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)

206.83814ms ago: executing program 6 (id=7680):
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x10, 0x3a, 0xff, @local, @loopback, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x2d, 0x6, 0x999, 0x5932}}}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

203.530436ms ago: executing program 4 (id=7681):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000140)={0x1, 0x0, [{0xd, 0x3482, 0x800, 0x10001, 0x1}]})

188.331715ms ago: executing program 7 (id=7682):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000280)=0x3, 0x4)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000000c0), 0x4)

1.174324ms ago: executing program 6 (id=7683):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000fbffffff0000000004000000850000003600000018010000208d6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000100850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

0s ago: executing program 1 (id=7684):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

kernel console output (not intermixed with test programs):

ts going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  529.648392][T21857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  529.806427][T19916] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  529.890580][T22012] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  529.925694][T22012] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  530.005237][T19916] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.045725][T21857] hsr_slave_0: entered promiscuous mode
[  530.062360][T21857] hsr_slave_1: entered promiscuous mode
[  530.089282][T19339] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  530.108531][T19339] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  530.117801][T19339] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  530.133844][T19339] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  530.141573][T19339] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  530.204713][T19916] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.526532][ T5864] Bluetooth: hci2: command tx timeout
[  530.535244][T19916] bridge_slave_1: left allmulticast mode
[  530.541036][T19916] bridge_slave_1: left promiscuous mode
[  530.548017][T19916] bridge0: port 2(bridge_slave_1) entered disabled state
[  530.559421][T19916] bridge_slave_0: left allmulticast mode
[  530.565096][T19916] bridge_slave_0: left promiscuous mode
[  530.571421][T19916] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.980781][T19916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  530.991780][T19916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  531.002208][T19916] bond0 (unregistering): Released all slaves
[  531.189045][T22017] chnl_net:caif_netlink_parms(): no params data found
[  531.344430][T19916] hsr_slave_0: left promiscuous mode
[  531.376801][T19916] hsr_slave_1: left promiscuous mode
[  531.383022][T19916] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  531.404600][T19916] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.417115][T19916] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  531.424510][T19916] batman_adv: batadv0: Removing interface: batadv_slave_1
[  531.464548][T19916] veth1_macvtap: left promiscuous mode
[  531.486536][T19916] veth0_macvtap: left promiscuous mode
[  531.492249][T19916] veth1_vlan: left promiscuous mode
[  531.500031][T19916] veth0_vlan: left promiscuous mode
[  531.672678][   T30] audit: type=1326 audit(2000000098.690:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22059 comm="syz.9.6466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  531.697853][   T30] audit: type=1326 audit(2000000098.710:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22059 comm="syz.9.6466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  531.743272][   T30] audit: type=1326 audit(2000000098.710:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22059 comm="syz.9.6466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  531.795328][   T30] audit: type=1326 audit(2000000098.710:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22059 comm="syz.9.6466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  532.200131][ T5864] Bluetooth: hci0: command tx timeout
[  532.285175][T22066] loop9: detected capacity change from 0 to 32768
[  532.293827][T22066] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.6469 (22066)
[  532.334995][T22066] BTRFS info (device loop9): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  532.372945][T22066] BTRFS info (device loop9): using blake2b (blake2b-256-generic) checksum algorithm
[  532.424857][T19916] team0 (unregistering): Port device team_slave_1 removed
[  532.502829][T22066] BTRFS info (device loop9): enabling ssd optimizations
[  532.511877][T22066] BTRFS info (device loop9): enabling free space tree
[  532.512497][T19916] team0 (unregistering): Port device team_slave_0 removed
[  532.600336][ T5864] Bluetooth: hci2: command tx timeout
[  532.616096][T13328] BTRFS info (device loop9): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  533.012270][T22086] loop4: detected capacity change from 0 to 8
[  533.510550][T22017] bridge0: port 1(bridge_slave_0) entered blocking state
[  533.514951][T22100] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6477'.
[  533.520506][T22017] bridge0: port 1(bridge_slave_0) entered disabled state
[  533.534220][T22017] bridge_slave_0: entered allmulticast mode
[  533.543727][T22017] bridge_slave_0: entered promiscuous mode
[  533.552717][T22017] bridge0: port 2(bridge_slave_1) entered blocking state
[  533.560555][T22017] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.567908][T22017] bridge_slave_1: entered allmulticast mode
[  533.575869][T22017] bridge_slave_1: entered promiscuous mode
[  533.629180][T22100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6477'.
[  533.671737][T22102] loop4: detected capacity change from 0 to 2048
[  533.739006][T22102]  loop4: p1 < > p3
[  533.744475][T22102] loop4: p3 size 134217728 extends beyond EOD, truncated
[  533.757417][T22017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  533.789996][T22017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  533.869108][T21857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  533.885533][T22017] team0: Port device team_slave_0 added
[  533.892234][T21857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  533.919427][T22017] team0: Port device team_slave_1 added
[  533.926964][T21857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  534.008806][T21857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  534.029155][T22017] batman_adv: batadv0: Adding interface: batadv_slave_0
[  534.036177][T22017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  534.065799][T22017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  534.078918][T22017] batman_adv: batadv0: Adding interface: batadv_slave_1
[  534.085877][T22017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  534.123153][T22017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.142314][T22119] loop4: detected capacity change from 0 to 2048
[  534.158878][T22119] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  534.203219][T22129] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  534.220955][   T30] audit: type=1800 audit(2000000101.240:196): pid=22119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6485" name="file1" dev="loop4" ino=15 res=0 errno=0
[  534.277051][ T5864] Bluetooth: hci0: command tx timeout
[  534.285168][T22017] hsr_slave_0: entered promiscuous mode
[  534.293335][T22017] hsr_slave_1: entered promiscuous mode
[  534.301992][T22017] debugfs: 'hsr0' already exists in 'hsr'
[  534.307944][T22017] Cannot create hsr debugfs directory
[  534.546953][T21857] 8021q: adding VLAN 0 to HW filter on device bond0
[  534.575298][T21857] 8021q: adding VLAN 0 to HW filter on device team0
[  534.621373][T19913] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.628567][T19913] bridge0: port 1(bridge_slave_0) entered forwarding state
[  534.653407][T19913] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.660620][T19913] bridge0: port 2(bridge_slave_1) entered forwarding state
[  534.953829][T22017] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  534.983428][T22017] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  535.000690][T22017] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  535.065538][T22017] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  535.095699][T22150] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6494'.
[  535.108420][T21857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  535.187442][T22158] syzkaller1: tun_chr_ioctl cmd 35111
[  535.255265][T21857] veth0_vlan: entered promiscuous mode
[  535.282908][T21857] veth1_vlan: entered promiscuous mode
[  535.331369][T22017] 8021q: adding VLAN 0 to HW filter on device bond0
[  535.379885][T21857] veth0_macvtap: entered promiscuous mode
[  535.405568][T22017] 8021q: adding VLAN 0 to HW filter on device team0
[  535.437083][T21857] veth1_macvtap: entered promiscuous mode
[  535.471395][ T1122] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.478623][ T1122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  535.505389][T19913] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.512582][T19913] bridge0: port 2(bridge_slave_1) entered forwarding state
[  535.540377][T21857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  535.562732][T21857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  535.603595][T19913] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  535.616422][T19913] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  535.635680][T19913] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  535.648418][T19913] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  535.789246][T19913] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  535.805224][T19913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  535.849765][T19913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  535.859336][T19913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  536.098675][T22017] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.202203][T22017] veth0_vlan: entered promiscuous mode
[  536.210346][T22185] loop0: detected capacity change from 0 to 64
[  536.218808][T22172] loop9: detected capacity change from 0 to 32768
[  536.220479][T22017] veth1_vlan: entered promiscuous mode
[  536.271929][T22017] veth0_macvtap: entered promiscuous mode
[  536.288656][T22017] veth1_macvtap: entered promiscuous mode
[  536.334215][T22017] batman_adv: batadv0: Interface activated: batadv_slave_0
[  536.356261][T22017] batman_adv: batadv0: Interface activated: batadv_slave_1
[  536.364538][ T5864] Bluetooth: hci0: command tx timeout
[  536.366285][T22172] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  536.396541][T22172]   allowing incompatible features above 0.0: (unknown version)
[  536.406152][T19913] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.415245][T22172]   features: lz4
[  536.419998][T22172] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0
[  536.430735][T22172] bcachefs (loop9): initializing new filesystem
[  536.450930][T19913] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.460741][T22172] bcachefs (loop9): going read-write
[  536.479731][T19913] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.502350][T19913] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.519576][T22172] bcachefs (loop9): marking superblocks
[  536.625343][T22172] bcachefs (loop9): initializing freespace
[  536.673384][T22172] bcachefs (loop9): done initializing freespace
[  536.691307][T22172] bcachefs (loop9): reading snapshots table
[  536.723418][T19920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  536.728419][T22172] bcachefs (loop9): reading snapshots done
[  536.747468][T22206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6510'.
[  536.749090][T19920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  536.822339][T22172] bcachefs (loop9): done starting filesystem
[  536.831022][T19920] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  536.860040][T19920] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  537.100639][T13328] bcachefs (loop9): shutting down
[  537.106041][T13328] bcachefs (loop9): going read-only
[  537.116531][T13328] bcachefs (loop9): finished waiting for writes to stop
[  537.132347][T13328] bcachefs (loop9): flushing journal and stopping allocators, journal seq 3
[  537.223682][T13328] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 4
[  537.263644][T22207] loop0: detected capacity change from 0 to 32768
[  537.273286][T22207] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.6509 (22207)
[  537.286663][T13328] bcachefs (loop9): clean shutdown complete, journal seq 5
[  537.294813][T13328] bcachefs (loop9): marking filesystem clean
[  537.325525][T22207] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  537.378331][T22207] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  537.455584][T13328] bcachefs (loop9): shutdown complete
[  537.615071][T22240] sp0: Synchronizing with TNC
[  537.622960][T22207] BTRFS info (device loop0): enabling ssd optimizations
[  537.631130][T22207] BTRFS info (device loop0): enabling free space tree
[  537.640947][T22207] BTRFS info (device loop0): use zstd compression, level 3
[  537.697410][T22240] Falling back ldisc for ttyS3.
[  537.728477][T21857] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  537.849123][T22217] loop4: detected capacity change from 0 to 32768
[  537.896570][T22217] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.6515 (22217)
[  537.966577][T22217] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  537.996479][T22217] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  538.177631][T22217] BTRFS info (device loop4): enabling ssd optimizations
[  538.194941][T22217] BTRFS info (device loop4): enabling free space tree
[  538.216008][T22217] BTRFS info (device loop4): use lzo compression, level 1
[  538.256286][   T30] audit: type=1800 audit(2000000105.270:197): pid=22217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6515" name="file1" dev="loop4" ino=260 res=0 errno=0
[  538.381504][T16160] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  538.438820][T19339] Bluetooth: hci0: command tx timeout
[  538.481187][T22263] loop0: detected capacity change from 0 to 32768
[  538.508661][T22263] (syz.0.6520,22263,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  538.535142][T22263] (syz.0.6520,22263,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  538.578792][T22263] (syz.0.6520,22263,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  538.611205][T22263] JBD2: Ignoring recovery information on journal
[  538.700390][T22263] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  538.872400][T21857] ocfs2: Unmounting device (7,0) on (node local)
[  539.824237][T22294] loop4: detected capacity change from 0 to 32768
[  539.883591][T22294] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  539.975997][T22304] loop0: detected capacity change from 0 to 32768
[  540.035437][T16160] ocfs2: Unmounting device (7,4) on (node local)
[  540.114307][T22304] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=ask,norecovery,nojournal_transaction_names
[  540.114347][T22304]   allowing incompatible features above 0.0: (unknown version)
[  540.114360][T22304]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  540.154689][T22304] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  540.163264][T22304] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  540.172004][T22304] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  540.172004][T22304]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  540.213286][T22304] bcachefs (loop0): invalid bkey in btree_node btree=alloc level=0: u64s 12 type alloc_v4 0:34:524288 len 0 ver 0: 
[  540.213347][T22304]     gen 253 oldest_gen 0 data_type free
[  540.213360][T22304]     journal_seq_nonempty 5
[  540.213371][T22304]     journal_seq_empty    134217728
[  540.213381][T22304]     need_discard         1
[  540.213392][T22304]     need_inc_gen         1
[  540.213402][T22304]     dirty_sectors        0
[  540.213413][T22304]     stripe_sectors       1769482
[  540.213424][T22304]     cached_sectors       0
[  540.213434][T22304]     stripe               0
[  540.213445][T22304]     stripe_redundancy    0
[  540.213455][T22304]     io_time[READ]        1
[  540.213466][T22304]     io_time[WRITE]       512
[  540.213477][T22304]     fragmentation     0
[  540.213487][T22304]     bp_start          7
[  540.213497][T22304]   
[  540.213506][T22304]   nonzero snapshot, deleting
[  540.297860][T22324] loop4: detected capacity change from 0 to 8
[  540.302977][T22304] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  540.327271][T22304] bcachefs (loop0): btree node read error at btree lru level 0/0
[  540.327336][T22304]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 0:196608:0 durability: 1 ptr: 0:28:0 gen 0
[  540.327352][T22304]   loop0 node offset 0/16: incorrect min_key: got POS_MIN should be 0:196608:0
[  540.327364][T22304]   loop0 btree validate error
[  540.327384][T22304]   flagging btree lru lost data
[  540.327394][T22304]   ret btree_node_read_err_bad_node
[  540.353327][    T9] usb 10-1: new full-speed USB device number 24 using dummy_hcd
[  540.396289][T22304] bcachefs (loop0): error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  540.409294][T22304] bcachefs (loop0): btree node read error at btree freespace level 0/0
[  540.409312][T22304]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[  540.409328][T22304]   loop0 node offset 0/32 bset u64s 0: invalid bkey format: field 4 too large: 0 + 4294967296 > 4294967295
[  540.409343][T22304]   u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:4294967296, 0:0
[  540.409354][T22304]   loop0 btree validate error
[  540.409363][T22304]   flagging btree freespace lost data
[  540.409374][T22304]   ret btree_node_read_err_bad_node
[  540.474339][T22304] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  540.489368][T22304] bcachefs (loop0): check_topology... done
[  540.498244][T22304] bcachefs (loop0): accounting_read... done
[  540.505754][T22304] bcachefs (loop0): alloc_read... done
[  540.511917][T22304] bcachefs (loop0): snapshots_read...
[  540.515636][    T9] usb 10-1: config 0 has an invalid interface number: 52 but max is 0
[  540.532600][    T9] usb 10-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  540.543496][T22304]  done
[  540.547933][T22304] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[  540.558755][    T9] usb 10-1: config 0 has no interface number 0
[  540.562201][T22331] netlink: 340 bytes leftover after parsing attributes in process `syz.4.6547'.
[  540.565483][T22304] bcachefs (loop0): done starting filesystem
[  540.581309][    T9] usb 10-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  540.593115][    T9] usb 10-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  540.617980][    T9] usb 10-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  540.641208][    T9] usb 10-1: config 0 interface 52 has no altsetting 0
[  540.655879][    T9] usb 10-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00
[  540.683215][    T9] usb 10-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35
[  540.694854][    T9] usb 10-1: Product: syz
[  540.701101][    T9] usb 10-1: SerialNumber: syz
[  540.715743][T22333] loop4: detected capacity change from 0 to 1024
[  540.725046][    T9] usb 10-1: config 0 descriptor??
[  540.733739][T22333] EXT4-fs: Ignoring removed orlov option
[  540.754188][T22333] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  540.769954][T22333] ext4 filesystem being mounted at /476/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  540.813674][ T1122] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: comm kworker/u8:7: lblock 0 mapped to illegal pblock 0 (length 1)
[  540.829283][ T1122] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  540.842147][ T1122] EXT4-fs (loop4): This should not happen!! Data will be lost
[  540.842147][ T1122] 
[  540.855710][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  540.937987][    T9] input: syz (Stick) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.52/input/input27
[  541.153181][ T5984] usb 10-1: USB disconnect, device number 24
[  541.429613][T22348] loop4: detected capacity change from 0 to 32768
[  541.486139][T22348] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  541.486163][T22348]   allowing incompatible features above 0.0: (unknown version)
[  541.486176][T22348]   features: atomic_nlink
[  541.515990][T22348] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  541.525000][T22348] bcachefs (loop4): initializing new filesystem
[  541.541738][T22348] bcachefs (loop4): going read-write
[  541.551374][T22348] bcachefs (loop4): marking superblocks
[  541.580536][T22348] bcachefs (loop4): initializing freespace
[  541.589835][T22348] bcachefs (loop4): done initializing freespace
[  541.599140][T22348] bcachefs (loop4): reading snapshots table
[  541.605335][T22348] bcachefs (loop4): reading snapshots done
[  541.631639][T22348] bcachefs (loop4): done starting filesystem
[  541.699736][T16160] bcachefs (loop4): shutting down
[  541.705342][T16160] bcachefs (loop4): going read-only
[  541.711182][T16160] bcachefs (loop4): finished waiting for writes to stop
[  541.722543][T16160] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[  541.760563][T16160] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  541.773447][T16160] bcachefs (loop4): clean shutdown complete, journal seq 4
[  541.783601][T16160] bcachefs (loop4): marking filesystem clean
[  541.821694][T16160] bcachefs (loop4): shutdown complete
[  542.334311][T22387] loop4: detected capacity change from 0 to 128
[  542.371947][T22387] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  542.416741][T22387] ext4 filesystem being mounted at /482/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  542.562982][T16160] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  542.809075][T22404] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  543.407195][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  543.579454][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  543.600644][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  543.620105][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.648673][    T9] usb 4-1: config 0 descriptor??
[  543.831881][T22458] vivid-000: disconnect
[  543.846784][T22457] vivid-000: reconnect
[  543.857498][T22460] Invalid source name
[  543.861517][T22460] UBIFS error (pid: 22460): cannot open "./file0", error -22
[  544.043002][T22468] program syz.0.6605 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  544.084580][    T9] logitech-djreceiver 0003:046D:C71F.002F: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.3-1/input0
[  544.298650][    T9] usb 4-1: USB disconnect, device number 11
[  544.353648][T22487] netlink: 642 bytes leftover after parsing attributes in process `syz.2.6614'.
[  544.549726][T22500] loop9: detected capacity change from 0 to 512
[  544.568135][T22500] EXT4-fs (loop9): Test dummy encryption mode enabled
[  544.581797][T22500] EXT4-fs (loop9): warning: mounting unchecked fs, running e2fsck is recommended
[  544.594843][T22500] EXT4-fs (loop9): Errors on filesystem, clearing orphan list.
[  544.633990][T22500] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.681215][T13328] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.668720][T22557] loop9: detected capacity change from 0 to 256
[  545.767746][T22565] loop9: detected capacity change from 0 to 2048
[  545.780361][T22565] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  545.808206][   T30] audit: type=1800 audit(2000000113.825:198): pid=22565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.6651" name="file0" dev="loop9" ino=13 res=0 errno=0
[  545.835275][T13328] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.905397][   T30] audit: type=1326 audit(2000000113.915:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22570 comm="syz.9.6653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  545.942249][   T30] audit: type=1326 audit(2000000113.915:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22570 comm="syz.9.6653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  545.973878][   T30] audit: type=1326 audit(2000000113.915:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22570 comm="syz.9.6653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  545.998815][   T30] audit: type=1326 audit(2000000113.945:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22570 comm="syz.9.6653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3dbd8eec9 code=0x7ffc0000
[  546.287910][T22575] loop9: detected capacity change from 0 to 32768
[  546.428886][T22575] bcachefs (loop9): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  546.428919][T22575]   allowing incompatible features above 0.0: (unknown version)
[  546.428931][T22575]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  546.502895][T22575] bcachefs (loop9): Using encoding defined by superblock: utf8-12.1.0
[  546.517564][T22575] bcachefs (loop9): initializing new filesystem
[  546.534443][T22575] bcachefs (loop9): going read-write
[  546.590869][T22575] bcachefs (loop9): marking superblocks
[  546.675368][T22575] bcachefs (loop9): initializing freespace
[  546.712862][T22575] bcachefs (loop9): done initializing freespace
[  546.755368][T22575] bcachefs (loop9): reading snapshots table
[  546.778876][T22575] bcachefs (loop9): reading snapshots done
[  546.845598][T22575] bcachefs (loop9): done starting filesystem
[  546.913800][T22619] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6673'.
[  546.984138][T13328] bcachefs (loop9): shutting down
[  546.990195][T13328] bcachefs (loop9): going read-only
[  546.995443][T13328] bcachefs (loop9): finished waiting for writes to stop
[  547.013137][T13328] bcachefs (loop9): flushing journal and stopping allocators, journal seq 2
[  547.072039][T13328] bcachefs (loop9): flushing journal and stopping allocators complete, journal seq 3
[  547.088550][T13328] bcachefs (loop9): clean shutdown complete, journal seq 4
[  547.101898][T13328] bcachefs (loop9): marking filesystem clean
[  547.175162][T13328] bcachefs (loop9): shutdown complete
[  547.623385][T22634] loop9: detected capacity change from 0 to 512
[  547.638924][T22634] EXT4-fs: Ignoring removed nobh option
[  547.686510][T22634] EXT4-fs error (device loop9): ext4_orphan_get:1392: inode #15: comm syz.9.6677: iget: bad i_size value: 38620345925642
[  547.708022][T22631] loop3: detected capacity change from 0 to 32768
[  547.716309][T22634] EXT4-fs error (device loop9): ext4_orphan_get:1397: comm syz.9.6677: couldn't read orphan inode 15 (err -117)
[  547.736200][T22634] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  547.860678][T22631] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  547.860705][T22631]   allowing incompatible features above 0.0: (unknown version)
[  547.860716][T22631]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  547.913315][T22631] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  547.921819][T22631] bcachefs (loop3): initializing new filesystem
[  547.936275][T22631] bcachefs (loop3): going read-write
[  547.966137][T22631] bcachefs (loop3): marking superblocks
[  548.001282][T22631] bcachefs (loop3): initializing freespace
[  548.019862][T22631] bcachefs (loop3): done initializing freespace
[  548.030970][T22631] bcachefs (loop3): reading snapshots table
[  548.037011][T22631] bcachefs (loop3): reading snapshots done
[  548.074626][T22631] bcachefs (loop3): done starting filesystem
[  548.145401][T22654] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6684'.
[  548.196177][T22017] bcachefs (loop3): shutting down
[  548.202635][T22017] bcachefs (loop3): going read-only
[  548.215511][T22017] bcachefs (loop3): finished waiting for writes to stop
[  548.267883][T22017] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  548.435219][T22017] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  548.478654][T22659] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6686'.
[  548.507450][T22017] bcachefs (loop3): clean shutdown complete, journal seq 4
[  548.527812][T22017] bcachefs (loop3): marking filesystem clean
[  548.592053][T19874] EXT4-fs error (device loop9): ext4_validate_block_bitmap:432: comm kworker/u8:6: bg 0: block 5: invalid block bitmap
[  548.674127][T19874] EXT4-fs (loop9): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  548.729641][T19874] EXT4-fs (loop9): This should not happen!! Data will be lost
[  548.729641][T19874] 
[  548.752474][T22017] bcachefs (loop3): shutdown complete
[  548.771976][T19874] EXT4-fs (loop9): Total free blocks count 0
[  548.822894][T19874] EXT4-fs (loop9): Free/Dirty block details
[  548.847256][T19874] EXT4-fs (loop9): free_blocks=0
[  548.852287][T19874] EXT4-fs (loop9): dirty_blocks=3760
[  548.893324][T19874] EXT4-fs (loop9): Block reservation details
[  548.948405][T19874] EXT4-fs (loop9): i_reserved_data_blocks=3760
[  549.000218][T22667] netlink: 48 bytes leftover after parsing attributes in process `syz.0.6691'.
[  549.129060][T19874] EXT4-fs (loop9): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 1704 with error 28
[  549.756935][T22681] program syz.2.6697 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  549.897163][T22689] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6700'.
[  551.066452][ T5867] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  551.179288][T22736] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6721'.
[  551.236645][ T5867] usb 4-1: Using ep0 maxpacket: 16
[  551.244283][ T5867] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  551.261754][ T5867] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  551.285168][   T30] audit: type=1326 audit(2000000119.295:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.312590][ T5867] usb 4-1: config 0 interface 0 has no altsetting 0
[  551.319448][   T30] audit: type=1326 audit(2000000119.295:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.329475][ T5867] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  551.342979][   T30] audit: type=1326 audit(2000000119.325:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.370575][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.381446][   T30] audit: type=1326 audit(2000000119.325:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.381495][   T30] audit: type=1326 audit(2000000119.325:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.382662][   T30] audit: type=1326 audit(2000000119.325:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.452517][   T30] audit: type=1326 audit(2000000119.325:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.499217][ T5867] usb 4-1: config 0 descriptor??
[  551.504452][   T30] audit: type=1326 audit(2000000119.325:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.529953][   T30] audit: type=1326 audit(2000000119.325:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.553353][   T30] audit: type=1326 audit(2000000119.325:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22739 comm="syz.4.6723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bfd8eec9 code=0x7ffc0000
[  551.599485][T22749] loop9: detected capacity change from 0 to 1024
[  551.648668][T22749] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  551.666711][T22749] ext4 filesystem being mounted at /757/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  551.777796][T13328] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  551.922445][T22762] loop9: detected capacity change from 0 to 512
[  551.967991][T22762] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  551.998009][T22762] EXT4-fs (loop9): invalid journal inode
[  552.003765][T22762] EXT4-fs (loop9): can't get journal size
[  552.051106][T22762] EXT4-fs (loop9): 1 truncate cleaned up
[  552.069721][T22762] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  552.103761][T22767] loop4: detected capacity change from 0 to 512
[  552.118149][T22767] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  552.140323][T13328] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  552.175099][T22767] FAT-fs (loop4): error, invalid access to FAT (entry 0x0fffff00)
[  552.229453][ T5877] usb 4-1: USB disconnect, device number 12
[  553.262236][T22819] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6758'.
[  553.963323][T22837] loop3: detected capacity change from 0 to 8192
[  554.198558][T22850] loop3: detected capacity change from 0 to 512
[  554.206308][T22850] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  554.229347][T22850] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.6772: invalid block
[  554.241840][T22850] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.6772: invalid indirect mapped block 4294967295 (level 1)
[  554.256442][T22850] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.6772: invalid indirect mapped block 4294967295 (level 1)
[  554.273010][T22850] EXT4-fs (loop3): 2 truncates cleaned up
[  554.281123][T22850] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  554.303838][T22850] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1314: inode #12: block 7: comm syz.3.6772: path /48/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0
[  554.361909][T22017] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  554.512016][T22862] loop3: detected capacity change from 0 to 2048
[  554.570683][T22862]  loop3: p1 < > p3 p4 < >
[  554.576742][T22862] loop3: p3 start 4284289 is beyond EOD, truncated
[  555.129703][T22881] netlink: 'syz.0.6785': attribute type 3 has an invalid length.
[  555.141465][T22881] netlink: 'syz.0.6785': attribute type 3 has an invalid length.
[  555.162455][T22884] loop9: detected capacity change from 0 to 64
[  555.168930][T22882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6784'.
[  555.588467][T22902] netlink: 'syz.3.6791': attribute type 1 has an invalid length.
[  555.963709][T22908] loop3: detected capacity change from 0 to 32768
[  555.971839][T22908] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.6797 (22908)
[  555.991836][T22908] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  556.002635][T22908] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  556.048070][T22908] BTRFS info (device loop3): enabling ssd optimizations
[  556.055153][T22908] BTRFS info (device loop3): enabling free space tree
[  556.101285][T22017] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  556.165900][T22927] IPVS: length: 4096 != 8
[  556.898412][ T5867] kernel write not supported for file /ppp (pid: 5867 comm: kworker/0:3)
[  557.163511][T22971] Bluetooth: MGMT ver 1.23
[  557.170484][T22971] Bluetooth: hci0: load_link_keys: too big key_count value 2816
[  557.391538][T22982] loop3: detected capacity change from 0 to 1024
[  557.448283][T22982] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  557.502464][T22017] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.630732][T23001] netlink: 'syz.9.6831': attribute type 23 has an invalid length.
[  558.115359][T23004] loop4: detected capacity change from 0 to 32768
[  558.526474][  T116] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  558.676542][  T116] usb 4-1: Using ep0 maxpacket: 32
[  558.683957][  T116] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  558.692535][  T116] usb 4-1: config 0 has no interface number 0
[  558.700770][  T116] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  558.710207][  T116] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.718345][  T116] usb 4-1: Product: syz
[  558.722525][  T116] usb 4-1: Manufacturer: syz
[  558.727559][  T116] usb 4-1: SerialNumber: syz
[  558.734134][  T116] usb 4-1: config 0 descriptor??
[  558.741550][  T116] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  558.945757][  T116] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  558.959845][  T116] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  559.356007][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  559.366308][  T116] usb 4-1: USB disconnect, device number 13
[  559.383245][  T116] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  559.399140][  T116] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  559.412508][  T116] quatech2 4-1:0.51: device disconnected
[  559.673672][T23033] loop4: detected capacity change from 0 to 32768
[  559.690290][T23033] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  559.739665][T23033] XFS (loop4): Ending clean mount
[  559.748469][T23033] XFS (loop4): Quotacheck needed: Please wait.
[  559.794386][T23033] XFS (loop4): Quotacheck: Done.
[  560.007853][T16160] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  560.110958][T23060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6854'.
[  560.120513][ T5864] Bluetooth: hci0: command tx timeout
[  560.176728][T23062] netlink: 'syz.2.6853': attribute type 15 has an invalid length.
[  560.851415][T23084] dlm: no local IP address has been set
[  560.876619][T23084] dlm: cannot start dlm midcomms -107
[  561.644528][T23109] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  561.674564][T23114] loop3: detected capacity change from 0 to 128
[  561.802248][T23120] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6881'.
[  562.165079][T23122] loop3: detected capacity change from 0 to 32768
[  562.260525][T23122] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[  562.260555][T23122]   allowing incompatible features above 0.0: (unknown version)
[  562.260569][T23122]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  562.316465][T23122] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  562.325076][T23122] bcachefs (loop3): initializing new filesystem
[  562.346864][T23122] bcachefs (loop3): going read-write
[  562.367840][T23122] bcachefs (loop3): marking superblocks
[  562.382856][T23122] bcachefs (loop3): initializing freespace
[  562.399857][T23122] bcachefs (loop3): done initializing freespace
[  562.410485][T23122] bcachefs (loop3): reading snapshots table
[  562.419819][T23122] bcachefs (loop3): reading snapshots done
[  562.465201][T23122] bcachefs (loop3): done starting filesystem
[  562.572347][T22017] bcachefs (loop3): shutting down
[  562.583947][T22017] bcachefs (loop3): going read-only
[  562.601687][T22017] bcachefs (loop3): finished waiting for writes to stop
[  562.636980][T22017] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  562.736428][T22017] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  562.751904][T22017] bcachefs (loop3): clean shutdown complete, journal seq 4
[  562.763843][T22017] bcachefs (loop3): marking filesystem clean
[  562.818885][T22017] bcachefs (loop3): shutdown complete
[  562.992202][T23175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6903'.
[  563.018718][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  563.027917][T23175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6903'.
[  563.073558][T19920] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  563.118239][T19920] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  563.144869][T19920] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  563.171226][T19920] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  563.418046][T23190] loop4: detected capacity change from 0 to 2048
[  563.445739][T23190] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  563.524521][T23190] UDF-fs: error (device loop4): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376)
[  563.828363][T23212] netlink: 'syz.3.6917': attribute type 23 has an invalid length.
[  564.115748][T23196] loop9: detected capacity change from 0 to 32768
[  564.123096][T23224] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  564.134954][T23196] (syz.9.6911,23196,0):ocfs2_find_entry:1083 ERROR: status = -117
[  564.142995][T23196] (syz.9.6911,23196,0):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 66
[  564.176796][T23196] (syz.9.6911,23196,0):ocfs2_init_global_system_inodes:465 ERROR: status = -22
[  564.193865][T23196] (syz.9.6911,23196,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 1, possibly corrupt fs?
[  564.193999][T23196] (syz.9.6911,23196,0):ocfs2_init_global_system_inodes:476 ERROR: status = -22
[  564.216063][T23196] (syz.9.6911,23196,0):ocfs2_initialize_super:2198 ERROR: status = -22
[  564.247950][T23196] (syz.9.6911,23196,0):ocfs2_fill_super:1177 ERROR: status = -22
[  564.723447][T23222] loop3: detected capacity change from 0 to 32768
[  564.774859][T23222] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  564.881394][T23222] XFS (loop3): Ending clean mount
[  564.898643][T23222] XFS (loop3): Quotacheck needed: Please wait.
[  564.969684][T23222] XFS (loop3): Quotacheck: Done.
[  565.117464][T22017] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  565.389930][T23261] program syz.3.6937 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  565.407549][T23263] tipc: Started in network mode
[  565.412548][T23263] tipc: Node identity ac14140f, cluster identity 4711
[  565.420003][T23263] tipc: New replicast peer: 255.255.255.255
[  565.427034][T23263] tipc: Enabled bearer <udp:syz2>, priority 10
[  565.493646][T23265] syzkaller0: tun_chr_ioctl cmd 1074812118
[  565.507899][T23254] loop9: detected capacity change from 0 to 40427
[  565.516299][T23254] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  565.524263][T23254] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  565.554300][T23254] F2FS-fs (loop9): invalid crc value
[  565.674036][ T5867] kernel write not supported for file /173/loginuid (pid: 5867 comm: kworker/0:3)
[  565.708830][T23254] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  565.723982][T23254] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  565.744012][T23254] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  566.298805][ T5984] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  566.308109][T23310] netlink: 172 bytes leftover after parsing attributes in process `syz.0.6959'.
[  566.328478][T23310] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6959'.
[  566.400029][T23316] [U] ^G„
[  566.412379][T23315] [U] ^G
[  566.498152][ T5984] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  566.516455][ T5984] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.540421][ T5984] usb 4-1: config 0 descriptor??
[  566.548308][ T5867] tipc: Node number set to 2886997007
[  566.767157][ T5984] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  566.975542][ T5984] [drm:udl_init] *ERROR* Selecting channel failed
[  567.012081][ T5984] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  567.020178][ T5984] [drm] Initialized udl on minor 2
[  567.037072][ T5984] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  567.050156][ T5984] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  567.068298][ T5877] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  567.099937][ T5984] usb 4-1: USB disconnect, device number 14
[  567.108051][ T5877] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  567.676686][T23351] netlink: 'syz.9.6975': attribute type 4 has an invalid length.
[  567.721232][T23355] netlink: 'syz.0.6978': attribute type 3 has an invalid length.
[  567.731940][T23355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6978'.
[  568.020941][T23364] loop9: detected capacity change from 0 to 4096
[  568.175933][T23364] overlayfs: missing 'workdir'
[  568.220461][T23376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6988'.
[  568.669003][T23395] loop9: detected capacity change from 0 to 128
[  568.710127][T23395] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  568.762719][T23395] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  568.782413][T23399] C: renamed from team_slave_0 (while UP)
[  568.818680][T23399] netlink: 'syz.4.6998': attribute type 3 has an invalid length.
[  568.852282][T23399] netlink: 152 bytes leftover after parsing attributes in process `syz.4.6998'.
[  568.877073][T23399] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  568.994204][T23411] loop3: detected capacity change from 0 to 4096
[  569.007380][T23411] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  569.101748][T23411] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  569.120196][T23421] loop4: detected capacity change from 0 to 1024
[  569.137425][T23421] EXT4-fs: Ignoring removed nobh option
[  569.151467][T23421] EXT4-fs: Ignoring removed bh option
[  569.187643][T23421] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.290510][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  569.290530][   T30] audit: type=1800 audit(2000000137.305:215): pid=23421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7007" name="bus" dev="loop4" ino=18 res=0 errno=0
[  569.376665][T23428] nbd1: detected capacity change from 0 to 127
[  569.391147][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  569.398776][ T5864] block nbd1: Receive control failed (result -32)
[  569.762665][T23455] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  570.529942][T23479] loop4: detected capacity change from 0 to 512
[  570.549082][T23479] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  570.575090][T23479] EXT4-fs (loop4): invalid journal inode
[  570.588993][T23479] EXT4-fs (loop4): can't get journal size
[  570.606478][T23479] EXT4-fs (loop4): 1 truncate cleaned up
[  570.629213][T23479] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  570.786484][   T30] audit: type=1800 audit(2000000138.695:216): pid=23479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7033" name="file2" dev="loop4" ino=16 res=0 errno=0
[  570.883479][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.319463][T23494] netem: change failed
[  571.327451][T23491] loop4: detected capacity change from 0 to 4096
[  571.388742][T23491] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  571.507725][T23491] fs-verity (loop4, inode 16): Unknown hash algorithm number: 3
[  571.587749][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  572.028074][T23500] loop9: detected capacity change from 0 to 40427
[  572.048404][T23500] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12
[  572.068588][T23500] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  572.099404][T23500] F2FS-fs (loop9): invalid crc value
[  572.243320][T23500] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  572.267769][T23500] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  572.282975][T23500] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  572.452067][T23535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7055'.
[  572.480432][T23535] netlink: 'syz.0.7055': attribute type 2 has an invalid length.
[  572.732437][T23543] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7060'.
[  572.823242][T23546] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7061'.
[  573.286503][T23550] loop3: detected capacity change from 0 to 32768
[  573.300819][T23550] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.7063 (23550)
[  573.329817][T23550] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  573.352045][T23550] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  573.442482][T23550] BTRFS info (device loop3): enabling ssd optimizations
[  573.467141][T23550] BTRFS info (device loop3): enabling free space tree
[  573.490482][T23550] BTRFS info (device loop3): use zstd compression, level 3
[  573.613856][T22017] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  573.955717][T23593] input: syz1 as /devices/virtual/input/input28
[  574.355886][T23613] bcachefs (loop0): shutting down
[  574.396139][T23613] bcachefs (loop0): shutdown complete
[  574.605319][T19874] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.724638][T19874] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.811439][T19874] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.932626][T19874] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  575.073269][T19874] bridge_slave_1: left allmulticast mode
[  575.079041][T19874] bridge_slave_1: left promiscuous mode
[  575.084759][T19874] bridge0: port 2(bridge_slave_1) entered disabled state
[  575.094274][T19874] bridge_slave_0: left allmulticast mode
[  575.100240][T19874] bridge_slave_0: left promiscuous mode
[  575.107111][T19874] bridge0: port 1(bridge_slave_0) entered disabled state
[  575.465634][T19874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  575.477335][T19874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  575.487798][T19874] bond0 (unregistering): Released all slaves
[  575.848056][T19874] hsr_slave_0: left promiscuous mode
[  575.854365][T19874] hsr_slave_1: left promiscuous mode
[  575.861049][T19874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  575.875548][T19874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  575.883864][T19874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  575.891430][T19874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  575.919249][T19874] veth1_macvtap: left promiscuous mode
[  575.924809][T19874] veth0_macvtap: left promiscuous mode
[  575.930625][T19874] veth1_vlan: left promiscuous mode
[  575.935955][T19874] veth0_vlan: left promiscuous mode
[  576.155863][T19339] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  576.181836][T19339] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  576.190929][T19339] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  576.202838][T19339] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  576.212982][T19339] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  576.672841][T23640] loop4: detected capacity change from 0 to 4096
[  576.857953][T19339] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  576.888180][T19339] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  576.900111][T19339] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  576.939069][T19339] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  576.946853][T19339] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  577.093834][T19339] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  577.114353][T19339] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  577.131721][T19339] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  577.164766][T19339] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  577.173627][T19339] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  577.263310][T19874] team0 (unregistering): Port device team_slave_1 removed
[  577.310345][T19874] team0 (unregistering): Port device team_slave_0 removed
[  578.089678][T23661] loop4: detected capacity change from 0 to 512
[  578.103233][T23661] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  578.140350][T23661] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  578.164933][T23661] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  578.197355][T23661] System zones: 0-1, 15-15, 18-18, 34-34
[  578.203375][T23661] EXT4-fs (loop4): orphan cleanup on readonly fs
[  578.210291][T23661] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0
[  578.219779][T23661] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  578.234719][T23661] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  578.257866][T23661] EXT4-fs (loop4): 1 truncate cleaned up
[  578.276643][ T5864] Bluetooth: hci0: command tx timeout
[  578.285099][T23661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  578.430782][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.834091][T23681] loop4: detected capacity change from 0 to 256
[  578.851114][T23681] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[  578.856061][T23629] chnl_net:caif_netlink_parms(): no params data found
[  578.926094][T19874] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  578.938318][T19874] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.995760][T23645] chnl_net:caif_netlink_parms(): no params data found
[  579.002823][ T5864] Bluetooth: hci2: command tx timeout
[  579.072110][T19874] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  579.082934][T19874] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.114830][T23641] chnl_net:caif_netlink_parms(): no params data found
[  579.185075][T19874] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  579.195593][T19874] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.237805][ T5864] Bluetooth: hci3: command tx timeout
[  579.324303][T19874] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  579.335245][T19874] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.364431][T23629] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.373069][T23629] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.380709][T23629] bridge_slave_0: entered allmulticast mode
[  579.394484][T23629] bridge_slave_0: entered promiscuous mode
[  579.440015][T23629] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.451027][T23629] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.458438][T23629] bridge_slave_1: entered allmulticast mode
[  579.466302][T23629] bridge_slave_1: entered promiscuous mode
[  579.568231][T23645] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.575580][T23645] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.582954][T23645] bridge_slave_0: entered allmulticast mode
[  579.594790][T23645] bridge_slave_0: entered promiscuous mode
[  579.604762][T23641] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.614193][T23641] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.621635][T23641] bridge_slave_0: entered allmulticast mode
[  579.629741][T23641] bridge_slave_0: entered promiscuous mode
[  579.644037][T23629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  579.654708][T23645] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.662572][T23645] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.671249][T23645] bridge_slave_1: entered allmulticast mode
[  579.680051][T23645] bridge_slave_1: entered promiscuous mode
[  579.687768][T23641] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.695653][T23641] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.704022][T23641] bridge_slave_1: entered allmulticast mode
[  579.714832][T23641] bridge_slave_1: entered promiscuous mode
[  579.746252][T23629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.848963][T23645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  579.870697][T23641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  579.897779][T23641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.951343][T23629] team0: Port device team_slave_0 added
[  579.967392][T23645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  579.973559][T23709] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7114'.
[  580.050442][T23629] team0: Port device team_slave_1 added
[  580.154505][T23641] team0: Port device team_slave_0 added
[  580.167844][T23641] team0: Port device team_slave_1 added
[  580.252165][T23645] team0: Port device team_slave_0 added
[  580.275088][T23629] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.283801][T23629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.310964][T23629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.324651][T23645] team0: Port device team_slave_1 added
[  580.338197][T23720] loop4: detected capacity change from 0 to 128
[  580.356587][ T5864] Bluetooth: hci0: command tx timeout
[  580.381558][T23629] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.389676][T23629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.417134][T23629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  580.464280][T19874] netdevsim netdevsim9 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  580.475695][T19874] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.498002][T23645] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.505048][T23645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.534161][T23645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.547437][T23641] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.554624][T23641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.591500][T23641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.615731][T23641] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.623360][T23641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.650726][T23641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  580.662884][T23645] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.670221][T23645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  580.696406][T23645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  580.730229][T19874] netdevsim netdevsim9 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  580.740918][T19874] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.760800][T23727] loop4: detected capacity change from 0 to 512
[  580.775437][T23727] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  580.796489][   T30] audit: type=1800 audit(2000000148.815:217): pid=23727 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7123" name="file1" dev="loop4" ino=15 res=0 errno=0
[  580.843360][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.879697][T23629] hsr_slave_0: entered promiscuous mode
[  580.889422][T23629] hsr_slave_1: entered promiscuous mode
[  580.895916][T23629] debugfs: 'hsr0' already exists in 'hsr'
[  580.898972][T23731] loop4: detected capacity change from 0 to 256
[  580.902109][T23629] Cannot create hsr debugfs directory
[  580.955006][T19874] netdevsim netdevsim9 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  580.965883][T19874] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.995903][T23641] hsr_slave_0: entered promiscuous mode
[  581.003008][T23641] hsr_slave_1: entered promiscuous mode
[  581.009714][T23641] debugfs: 'hsr0' already exists in 'hsr'
[  581.015475][T23641] Cannot create hsr debugfs directory
[  581.087098][ T5864] Bluetooth: hci2: command tx timeout
[  581.103262][T19874] netdevsim netdevsim9 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  581.114484][T19874] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.156156][T23645] hsr_slave_0: entered promiscuous mode
[  581.163161][T23645] hsr_slave_1: entered promiscuous mode
[  581.173365][T23645] debugfs: 'hsr0' already exists in 'hsr'
[  581.179694][T23645] Cannot create hsr debugfs directory
[  581.316536][ T5864] Bluetooth: hci3: command tx timeout
[  581.326894][T23741] loop4: detected capacity change from 0 to 2048
[  581.347931][T23741] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  581.365062][T23741] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  581.631512][T19874] bridge_slave_1: left allmulticast mode
[  581.637927][T19874] bridge_slave_1: left promiscuous mode
[  581.644109][T19874] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.658677][T19874] bridge_slave_0: left allmulticast mode
[  581.665414][T19874] bridge_slave_0: left promiscuous mode
[  581.675073][T19874] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.687466][T19874] bridge_slave_1: left allmulticast mode
[  581.693123][T19874] bridge_slave_1: left promiscuous mode
[  581.702071][T19874] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.715011][T19874] bridge_slave_0: left allmulticast mode
[  581.723607][T19874] bridge_slave_0: left promiscuous mode
[  581.732296][T19874] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.011403][T23755] loop4: detected capacity change from 0 to 32768
[  582.022681][T23755] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.7135 (23755)
[  582.050610][T23755] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  582.073277][T23755] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  582.237654][T23755] BTRFS info (device loop4): turning off barriers
[  582.244276][T23755] BTRFS info (device loop4): enabling free space tree
[  582.259927][T23755] BTRFS info (device loop4): use zstd compression, level 3
[  582.420424][T19874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.433629][T19874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.442399][ T5864] Bluetooth: hci0: command tx timeout
[  582.450705][T19874] bond0 (unregistering): Released all slaves
[  582.481594][T16160] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  582.954400][T19874] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.965533][T19874] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.976115][T19874] bond0 (unregistering): Released all slaves
[  583.157067][ T5864] Bluetooth: hci2: command tx timeout
[  583.182950][T19874] tipc: Disabling bearer <udp:syz2>
[  583.189410][T19874] tipc: Left network mode
[  583.242366][T19874] tipc: Disabling bearer <eth:team0>
[  583.261628][T19874] tipc: Disabling bearer <udp:syz2>
[  583.273945][T19874] tipc: Left network mode
[  583.396546][ T5864] Bluetooth: hci3: command tx timeout
[  583.462985][T23793] loop4: detected capacity change from 0 to 32768
[  583.523909][T23793] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  583.548011][T23793] XFS (loop4): Ending clean mount
[  583.565736][T23793] XFS (loop4): Quotacheck needed: Please wait.
[  583.649941][T23793] XFS (loop4): Quotacheck: Done.
[  583.672763][   T30] audit: type=1800 audit(2000000151.685:218): pid=23793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7146" name="bus" dev="loop4" ino=6155 res=0 errno=0
[  583.742235][T16160] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  583.885413][T19874] hsr_slave_0: left promiscuous mode
[  583.900793][T19874] hsr_slave_1: left promiscuous mode
[  583.920726][T19874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  583.929213][T19874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  583.947225][T19874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  583.954619][T19874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  583.992007][T19874] hsr_slave_0: left promiscuous mode
[  583.998594][T19874] hsr_slave_1: left promiscuous mode
[  584.004745][T19874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  584.012369][T19874] batman_adv: batadv0: Removing interface: batadv_slave_0
[  584.022222][T19874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  584.030677][T19874] batman_adv: batadv0: Removing interface: batadv_slave_1
[  584.094392][T19874] veth1_macvtap: left promiscuous mode
[  584.100637][T19874] veth0_macvtap: left promiscuous mode
[  584.107069][T19874] veth1_vlan: left promiscuous mode
[  584.112440][T19874] veth0_vlan: left promiscuous mode
[  584.131382][T19874] veth1_macvtap: left promiscuous mode
[  584.137671][T19874] veth0_macvtap: left promiscuous mode
[  584.146510][T19874] veth1_vlan: left promiscuous mode
[  584.151953][T19874] veth0_vlan: left promiscuous mode
[  584.300466][T23821] loop4: detected capacity change from 0 to 4096
[  584.516525][ T5864] Bluetooth: hci0: command tx timeout
[  584.890709][T19874] team0 (unregistering): Port device team_slave_1 removed
[  584.934102][T19874] team0 (unregistering): Port device team_slave_0 removed
[  585.236707][ T5864] Bluetooth: hci2: command tx timeout
[  585.383696][T19874] pimreg (unregistering): left allmulticast mode
[  585.476738][ T5864] Bluetooth: hci3: command tx timeout
[  585.761435][T19874] team0 (unregistering): Port device team_slave_1 removed
[  585.805143][T19874] team0 (unregistering): Port device team_slave_0 removed
[  586.941019][T23645] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  586.970064][T23645] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  587.000020][T23645] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  587.020290][T23645] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  587.247677][T23865] nbd2: detected capacity change from 0 to 127
[  587.267431][ T5864] block nbd2: Receive control failed (result -32)
[  587.310408][T23629] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  587.322711][T23641] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  587.350474][T23629] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  587.371495][T23641] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  587.395031][T23629] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  587.421704][T23629] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  587.444202][T23641] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  587.482442][T23641] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  587.540079][T23645] 8021q: adding VLAN 0 to HW filter on device bond0
[  587.594286][T23645] 8021q: adding VLAN 0 to HW filter on device team0
[  587.633051][T19890] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.640248][T19890] bridge0: port 1(bridge_slave_0) entered forwarding state
[  587.671515][T19890] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.678885][T19890] bridge0: port 2(bridge_slave_1) entered forwarding state
[  587.774752][T23629] 8021q: adding VLAN 0 to HW filter on device bond0
[  587.819558][T23629] 8021q: adding VLAN 0 to HW filter on device team0
[  587.832545][T19913] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.839766][T19913] bridge0: port 1(bridge_slave_0) entered forwarding state
[  587.869269][T19913] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.876481][T19913] bridge0: port 2(bridge_slave_1) entered forwarding state
[  587.913484][T23641] 8021q: adding VLAN 0 to HW filter on device bond0
[  588.030790][T23641] 8021q: adding VLAN 0 to HW filter on device team0
[  588.046969][T23902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7180'.
[  588.078590][T19874] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.085739][T19874] bridge0: port 1(bridge_slave_0) entered forwarding state
[  588.131385][T19874] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.138614][T19874] bridge0: port 2(bridge_slave_1) entered forwarding state
[  588.216249][T23645] 8021q: adding VLAN 0 to HW filter on device batadv0
[  588.392297][T23629] 8021q: adding VLAN 0 to HW filter on device batadv0
[  588.663698][T23641] 8021q: adding VLAN 0 to HW filter on device batadv0
[  588.815393][T23645] veth0_vlan: entered promiscuous mode
[  588.840776][T23645] veth1_vlan: entered promiscuous mode
[  588.942287][T23645] veth0_macvtap: entered promiscuous mode
[  588.967857][T23645] veth1_macvtap: entered promiscuous mode
[  588.978307][T23629] veth0_vlan: entered promiscuous mode
[  589.009437][T23645] batman_adv: batadv0: Interface activated: batadv_slave_0
[  589.026174][T23629] veth1_vlan: entered promiscuous mode
[  589.039079][T23645] batman_adv: batadv0: Interface activated: batadv_slave_1
[  589.069647][ T1122] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.078663][ T1122] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.095361][ T1122] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.104904][ T1122] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.197902][T23641] veth0_vlan: entered promiscuous mode
[  589.205960][T23629] veth0_macvtap: entered promiscuous mode
[  589.230671][T23629] veth1_macvtap: entered promiscuous mode
[  589.256661][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.261563][T23641] veth1_vlan: entered promiscuous mode
[  589.270505][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.280572][T23629] batman_adv: batadv0: Interface activated: batadv_slave_0
[  589.315519][T23629] batman_adv: batadv0: Interface activated: batadv_slave_1
[  589.331406][T19874] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.349592][T19874] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.358579][T19874] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.374192][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.383533][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.394816][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.445661][T23641] veth0_macvtap: entered promiscuous mode
[  589.485991][T23641] veth1_macvtap: entered promiscuous mode
[  589.541675][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.561393][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.564555][T23641] batman_adv: batadv0: Interface activated: batadv_slave_0
[  589.617437][T23943] loop6: detected capacity change from 0 to 512
[  589.622957][T23641] batman_adv: batadv0: Interface activated: batadv_slave_1
[  589.645779][T19913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.655999][   T13] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.656468][T19913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.685561][T23943] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.700690][T23943] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  589.702122][   T13] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.744383][T19913] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.745933][T23645] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.780829][T19913] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.885244][T19874] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.895051][T19874] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.935081][T19874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.944256][T19874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.286659][T23938] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  590.347750][T23957] loop7: detected capacity change from 0 to 40427
[  590.355277][T23957] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  590.364980][T23957] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  590.375282][T23957] F2FS-fs (loop7): invalid crc value
[  590.428552][T23957] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  590.439551][T23957] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  590.447041][T23957] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  590.456012][T23938] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  590.465164][T23938] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.475993][T23938] usb 7-1: config 0 descriptor??
[  590.483672][T23938] cp210x 7-1:0.0: cp210x converter detected
[  590.642037][T23965] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7191'.
[  590.711842][T23967] program syz.5.7192 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  590.897725][T23938] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  590.922358][T23938] usb 7-1: cp210x converter now attached to ttyUSB0
[  591.132125][ T5877] usb 7-1: USB disconnect, device number 27
[  591.148216][ T5877] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  591.176908][ T5877] cp210x 7-1:0.0: device disconnected
[  591.273681][T23987] netlink: 52 bytes leftover after parsing attributes in process `syz.7.7201'.
[  591.293961][T23987] netlink: 84 bytes leftover after parsing attributes in process `syz.7.7201'.
[  591.387552][T23995] loop7: detected capacity change from 0 to 1024
[  591.394965][T23995] EXT4-fs: Ignoring removed orlov option
[  591.412940][T23995] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  591.425434][T23995] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  591.451211][   T30] audit: type=1800 audit(2000000159.465:219): pid=23995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.7204" name="file1" dev="loop7" ino=15 res=0 errno=0
[  591.478214][   T30] audit: type=1800 audit(2000000159.495:220): pid=23995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.7204" name="file1" dev="loop7" ino=15 res=0 errno=0
[  591.478411][T23995] EXT4-fs error (device loop7): ext4_map_blocks:814: inode #15: comm syz.7.7204: lblock 0 mapped to illegal pblock 0 (length 1)
[  591.522911][T23995] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  591.536665][T23995] EXT4-fs (loop7): This should not happen!! Data will be lost
[  591.536665][T23995] 
[  591.550581][T23995] EXT4-fs error (device loop7): ext4_map_blocks:814: inode #15: comm syz.7.7204: lblock 0 mapped to illegal pblock 0 (length 1)
[  591.566260][T23995] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  591.635060][T23995] EXT4-fs (loop7): This should not happen!! Data will be lost
[  591.635060][T23995] 
[  591.644541][T24005] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7208'.
[  591.712728][T24005] netem: change failed
[  591.746583][T23641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  591.801532][T24010] netlink: 'syz.6.7210': attribute type 23 has an invalid length.
[  591.944935][T24019] zonefs (nullb0) ERROR: Not a zoned block device
[  593.125465][T24065] i2c i2c-0: Invalid block write size 252
[  593.319994][T24074] netlink: 'syz.4.7237': attribute type 1 has an invalid length.
[  593.691377][T24088] loop4: detected capacity change from 0 to 512
[  593.750588][T24088] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  593.802559][   T30] audit: type=1800 audit(2000000161.815:221): pid=24088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7243" name="file1" dev="loop4" ino=15 res=0 errno=0
[  593.884877][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  594.018991][T24104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7250'.
[  594.030233][T24106] netlink: 'syz.4.7251': attribute type 6 has an invalid length.
[  594.236532][ T5949] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  594.406691][ T5949] usb 6-1: Using ep0 maxpacket: 16
[  594.414134][ T5949] usb 6-1: config 0 has an invalid interface number: 64 but max is 0
[  594.422560][ T5949] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  594.433027][ T5949] usb 6-1: config 0 has no interface number 0
[  594.440930][ T5949] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  594.461384][ T5949] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.478967][ T5949] usb 6-1: config 0 descriptor??
[  594.497912][ T5949] uvcvideo 6-1:0.64: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  594.512335][ T5949] uvcvideo 6-1:0.64: No valid video chain found.
[  594.715429][ T6000] usb 6-1: USB disconnect, device number 16
[  594.966012][T24131] loop4: detected capacity change from 0 to 32768
[  595.026789][  T114] blkno = 5002c, nblocks = 1
[  595.031488][  T114] ERROR: (device loop4): dbFree: block to be freed is outside the map
[  595.031488][  T114] 
[  595.043381][  T114] ERROR: (device loop4): remounting filesystem as read-only
[  595.051449][T24131] ERROR: (device loop4): dbAlloc: the hint is outside the map
[  595.051449][T24131] 
[  595.065023][T24131] syz.4.7263: attempt to access beyond end of device
[  595.065023][T24131] loop4: rw=2049, sector=2621800, nr_sectors = 8 limit=32768
[  595.206214][  T113] blkno = 5002d, nblocks = 1
[  595.215533][  T113] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[  595.215533][  T113] 
[  595.352191][T24163] macvlan0: entered promiscuous mode
[  595.368096][T24163] netlink: 'syz.5.7279': attribute type 1 has an invalid length.
[  595.375958][T24163] netlink: 'syz.5.7279': attribute type 2 has an invalid length.
[  595.529750][T24176] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7285'.
[  595.725468][   T30] audit: type=1800 audit(2000000163.735:222): pid=24185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.7289" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[  595.773821][T24188] sctp: [Deprecated]: syz.5.7290 (pid 24188) Use of struct sctp_assoc_value in delayed_ack socket option.
[  595.773821][T24188] Use struct sctp_sack_info instead
[  596.092862][T24206] netlink: 'syz.7.7298': attribute type 3 has an invalid length.
[  596.292345][T24217] loop5: detected capacity change from 0 to 4096
[  596.339126][T24222] netlink: 244 bytes leftover after parsing attributes in process `syz.6.7305'.
[  596.406787][T24217] ntfs3(loop5): ino=1a, mi_enum_attr
[  596.412133][T24217] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  596.421469][T24227] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present
[  596.431513][T24227] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9)
[  596.469330][   T30] audit: type=1800 audit(2000000164.475:223): pid=24217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.7302" name="file0" dev="loop5" ino=0 res=0 errno=0
[  596.800601][T24240] netlink: 'syz.4.7313': attribute type 23 has an invalid length.
[  597.149922][T24255] loop5: detected capacity change from 0 to 512
[  597.166745][T24255] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  597.221898][T24255] EXT4-fs (loop5): 1 truncate cleaned up
[  597.250529][T24255] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  597.748874][T24280] program syz.4.7332 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  597.782452][T23629] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  599.274246][T24326] loop5: detected capacity change from 0 to 65
[  599.302170][T24326] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
[  599.347331][T24326] BFS-fs: bfs_fill_super(): Last block not available on loop5: 511
[  599.701912][T24345] bond0: entered promiscuous mode
[  599.720123][T24345] bond_slave_0: entered promiscuous mode
[  599.736218][T24345] bond_slave_1: entered promiscuous mode
[  599.752356][T24345] batadv0: entered promiscuous mode
[  599.769150][T24345] debugfs: 'hsr1' already exists in 'hsr'
[  599.792802][T24345] Cannot create hsr debugfs directory
[  599.805145][T24345] 8021q: adding VLAN 0 to HW filter on device hsr1
[  600.224644][T24336] loop4: detected capacity change from 0 to 32768
[  600.391303][T24336] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  600.391341][T24336]   allowing incompatible features above 0.0: (unknown version)
[  600.391354][T24336]   features: lz4
[  600.414120][    C1] vkms_vblank_simulate: vblank timer overrun
[  600.504659][T24336] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  600.535363][T24336] bcachefs (loop4): initializing new filesystem
[  600.591089][T24336] bcachefs (loop4): going read-write
[  600.616119][T24336] bcachefs (loop4): marking superblocks
[  600.723136][T24336] bcachefs (loop4): initializing freespace
[  600.751750][T24336] bcachefs (loop4): done initializing freespace
[  600.803765][T24336] bcachefs (loop4): reading snapshots table
[  600.835689][T24336] bcachefs (loop4): reading snapshots done
[  600.909728][T24336] bcachefs (loop4): done starting filesystem
[  600.966262][T24384] netlink: 'syz.7.7375': attribute type 1 has an invalid length.
[  600.983038][T24384] netlink: 224 bytes leftover after parsing attributes in process `syz.7.7375'.
[  600.992627][T24384] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7375'.
[  601.003978][   T30] audit: type=1800 audit(2000000169.015:224): pid=24336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7358" name="file1" dev="loop4" ino=4098 res=0 errno=0
[  601.066005][T16160] bcachefs (loop4): shutting down
[  601.078214][T16160] bcachefs (loop4): going read-only
[  601.086241][T16160] bcachefs (loop4): finished waiting for writes to stop
[  601.124133][T16160] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[  601.238275][T16160] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  601.249467][T16160] bcachefs (loop4): clean shutdown complete, journal seq 4
[  601.257606][T16160] bcachefs (loop4): marking filesystem clean
[  601.293050][T16160] bcachefs (loop4): shutdown complete
[  601.431523][T24396] loop5: detected capacity change from 0 to 4096
[  601.468147][T24398] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  601.939412][T24401] loop7: detected capacity change from 0 to 32768
[  602.324534][T24414] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7389'.
[  602.660743][T24401] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 255,nocow
[  602.660770][T24401]   allowing incompatible features above 0.0: (unknown version)
[  602.660783][T24401]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  602.723765][T24401] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  602.742895][T24401] bcachefs (loop7): initializing new filesystem
[  602.761679][T24401] bcachefs (loop7): going read-write
[  602.810652][T24401] bcachefs (loop7): marking superblocks
[  602.921867][T24401] bcachefs (loop7): initializing freespace
[  602.992672][T24401] bcachefs (loop7): done initializing freespace
[  603.034000][T24401] bcachefs (loop7): reading snapshots table
[  603.078985][T24401] bcachefs (loop7): reading snapshots done
[  603.137032][T24401] bcachefs (loop7):  loop7: Superblock write was silently dropped! (seq 0 expected 42)
[  603.176819][T24401] bcachefs (loop7): done starting filesystem
[  603.410252][T23641] bcachefs (loop7): shutting down
[  603.415345][T23641] bcachefs (loop7): going read-only
[  603.447152][T23641] bcachefs (loop7): finished waiting for writes to stop
[  603.525970][T23641] bcachefs (loop7): flushing journal and stopping allocators, journal seq 3
[  603.699203][T23641] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 3
[  603.722208][T23641] bcachefs (loop7): clean shutdown complete, journal seq 4
[  603.740662][T23641] bcachefs (loop7): marking filesystem clean
[  603.841035][T23641] bcachefs (loop7): shutdown complete
[  604.278726][T24476] netlink: 'syz.5.7414': attribute type 1 has an invalid length.
[  604.295619][T24476] netlink: 16166 bytes leftover after parsing attributes in process `syz.5.7414'.
[  604.577438][T24483] loop6: detected capacity change from 0 to 2048
[  604.604797][T24483] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  604.646743][T24483] UDF-fs: Scanning with blocksize 512 failed
[  604.661585][T24483] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  605.065160][T24488] loop5: detected capacity change from 0 to 32768
[  605.207111][T24500] loop6: detected capacity change from 0 to 1024
[  605.468838][T24488] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  605.468882][T24488]   allowing incompatible features above 0.0: (unknown version)
[  605.468895][T24488]   features: lz4
[  605.503868][T24488] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  605.517377][T24488] bcachefs (loop5): initializing new filesystem
[  605.532620][T24488] bcachefs (loop5): going read-write
[  605.568411][T24488] bcachefs (loop5): marking superblocks
[  605.641596][T24488] bcachefs (loop5): initializing freespace
[  605.670167][T24488] bcachefs (loop5): done initializing freespace
[  605.696836][T24488] bcachefs (loop5): reading snapshots table
[  605.723126][T24488] bcachefs (loop5): reading snapshots done
[  605.789082][T24488] bcachefs (loop5): done starting filesystem
[  605.992777][T23629] bcachefs (loop5): shutting down
[  606.000184][T23629] bcachefs (loop5): going read-only
[  606.005426][T23629] bcachefs (loop5): finished waiting for writes to stop
[  606.077564][T23629] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  606.153392][T23629] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  606.188358][T23629] bcachefs (loop5): clean shutdown complete, journal seq 4
[  606.216673][T23629] bcachefs (loop5): marking filesystem clean
[  606.287529][T24521] loop6: detected capacity change from 0 to 40427
[  606.303150][T24521] F2FS-fs (loop6): build fault injection rate: 14
[  606.310305][T24521] F2FS-fs (loop6): build fault injection type: 0x3bfe8c
[  606.320432][T23629] bcachefs (loop5): shutdown complete
[  606.338643][T24521] F2FS-fs (loop6): invalid crc value
[  606.370144][    C1] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  606.393620][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  606.521865][T24521] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  606.534400][T24521] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  606.556260][T24521] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  606.633172][T24521] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  606.650086][T24525] loop7: detected capacity change from 0 to 32768
[  606.662080][T24521] F2FS-fs (loop6): inject dquot initialize in f2fs_dquot_initialize of f2fs_unlink+0x219/0xac0
[  606.705215][T23645] syz-executor: attempt to access beyond end of device
[  606.705215][T23645] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  606.722558][T23645] CPU: 0 UID: 0 PID: 23645 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  606.722588][T23645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  606.722602][T23645] Call Trace:
[  606.722613][T23645]  <TASK>
[  606.722622][T23645]  dump_stack_lvl+0x189/0x250
[  606.722667][T23645]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.722692][T23645]  ? __pfx_queue_work_on+0x10/0x10
[  606.722710][T23645]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  606.722735][T23645]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  606.722785][T23645]  f2fs_handle_critical_error+0x37c/0x540
[  606.722816][T23645]  f2fs_write_end_io+0x886/0xb60
[  606.722884][T23645]  __submit_merged_bio+0x27a/0x6a0
[  606.722916][T23645]  __submit_merged_write_cond+0x255/0x530
[  606.722959][T23645]  f2fs_write_data_pages+0x261d/0x3000
[  606.723029][T23645]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  606.723129][T23645]  ? __mod_zone_page_state+0xd7/0x140
[  606.723168][T23645]  ? folios_put_refs+0x58b/0x670
[  606.723217][T23645]  ? __lock_acquire+0xab9/0xd20
[  606.723260][T23645]  ? do_raw_spin_lock+0x121/0x290
[  606.723313][T23645]  ? do_raw_spin_unlock+0x122/0x240
[  606.723340][T23645]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  606.723373][T23645]  do_writepages+0x32e/0x550
[  606.723409][T23645]  ? do_raw_spin_unlock+0x122/0x240
[  606.723442][T23645]  filemap_fdatawrite+0x199/0x240
[  606.723465][T23645]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  606.723552][T23645]  ? do_raw_spin_unlock+0x122/0x240
[  606.723584][T23645]  f2fs_sync_dirty_inodes+0x31f/0x830
[  606.723633][T23645]  f2fs_write_checkpoint+0x93e/0x2440
[  606.723669][T23645]  ? __lock_acquire+0xab9/0xd20
[  606.723737][T23645]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  606.723841][T23645]  kill_f2fs_super+0x2cc/0x6d0
[  606.723878][T23645]  ? __pfx_kill_f2fs_super+0x10/0x10
[  606.723930][T23645]  ? shrinker_free+0x2ce/0x3e0
[  606.723966][T23645]  deactivate_locked_super+0xbc/0x130
[  606.724003][T23645]  cleanup_mnt+0x425/0x4c0
[  606.724035][T23645]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.724066][T23645]  task_work_run+0x1d4/0x260
[  606.724097][T23645]  ? __pfx_task_work_run+0x10/0x10
[  606.724121][T23645]  ? __x64_sys_umount+0x122/0x160
[  606.724151][T23645]  ? exit_to_user_mode_loop+0x40/0x130
[  606.724186][T23645]  exit_to_user_mode_loop+0xe9/0x130
[  606.724216][T23645]  do_syscall_64+0x2bd/0xfa0
[  606.724241][T23645]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.724266][T23645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.724288][T23645]  ? clear_bhb_loop+0x60/0xb0
[  606.724316][T23645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.724337][T23645] RIP: 0033:0x7f6d2a9901f7
[  606.724357][T23645] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  606.724375][T23645] RSP: 002b:00007ffc63b9d348 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  606.724397][T23645] RAX: 0000000000000000 RBX: 00007f6d2aa11d7d RCX: 00007f6d2a9901f7
[  606.724412][T23645] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc63b9d400
[  606.724437][T23645] RBP: 00007ffc63b9d400 R08: 0000000000000000 R09: 0000000000000000
[  606.724451][T23645] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc63b9e490
[  606.724465][T23645] R13: 00007f6d2aa11d7d R14: 00000000000941b8 R15: 00007ffc63b9e4d0
[  606.724506][T23645]  </TASK>
[  606.724515][T23645] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  607.730835][T24525] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  607.730864][T24525]   allowing incompatible features above 0.0: (unknown version)
[  607.730893][T24525]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  607.777131][T24525] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  607.785339][T24525] bcachefs (loop7): initializing new filesystem
[  607.801148][T24525] bcachefs (loop7): going read-write
[  607.859599][T24525] bcachefs (loop7): marking superblocks
[  607.932431][T24525] bcachefs (loop7): initializing freespace
[  607.964679][T24525] bcachefs (loop7): done initializing freespace
[  608.032444][T24525] bcachefs (loop7): reading snapshots table
[  608.048199][T24552] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7440'.
[  608.056810][T24525] bcachefs (loop7): reading snapshots done
[  608.140122][T24525] bcachefs (loop7): done starting filesystem
[  608.467503][ T5949] usb 7-1: new full-speed USB device number 28 using dummy_hcd
[  608.486226][T23641] bcachefs (loop7): shutting down
[  608.495011][T23641] bcachefs (loop7): going read-only
[  608.506059][T23641] bcachefs (loop7): finished waiting for writes to stop
[  608.526055][T23641] bcachefs (loop7): flushing journal and stopping allocators, journal seq 3
[  608.590825][T23641] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 3
[  608.613821][T23641] bcachefs (loop7): clean shutdown complete, journal seq 4
[  608.630741][T23641] bcachefs (loop7): marking filesystem clean
[  608.648503][ T5949] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[  608.657429][ T5949] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  608.666387][ T5949] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[  608.675677][ T5949] usb 7-1: config 1 has no interface number 0
[  608.686431][ T5949] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  608.706425][ T5949] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  608.736413][ T5949] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  608.745503][ T5949] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.771835][T23641] bcachefs (loop7): shutdown complete
[  608.789908][ T5949] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[  609.215832][T24581] loop4: detected capacity change from 0 to 1024
[  609.258790][T24581] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  609.306411][ T6000] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  609.371144][ T5949] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[  609.419389][T16160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  609.456420][ T6000] usb 6-1: Using ep0 maxpacket: 32
[  609.477696][ T6000] usb 6-1: config 0 has an invalid interface number: 247 but max is 0
[  609.485912][ T6000] usb 6-1: config 0 has no interface number 0
[  609.496510][ T6000] usb 6-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  609.505565][ T6000] usb 6-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  609.526840][ T6000] usb 6-1: Product: syz
[  609.531031][ T6000] usb 6-1: Manufacturer: syz
[  609.548453][ T6000] usb 6-1: config 0 descriptor??
[  609.587832][T24588] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  609.601419][ T6000] usb 7-1: USB disconnect, device number 28
[  609.608880][ T6000] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[  609.773583][ T5984] usb 6-1: USB disconnect, device number 17
[  609.864507][T24596] loop4: detected capacity change from 0 to 128
[  609.883134][T24596] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  609.895228][T24596] hpfs: filesystem error: improperly stopped
[  609.901517][T24596] hpfs: You really don't want any checks? You are crazy...
[  609.911558][T24596] hpfs: hpfs_map_sector(): read error
[  609.917893][T24596] hpfs: code page support is disabled
[  609.923900][T24596] hpfs: hpfs_map_4sectors(): unaligned read
[  609.931089][T24596] hpfs: hpfs_map_4sectors(): unaligned read
[  609.937049][T24596] hpfs: filesystem error: unable to find root dir
[  609.949960][T24596] hpfs: hpfs_map_4sectors(): unaligned read
[  609.960972][T24596] hpfs: hpfs_map_sector(): read error
[  610.526760][ T6000] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  610.534475][T24598] loop4: detected capacity change from 0 to 32768
[  610.706590][ T6000] usb 7-1: Using ep0 maxpacket: 8
[  610.724164][ T6000] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  610.757197][ T6000] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  610.776389][ T6000] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  610.816424][ T6000] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  610.869516][ T6000] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  610.896505][ T6000] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.069734][T24609] loop7: detected capacity change from 0 to 4096
[  611.146863][ T6000] usb 7-1: usb_control_msg returned -32
[  611.152511][ T6000] usbtmc 7-1:16.0: can't read capabilities
[  611.180205][ T6000] usb 7-1: USB disconnect, device number 29
[  611.230108][T24611] loop5: detected capacity change from 0 to 256
[  611.661479][T24623] loop4: detected capacity change from 0 to 512
[  612.988121][T24663] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7490'.
[  613.026698][T24663] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  613.247213][T19339] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  613.262234][T19339] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  613.271602][T19339] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  613.279794][T19339] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  613.289562][T19339] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  613.445027][T24679] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7497'.
[  613.888874][T24700] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  613.952251][T24672] chnl_net:caif_netlink_parms(): no params data found
[  614.223734][T24672] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.233393][T24672] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.240980][T24672] bridge_slave_0: entered allmulticast mode
[  614.249269][ T5949] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  614.250151][T24672] bridge_slave_0: entered promiscuous mode
[  614.265595][T24672] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.273260][T24672] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.280559][T24672] bridge_slave_1: entered allmulticast mode
[  614.288738][T24672] bridge_slave_1: entered promiscuous mode
[  614.381610][T24717] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.396794][T24672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  614.416669][ T5949] usb 6-1: Using ep0 maxpacket: 8
[  614.428112][ T5949] usb 6-1: config 0 has an invalid interface number: 94 but max is 0
[  614.429801][T24672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  614.445566][ T5949] usb 6-1: config 0 has no interface number 0
[  614.445615][ T5949] usb 6-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= e.fd
[  614.445639][ T5949] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.467683][ T5949] usb 6-1: config 0 descriptor??
[  614.480328][ T5949] bfusb 6-1:0.94: probe with driver bfusb failed with error -5
[  614.564687][T24672] team0: Port device team_slave_0 added
[  614.573901][T24672] team0: Port device team_slave_1 added
[  614.609116][T24727] sg_read: process 1460 (syz.4.7515) changed security contexts after opening file descriptor, this is not allowed.
[  614.628554][T24672] batman_adv: batadv0: Adding interface: batadv_slave_0
[  614.635663][T24672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  614.663305][T24672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  614.679705][T24672] batman_adv: batadv0: Adding interface: batadv_slave_1
[  614.686898][T24672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  614.714118][T24672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  614.728648][ T5949] usb 6-1: USB disconnect, device number 18
[  614.790460][T24672] hsr_slave_0: entered promiscuous mode
[  614.797283][T24672] hsr_slave_1: entered promiscuous mode
[  614.872190][T24733] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  614.879514][T24733] IPv6: NLM_F_CREATE should be set when creating new route
[  614.886799][T24733] IPv6: NLM_F_CREATE should be set when creating new route
[  614.894032][T24733] IPv6: NLM_F_CREATE should be set when creating new route
[  614.904158][T24733] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  615.403482][ T5864] Bluetooth: hci5: command tx timeout
[  615.482032][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880562e7400: rx timeout, send abort
[  615.492556][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880562e7400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  615.703168][T24672] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  615.716174][T24750] loop7: detected capacity change from 0 to 512
[  615.739752][T24672] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  615.757256][T24750] ext4: Unknown parameter 'smackfsdef'
[  615.799746][T24672] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  615.833602][T24672] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  616.124967][T24672] 8021q: adding VLAN 0 to HW filter on device bond0
[  616.176068][T24672] 8021q: adding VLAN 0 to HW filter on device team0
[  616.212639][T19920] bridge0: port 1(bridge_slave_0) entered blocking state
[  616.219905][T19920] bridge0: port 1(bridge_slave_0) entered forwarding state
[  616.271677][T19920] bridge0: port 2(bridge_slave_1) entered blocking state
[  616.278961][T19920] bridge0: port 2(bridge_slave_1) entered forwarding state
[  616.289782][ T5864] Bluetooth: hci4: command 0x0406 tx timeout
[  616.495907][T24750] loop7: detected capacity change from 0 to 32768
[  616.514932][T24750] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.7526 (24750)
[  616.548367][T24750] BTRFS info (device loop7): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  616.567507][T24750] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  616.726875][T24750] BTRFS info (device loop7): enabling ssd optimizations
[  616.740844][T24672] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.748048][T24750] BTRFS info (device loop7): enabling free space tree
[  616.827512][T24672] veth0_vlan: entered promiscuous mode
[  616.848309][T24672] veth1_vlan: entered promiscuous mode
[  616.923214][T24672] veth0_macvtap: entered promiscuous mode
[  616.943789][T24672] veth1_macvtap: entered promiscuous mode
[  616.969059][T24672] batman_adv: batadv0: Interface activated: batadv_slave_0
[  616.988370][T24672] batman_adv: batadv0: Interface activated: batadv_slave_1
[  617.019666][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  617.028757][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  617.044518][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  617.046480][   T30] audit: type=1326 audit(2000000185.055:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24800 comm="syz.4.7539" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f39bfd8eec9 code=0x0
[  617.060757][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  617.134753][T24752] loop5: detected capacity change from 0 to 65536
[  617.155407][T24752] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  617.179804][T24752] XFS (loop5): Ending clean mount
[  617.191052][T24752] XFS (loop5): Quotacheck needed: Please wait.
[  617.264874][T24752] XFS (loop5): Quotacheck: Done.
[  617.417690][T23629] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  617.452460][T23641] BTRFS info (device loop7): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  617.475963][T19874] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  617.487719][T19339] Bluetooth: hci5: command tx timeout
[  617.498533][T19874] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.576288][T19890] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  617.592076][T19890] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.713399][T24817] loop1: detected capacity change from 0 to 128
[  617.981248][T24824] loop4: detected capacity change from 0 to 128
[  617.986185][T24825] loop7: detected capacity change from 0 to 512
[  618.011998][T24825] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  618.069398][T24824] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  618.085347][T24825] EXT4-fs (loop7): 1 truncate cleaned up
[  618.091950][T24824] hpfs: filesystem error: improperly stopped
[  618.102173][T24824] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  618.118814][T24829] loop1: detected capacity change from 0 to 2048
[  618.128169][T24825] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  618.142829][T24824] hpfs: You really don't want any checks? You are crazy...
[  618.170104][T24824] hpfs: hpfs_map_sector(): read error
[  618.175601][T24824] hpfs: code page support is disabled
[  618.182958][T24829] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  618.216019][T24824] hpfs: hpfs_map_4sectors(): unaligned read
[  618.234661][T24824] hpfs: hpfs_map_4sectors(): unaligned read
[  618.255140][T24824] hpfs: filesystem error: unable to find root dir
[  618.273265][   T30] audit: type=1800 audit(2000000186.285:226): pid=24829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.7545" name="file1" dev="loop1" ino=1415 res=0 errno=0
[  618.291212][T24824] hpfs: hpfs_map_4sectors(): unaligned read
[  618.508727][T24845] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7552'.
[  618.572307][T23641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  618.805183][T24850] netlink: 'syz.6.7555': attribute type 1 has an invalid length.
[  618.842992][T24850] netlink: 'syz.6.7555': attribute type 4 has an invalid length.
[  618.863407][T24850] netlink: 188 bytes leftover after parsing attributes in process `syz.6.7555'.
[  618.889208][T24850] NCSI netlink: No device for ifindex 458760
[  619.355397][T24890] loop1: detected capacity change from 0 to 2048
[  619.424165][T24890] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  619.495175][T24864] loop5: detected capacity change from 0 to 32768
[  619.501300][T24890] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[  619.519410][T24890] EXT4-fs (loop1): changing journal_checksum during remount not supported; ignoring
[  619.531628][T24864] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  619.547743][T24890] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  619.556744][T19339] Bluetooth: hci5: command tx timeout
[  619.592830][T24864] XFS (loop5): Ending clean mount
[  619.650792][T23629] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  619.679960][T24672] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  619.851190][T24914] netlink: 'syz.1.7578': attribute type 1 has an invalid length.
[  619.871485][T24885] loop7: detected capacity change from 0 to 32768
[  619.980059][T24885] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  620.017612][T24923] netlink: 48 bytes leftover after parsing attributes in process `syz.5.7579'.
[  620.082745][T23641] ocfs2: Unmounting device (7,7) on (node local)
[  620.236996][ T5984] IPVS: starting estimator thread 0...
[  620.336678][T24932] IPVS: using max 29 ests per chain, 69600 per kthread
[  620.359081][ T5949] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  620.516834][ T5949] usb 7-1: Using ep0 maxpacket: 8
[  620.531842][ T5949] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  620.541916][ T5949] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  620.562065][ T5949] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  620.578027][ T5949] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  620.589221][ T5949] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  620.620306][ T5949] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  620.629844][ T5949] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.733115][T24959] loop4: detected capacity change from 0 to 4096
[  620.750968][T24959] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  620.808606][T24959] ntfs3(loop4): Failed to load $Extend (-22).
[  620.814756][T24959] ntfs3(loop4): Failed to initialize $Extend.
[  620.857708][ T5949] usb 7-1: GET_CAPABILITIES returned 0
[  620.866630][ T5949] usbtmc 7-1:16.0: can't read capabilities
[  621.072951][ T5984] usb 7-1: USB disconnect, device number 30
[  621.142499][T24964] loop1: detected capacity change from 0 to 32768
[  621.167112][T24964] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  621.263648][T24672] ocfs2: Unmounting device (7,1) on (node local)
[  621.637588][T19339] Bluetooth: hci5: command tx timeout
[  621.655948][T25000] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7616'.
[  621.680017][T25000] ipvlan0: entered promiscuous mode
[  621.687747][T25000] ipvlan0: left promiscuous mode
[  621.826440][ T5867] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  621.973264][T25013] loop7: detected capacity change from 0 to 256
[  622.002073][ T5867] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  622.012990][T25013] FAT-fs (loop7): Directory bread(block 64) failed
[  622.019741][ T5867] usb 2-1: config 0 has no interface number 0
[  622.025965][T25013] FAT-fs (loop7): Directory bread(block 65) failed
[  622.034302][T25013] FAT-fs (loop7): Directory bread(block 66) failed
[  622.042476][T25013] FAT-fs (loop7): Directory bread(block 67) failed
[  622.049510][T25013] FAT-fs (loop7): Directory bread(block 68) failed
[  622.057234][ T5867] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  622.066288][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.066487][T25013] FAT-fs (loop7): Directory bread(block 69) failed
[  622.081474][ T5867] usb 2-1: Product: syz
[  622.091744][ T5867] usb 2-1: Manufacturer: syz
[  622.101694][ T5867] usb 2-1: SerialNumber: syz
[  622.108311][T25013] FAT-fs (loop7): Directory bread(block 70) failed
[  622.127659][ T5867] usb 2-1: config 0 descriptor??
[  622.133297][T25013] FAT-fs (loop7): Directory bread(block 71) failed
[  622.146648][T25013] FAT-fs (loop7): Directory bread(block 72) failed
[  622.166409][T25013] FAT-fs (loop7): Directory bread(block 73) failed
[  622.370064][ T5867] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  622.383759][T25029] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7630'.
[  622.389244][ T5867] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  622.425137][ T5867] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  622.443557][ T5867] usb 2-1: media controller created
[  622.489448][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  622.577824][ T5867] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  622.656698][ T5867] usb 2-1: USB disconnect, device number 4
[  622.738859][T25029] team0 (unregistering): Port device team_slave_0 removed
[  622.745138][T25036] netlink: 28 bytes leftover after parsing attributes in process `syz.7.7633'.
[  622.761030][T25029] team0 (unregistering): Port device team_slave_1 removed
[  623.204700][T25059] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7644'.
[  623.798540][ T5864] Bluetooth: hci1: command 0x1003 tx timeout
[  623.807627][T19339] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  623.856951][T25096] netlink: 'syz.4.7660': attribute type 2 has an invalid length.
[  623.917981][T25096] netlink: 116 bytes leftover after parsing attributes in process `syz.4.7660'.
[  623.951686][T25096] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  623.980260][   T30] audit: type=1326 audit(2000000191.995:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3178eec9 code=0x7ffc0000
[  624.030916][   T30] audit: type=1326 audit(2000000191.995:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3178eec9 code=0x7ffc0000
[  624.053861][   T30] audit: type=1326 audit(2000000192.035:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f1b3178eec9 code=0x7ffc0000
[  624.091028][T25100] loop1: detected capacity change from 0 to 2048
[  624.109743][   T30] audit: type=1326 audit(2000000192.035:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1b3178ef03 code=0x7ffc0000
[  624.161504][   T30] audit: type=1326 audit(2000000192.045:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1b3178d97f code=0x7ffc0000
[  624.163623][T25100] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  624.183822][    C0] vkms_vblank_simulate: vblank timer overrun
[  624.199276][   T30] audit: type=1326 audit(2000000192.105:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f1b3178ef57 code=0x7ffc0000
[  624.205339][T19339] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  624.227100][   T30] audit: type=1326 audit(2000000192.105:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1b3178d710 code=0x7ffc0000
[  624.238191][T19339] Bluetooth: hci0: Injecting HCI hardware error event
[  624.269145][T19339] Bluetooth: hci0: hardware error 0x00
[  624.306635][T25086] loop7: detected capacity change from 0 to 32768
[  624.323645][   T30] audit: type=1326 audit(2000000192.105:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b3178eacb code=0x7ffc0000
[  624.377928][   T30] audit: type=1326 audit(2000000192.125:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f1b3178db2a code=0x7ffc0000
[  624.402009][   T30] audit: type=1326 audit(2000000192.125:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25099 comm="syz.1.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f1b3178db2a code=0x7ffc0000
[  624.420054][T25086] non-latin1 character 0x365 found in JFS file name
[  624.448738][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  624.485691][T24672] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  624.514600][T25086] mount with iocharset=utf8 to access
[  625.213654][T25118] loop1: detected capacity change from 0 to 32768
[  625.438722][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.446685][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.454583][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.462503][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.470417][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.478406][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.486359][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.494686][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.502581][T25144] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  625.590824][  T114] ==================================================================
[  625.598943][  T114] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x74b/0xa90
[  625.606579][  T114] Read of size 4 at addr ffff88807df38a94 by task jfsCommit/114
[  625.614199][  T114] 
[  625.616530][  T114] CPU: 0 UID: 0 PID: 114 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  625.616554][  T114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  625.616566][  T114] Call Trace:
[  625.616574][  T114]  <TASK>
[  625.616583][  T114]  dump_stack_lvl+0x189/0x250
[  625.616606][  T114]  ? __kasan_check_byte+0x12/0x40
[  625.616632][  T114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  625.616653][  T114]  ? lock_release+0x4b/0x3e0
[  625.616682][  T114]  ? __virt_addr_valid+0x4a5/0x5c0
[  625.616705][  T114]  print_report+0xca/0x240
[  625.616750][  T114]  ? jfs_lazycommit+0x74b/0xa90
[  625.616774][  T114]  kasan_report+0x118/0x150
[  625.616797][  T114]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  625.616820][  T114]  ? jfs_lazycommit+0x74b/0xa90
[  625.616850][  T114]  jfs_lazycommit+0x74b/0xa90
[  625.616879][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  625.616959][  T114]  ? __pfx_default_wake_function+0x10/0x10
[  625.616991][  T114]  ? __kthread_parkme+0x7b/0x200
[  625.617010][  T114]  ? __kthread_parkme+0x1a1/0x200
[  625.617032][  T114]  kthread+0x711/0x8a0
[  625.617056][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  625.617080][  T114]  ? __pfx_kthread+0x10/0x10
[  625.617101][  T114]  ? _raw_spin_unlock_irq+0x23/0x50
[  625.617122][  T114]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.617144][  T114]  ? __pfx_kthread+0x10/0x10
[  625.617166][  T114]  ret_from_fork+0x4bc/0x870
[  625.617196][  T114]  ? __pfx_ret_from_fork+0x10/0x10
[  625.617227][  T114]  ? __switch_to_asm+0x39/0x70
[  625.617251][  T114]  ? __switch_to_asm+0x33/0x70
[  625.617274][  T114]  ? __pfx_kthread+0x10/0x10
[  625.617296][  T114]  ret_from_fork_asm+0x1a/0x30
[  625.617331][  T114]  </TASK>
[  625.617339][  T114] 
[  625.779089][  T114] Allocated by task 25118:
[  625.783501][  T114]  kasan_save_track+0x3e/0x80
[  625.788185][  T114]  __kasan_kmalloc+0x93/0xb0
[  625.792774][  T114]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  625.798147][  T114]  jfs_fill_super+0xc2/0xd80
[  625.802738][  T114]  get_tree_bdev_flags+0x40e/0x4d0
[  625.807843][  T114]  vfs_get_tree+0x92/0x2b0
[  625.812254][  T114]  do_new_mount+0x302/0x9e0
[  625.816752][  T114]  __se_sys_mount+0x313/0x410
[  625.821422][  T114]  do_syscall_64+0xfa/0xfa0
[  625.825916][  T114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.831799][  T114] 
[  625.834115][  T114] Freed by task 24672:
[  625.838181][  T114]  kasan_save_track+0x3e/0x80
[  625.842852][  T114]  __kasan_save_free_info+0x46/0x50
[  625.848075][  T114]  __kasan_slab_free+0x5c/0x80
[  625.852834][  T114]  kfree+0x19a/0x6d0
[  625.856727][  T114]  generic_shutdown_super+0x135/0x2c0
[  625.862095][  T114]  kill_block_super+0x44/0x90
[  625.866767][  T114]  deactivate_locked_super+0xbc/0x130
[  625.872146][  T114]  cleanup_mnt+0x425/0x4c0
[  625.876570][  T114]  task_work_run+0x1d4/0x260
[  625.881157][  T114]  exit_to_user_mode_loop+0xe9/0x130
[  625.886437][  T114]  do_syscall_64+0x2bd/0xfa0
[  625.891032][  T114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.896919][  T114] 
[  625.899258][  T114] The buggy address belongs to the object at ffff88807df38a00
[  625.899258][  T114]  which belongs to the cache kmalloc-256 of size 256
[  625.913301][  T114] The buggy address is located 148 bytes inside of
[  625.913301][  T114]  freed 256-byte region [ffff88807df38a00, ffff88807df38b00)
[  625.927090][  T114] 
[  625.929413][  T114] The buggy address belongs to the physical page:
[  625.935836][  T114] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7df38
[  625.944598][  T114] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  625.953090][  T114] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  625.960971][  T114] page_type: f5(slab)
[  625.964943][  T114] raw: 00fff00000000040 ffff88813fe26b40 ffffea0001679800 dead000000000003
[  625.973520][  T114] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  625.982129][  T114] head: 00fff00000000040 ffff88813fe26b40 ffffea0001679800 dead000000000003
[  625.990784][  T114] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  625.999446][  T114] head: 00fff00000000001 ffffea0001f7ce01 00000000ffffffff 00000000ffffffff
[  626.008128][  T114] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  626.016783][  T114] page dumped because: kasan: bad access detected
[  626.023214][  T114] page_owner tracks the page as allocated
[  626.028943][  T114] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5861, tgid 5861 (syz-executor), ts 94571036489, free_ts 94485516041
[  626.050288][  T114]  post_alloc_hook+0x240/0x2a0
[  626.055050][  T114]  get_page_from_freelist+0x2365/0x2440
[  626.060598][  T114]  __alloc_frozen_pages_noprof+0x181/0x370
[  626.066400][  T114]  alloc_pages_mpol+0x232/0x4a0
[  626.071244][  T114]  allocate_slab+0x96/0x3a0
[  626.075758][  T114]  ___slab_alloc+0xe94/0x1920
[  626.080425][  T114]  __slab_alloc+0x65/0x100
[  626.084837][  T114]  __kmalloc_cache_noprof+0x411/0x6f0
[  626.090206][  T114]  ____ip_mc_inc_group+0x528/0xde0
[  626.095308][  T114]  ip_mc_up+0x125/0x300
[  626.099456][  T114]  inetdev_event+0xfb3/0x15b0
[  626.104131][  T114]  notifier_call_chain+0x1b6/0x3e0
[  626.109237][  T114]  __dev_notify_flags+0x18d/0x2e0
[  626.114273][  T114]  netif_change_flags+0xe8/0x1a0
[  626.119224][  T114]  do_setlink+0xc55/0x41c0
[  626.123639][  T114]  rtnl_newlink+0x1619/0x1c80
[  626.128319][  T114] page last free pid 5921 tgid 5921 stack trace:
[  626.134643][  T114]  __free_frozen_pages+0xbc4/0xd30
[  626.139759][  T114]  __slab_free+0x2e7/0x390
[  626.144175][  T114]  qlist_free_all+0x97/0x140
[  626.148760][  T114]  kasan_quarantine_reduce+0x148/0x160
[  626.154213][  T114]  __kasan_slab_alloc+0x22/0x80
[  626.159059][  T114]  __kmalloc_cache_noprof+0x36f/0x6f0
[  626.164433][  T114]  kernfs_fop_open+0x397/0xca0
[  626.169191][  T114]  do_dentry_open+0x953/0x13f0
[  626.173952][  T114]  vfs_open+0x3b/0x340
[  626.178021][  T114]  path_openat+0x2ee5/0x3830
[  626.182601][  T114]  do_filp_open+0x1fa/0x410
[  626.187092][  T114]  do_sys_openat2+0x121/0x1c0
[  626.191766][  T114]  __x64_sys_openat+0x138/0x170
[  626.196613][  T114]  do_syscall_64+0xfa/0xfa0
[  626.201111][  T114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.206994][  T114] 
[  626.209304][  T114] Memory state around the buggy address:
[  626.214921][  T114]  ffff88807df38980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  626.222973][  T114]  ffff88807df38a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  626.231029][  T114] >ffff88807df38a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  626.239082][  T114]                          ^
[  626.243672][  T114]  ffff88807df38b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  626.251729][  T114]  ffff88807df38b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  626.259778][  T114] ==================================================================
[  626.267865][  T114] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  626.275054][  T114] CPU: 0 UID: 0 PID: 114 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  626.284156][  T114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  626.294214][  T114] Call Trace:
[  626.297496][  T114]  <TASK>
[  626.300426][  T114]  dump_stack_lvl+0x99/0x250
[  626.305033][  T114]  ? __asan_memcpy+0x40/0x70
[  626.309615][  T114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.314815][  T114]  ? __pfx__printk+0x10/0x10
[  626.319414][  T114]  vpanic+0x237/0x6d0
[  626.323392][  T114]  ? __pfx_vpanic+0x10/0x10
[  626.327896][  T114]  panic+0xb9/0xc0
[  626.331616][  T114]  ? __pfx_panic+0x10/0x10
[  626.336034][  T114]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  626.341928][  T114]  ? jfs_lazycommit+0x74b/0xa90
[  626.346780][  T114]  check_panic_on_warn+0x89/0xb0
[  626.351723][  T114]  ? jfs_lazycommit+0x74b/0xa90
[  626.356572][  T114]  end_report+0x78/0x160
[  626.360815][  T114]  kasan_report+0x129/0x150
[  626.365322][  T114]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  626.370688][  T114]  ? jfs_lazycommit+0x74b/0xa90
[  626.375542][  T114]  jfs_lazycommit+0x74b/0xa90
[  626.380226][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  626.385448][  T114]  ? __pfx_default_wake_function+0x10/0x10
[  626.391267][  T114]  ? __kthread_parkme+0x7b/0x200
[  626.396213][  T114]  ? __kthread_parkme+0x1a1/0x200
[  626.401259][  T114]  kthread+0x711/0x8a0
[  626.405343][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  626.410562][  T114]  ? __pfx_kthread+0x10/0x10
[  626.415172][  T114]  ? _raw_spin_unlock_irq+0x23/0x50
[  626.420362][  T114]  ? lockdep_hardirqs_on+0x9c/0x150
[  626.425554][  T114]  ? __pfx_kthread+0x10/0x10
[  626.430152][  T114]  ret_from_fork+0x4bc/0x870
[  626.434750][  T114]  ? __pfx_ret_from_fork+0x10/0x10
[  626.439864][  T114]  ? __switch_to_asm+0x39/0x70
[  626.444626][  T114]  ? __switch_to_asm+0x33/0x70
[  626.449405][  T114]  ? __pfx_kthread+0x10/0x10
[  626.453993][  T114]  ret_from_fork_asm+0x1a/0x30
[  626.458769][  T114]  </TASK>
[  626.462139][  T114] Kernel Offset: disabled
[  626.466462][  T114] Rebooting in 86400 seconds..