last executing test programs:

3.420197652s ago: executing program 0 (id=1573):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000500)=0x6, 0x4)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r2=>0x0})
r3 = socket(0x1e, 0x1, 0x0)
connect$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r3, &(0x7f0000000080)=ANY=[], 0x2000011a)
recvmsg(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001740)=""/4096, 0x1000}], 0x1}, 0x40000100)
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0000000000250000000003000000eba6ce84807c5da511de207fec9608f026e728326236f2da7b2721b6f45e7dcbe655dc322fd4cb79bdc3"], 0x14}, 0x1, 0x0, 0x0, 0x2000c001}, 0x0)
sendto$packet(r0, &(0x7f0000000000)="003400000081003400000081f360705eb6710f1d4d38a830440488fb", 0x1c, 0x0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r7=>0x0})
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYRES32=r9, @ANYBLOB="00000000000000001c0016801800018014000b000000e7ffffffffffffff00000000000008000d"], 0x44}}, 0x0)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff0802110000010569ea7fa08e8df3d0edd086922799de"], 0x398}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000300)={'gretap0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x7800, 0x40, 0x2, 0x2, {{0x18, 0x4, 0x2, 0x19, 0x60, 0x68, 0x0, 0x0, 0x29, 0x0, @multicast1, @broadcast, {[@ssrr={0x89, 0x2b, 0xc9, [@multicast2, @loopback, @dev={0xac, 0x14, 0x14, 0x11}, @broadcast, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @loopback, @loopback, @local]}, @ssrr={0x89, 0xf, 0xb2, [@empty, @private=0xa010101, @multicast2]}, @cipso={0x86, 0x6, 0x1}, @noop, @timestamp={0x44, 0x8, 0x10, 0x0, 0x9, [0xfffffffc]}]}}}}})
r10 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000600))
socket$netlink(0x10, 0x3, 0x4)

3.287074329s ago: executing program 0 (id=1574):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100766574680000000004000200080001"], 0x40}}, 0x0)

3.174640628s ago: executing program 0 (id=1576):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6)
r4 = syz_io_uring_setup(0x5aed, &(0x7f0000000080)={0x0, 0x0, 0x85c88f3ff8f4c034, 0x100, 0x80000000}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r7, 0x0)
r8 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, &(0x7f00000001c0)="8b", 0x1, 0xfffffffffffffffd)
r9 = add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r10 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x3}, 0x0, 0x0, r9)
r11 = add_key$user(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000680)="495f3b3dee0000962612c44906d9b7e5cb0f19d0be77d28289ead3a9133ed2e5670275a86f05f9348754177cf35357c2cf03efa1b47db4fbe73e4b5c973652d9e0ed1a84fe25f80f29b02c7a71b309f8eef2de66b2b74e1cfdcc751b21a40b5f64aa20533898fd76a736f169f4cc4c9d477eec008adce4dd4a2487b287377e0d987501c837bec60849e8bc843b7655057c1ecad719dff5aff033358306b4904a6f3dfe324f3d9b792e380e5c0657e663bf452d62314003d320d45f5b32ffb368", 0xc0, r10)
keyctl$dh_compute(0x17, &(0x7f00000000c0)={r8, r11, r8}, &(0x7f0000000300)=""/171, 0xab, &(0x7f0000000400)={&(0x7f0000000180)={'sha384-generic\x00'}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket(0x1d, 0x3, 0x1)
preadv(0xffffffffffffffff, &(0x7f00000038c0)=[{&(0x7f0000001540)=""/207, 0xcf}], 0x1, 0x1f, 0x0)
io_uring_enter(r4, 0xa3d, 0x0, 0x0, 0x0, 0x0)
read$dsp(r3, &(0x7f0000000440)=""/171, 0xab)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2b, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f", {0x0, 0x3f}}, 0x0, 0x0, @random, @val={0x1, 0x7, [{0x36, 0x1}, {0x18, 0x1}, {0xc}, {}, {0x9}, {0xb, 0x1}, {0x16, 0x1}]}, @void}}]}, 0x48}}, 0x0)

2.913882474s ago: executing program 3 (id=1580):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="140000002e000b0fd25a806c8c6f94f90324fc60", 0x14}], 0x1}, 0x0)

2.86435098s ago: executing program 0 (id=1581):
write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB='background_compression=none,background_compression=zstd,str_hash=crc64,str_hash=crc32c,data_checksum=crc64,data_checksu\x00=crc32c,str_hash=siphash,background_compression=none,\x00'], 0x1, 0x5b1c, &(0x7f000000b6c0)="$eJzs3Q2MHNWdIPCq7hnPjMc2YxLAMR8ewPgMF2CMyQEWUQZOAXKJCYHEJIFgO3hshvgDPHYMTogNUkhEOM7SnRIuUhBCicQJIXKLNpuPjUy0hGjDRrGUZU12N0sEiTbsijgikHgxilczXdXTXVOvq6e7xzHw+8memqp+/X/v/+pNTdXrmu4IAACAt4SnPj/2hysXvvfHd428uuuK7266M+ovT2zvTQsMJMvb/lwt5Ejq6VowscyOiz3Ds556z70fePZrn/jG8y/MX7rs6zdfdujWOSvvuWf4Zxcc+smf7iiKm46nMyfX45fiKDr5p0u/fPcPnz5hfFscRVE5HtgdRfPj0g/mx5kQQ69FUbSu2s76Bx9/dfn68eXuL/XUbT8mE8R4f2vrTcbZF76/5aTfnHPZs3t/fumrQ72vbd09WSTurRlPUTRvTe3zu6Mo6kv+j0tH24L0ycnyqiiKZtc878KCdp3WZPvPDqwvTJazkmV/QZz08VMz691NtqMrs+xt8nmtKs1w/FS6/+bMcP3Zg1u2nvnJ8lvJ8sxpxi+n/+OoFEdd1eo2xpNjJKrZb3EUT+z7yfVS3ViIM2MjjqI4s17KrJe7M3lN1JsMtHIc129Py2W2Dybbu5LtpxaMtWsC29+R5pv8oB7M5J8N2j/lm2peE9J2/bJBW46EUs0xKG972t7eZGf0J9v642OnPOdwjvSxVS/c99jzOx9YPBBoR/zNOIkftxT/mU0X7V+y8xcHFoTirykl8UstxR875+VHX7z6RycE4+9J45dbiv/c+Uu+8r1dOw4G++d3af90tRS/vOKsQ8vuGloVbP+DafzeluI/dOkjX533ricfDbZ/KO2fvtb6Z3T769c9fNyBYPwojT+7pfiXvHL8GSu2PLIhGP+JtH/6W4r/9NjoyrtvWrRjMBR/Xxp/bkvxT/vV9dft3T/yXLD9w2n/DLQU/92LL7lq5YHN94aOnfHuI/UbFuDN6W3JOdYXk/VWrzPbVXO9cP9AXDnnm5P8n1vuZE31xuuZN3PhAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiLemhg3cifvnPK613Jek/yzSnlyjLdPiuK4r4oisa2rd26bXTzhsGbt2zfunntxsG12wZHNm/bevvg+e8c3Dpyy8a1t48/OnT28srzjo3iyjI+eUrdhw8fPlwaqN+W1vepC/7344On7P/HKBo67mendAXb/8E7Fv73+TlfM+Lhwxv/1xk3vDjnb7dXNgwk7RoItCsKtOvih19a8Zvv9v3PKBo6vlG7/nXp5T+sa9DEhsk4iVJPVJr4pieenduOaquT9qT91bV+dOPIUHH/lgN5/PrgX3xkx9iNuyv92xvMo8n+7Rs+/MfN337ixot3XlXZcLTu96L+TrNI25f2X2/S3/OSvOYF8uoK5HX3Gaf+yz/8300v7Y6Gun6/aGrdRXl1JwOgO35HU/WmNcyO6/ukNymf7vH0eedu23TLuWO37zx7dNPaDSMbRjYvX778wvOXn3fBef/t3InUK187ln9a/39pMv8jM562XDA8mn5tbjwVtauoP8bbVdwftS0K/fy9/cOX/9Odf7nn6sqGonGelq4eT5Ll7PHdvCyqGW9T+yovr6J+6A70w4Zr+v/fK4Nb/qPoOFS7Z2q/ZsTDh38/+nfvmbP39BsqG47Icb62QS0e56utTtrTXXvcWXb09m9PVE7y6s9t1+l3vfzRv/9OPFht36xZ0W1rt23buqzy9Qjl9fZrPtvZvC5c8u+37lxz5/wpeZ1X+Tonaemc+MTcdmW3pnktmvhajpJuSRdRbyk/v+6o0r7s74X0edle7U8e64+Pzc0rK31s1Qv3Pfb8zgcWh3o6/malxr5obmUZnxQouTHzxHK1wXn1F42PKIrW1G5L+/GJb/+fwb0/nr+pcHxURsaUr9n0hg9/7qI5vx67dt/KyoYjc1ypaVCLx5VqqyfbM9FfE8eV846ePP58+7nuBysePrz3pHduWP7X25If+6L+rZbO69/lUVR0HFiUWZ+p40C2nsny+fEGM+v9Ubml48Zz5y/5yvd27TgYPG78rtnjxmfr1sptHjfiwHja/7n//8fP7H/mfZ07brxvSfnj/7xoedKhR8vPW28yrnsD47ra6qQ9ce24PufGLRvXVbYfvee/ybLg+if9/T12+85Prd24cWTrWHN5NXtektaT7eVWz0vSn75jC/JK99dkXjP3TTP91ezPW9r+ddn+avHnDfL0R3FLv8+e2XTR/iU7f3FgIBA3XlNK4pdaij92zsuPvnj1j04Ixt+Txu9qKX55xVmHlt01tCoY/8E4id/bUvyHLn3kq/Pe9eSjwfhDafv7WjufGN3++nUPHxfu/yiN399S/KfHRlfefdOiHcH4++KknvFzuyh6/NXl6yvrcdSdHIfTdnTXtSvKrseZ9VJmvVy7XqrMwVcrKMdx/fa0XLL91Jq25Lk2iqJ9PVO3p2ePvQsqy4PpepT9pvH2o02p5pwgb3vR+TUAvJmkr/+n5xrp6/+Lkl+INa//V5bxrLrnL0jOpxZMbpq4zrtzsPKLdLrzemk7svN6afylp9fHaHVer2he7rTMetquRUmvpO1pcN4wJ2piXm5qPY3n5TLpF8+bDX4xs6FrYm4vtN+6k5mKvNeZM+2dMx6h3fPsBfmtrp5nh8Zddr4jfZ0+bnLcZe+LSPdv9r6INP7CzARaq/dFtDvu0mmNBuNuIrPi+dSp4yJq0K+T4yI/WnZcTGMcDVTG0cy+LvXGv96f2fn3t8x8QrS7vn+anE842q/30+3p8aGryXmAVYHtnZoHSA8Xabt+2aAtR4J5AACYvP5PzynGr//Hf1cPZs7zi65bslcZabzgfSzl/PYUXf9OvZ9tdkvnlZe8cvwZK7Y8siF4XvxEs/el3FK3NrvgvpSiflycWS/sx8CtIEXzDksy5fujuS3142m/uv66vftHngv243DlRKq4H/fUrc1tsx+XZtYL+7E7v1VF/Zitp2j8nplZ70/uCJpuv7978SVXrTyw+d5gv+9utt8frFsbKOh31+mB+K7T3xSv+xfNR/7Z5gGSeeuZmge4JrB9uvMA/VO+qeY14Q03DxD4vQAAb2Tp9X/1fvnk+v9vMuXavT4MnrcNd+Z+1uB5W/W8tr3z8mD7q+fl7V0XBeNXr4vau24J9k/1uqW9665g/Op1V3vzNMH+eSLtn6nn/buaiJ+e94f+XCA973/jXxfN7DyD66JkPcp+U+G6CACAo0F6/Z+erqb3/z+ZrGfPjWf+Onemr0Nn+jp6pucZZnqe5I1+nXvk5xmaid/8PMNMz7OZBzAPUMw8AADAm8N7k+UNTZbvmriHOIo+eeNN561eN/Lp1eu3joyM3bL2xpHVo5tHt1XLdU9ceU29TzpUX9F90nnlZzcovzoYv749lwXKh7Sbf6i+ovzzyjfKf00wfn17Lg+UD2k3/1B9RfnnlW+U/9pg/Pr2XBEoH9Ju/qH6ivLPK98o/08G49e3532B8iHt5h+qryj/vPKN8r8xGL++Pf8jUD6k3fxD9RXln1e+Uf7Z98sM5f/+QPmQdvMP1VeUf175RvmPBOPXt+cDgfIh7eYfqq8o/7zyjfJfH4xf356VgfIh7eYfqq8o/7zyjfLfEIxf354rA+VD2s0/VF9R/nnlG+V/UzB+fXs+GCgf0m7+ofqK8s8r3yj/0WD8+vZcFShfp2biuN38Q/UV5Z9XvlH+Nwfj17fnQ4HyIe3mH6qvKP+88o3y/1Qwfn17rg6UD2k3/1B9RfnnlW+U/8Zg/Pr2XBMoH9Ju/qH6ivLPK98o/03B+PXt+XCgfEi7+YfqK8o/r3yj/DcH49e35yOB8iHt5h+qryj/vPKN8t8SjF/fnlWB8iHt5h+qryj/vPKN8r8lGL++PdcGyoe0m3+ovqL888o3yv/WYPz69nw0UD6k3fxD9RXln1e+Uf5bg/Hr2/OxQPmQdvMP1VeUf175RvmPBePXt+fjgfIh7eYfqq8o/7zyjfLfFoxf357rAuVD2s0/VF9R/nnlG+W/PRi/vj3XB8qHtJt/qL6i/PPKN8r/08H49e35RKB8SLv5h+oryj+vfKP8dwTj17fnhkD5kHbzD9VXlH9e+Ub53xaMX9+e1YHyIdX8t20dGVm9/ZZ1a7eNrN68Zd3I2OodW0e3bRtJTtTavS8xeF9Zcl9id9TVMP+FmfVjkvcHOibw/kDZ8mnYEye+mfr+QNlquwreJ6dof2XrL3qfobzyeeMttH+LjgfNjoesup+PyiAZ3Tw2snXq8buvYX/Ujolo4ra5vsoyPr6p8tm36wxUU6j5fHob5pPd3JPcCNgTH9dU+SjweXDT1Xw+cTCfvHZM93Ps0rDT+hy7zJcpct6jtS7f9WMTB+nRtRtHd45Mbf/so6D9zfTj7o63ozSlHUX7P870x/ykJfNDn/cW6L8d3/q3h3772796fxQNHVc+qa3+i4cPrzl4/Cd/enHPuePtLzVsf7Vk+rnKBZ9/mC2f5tO1ccvYtv+6fsv2zfmvoKX3O5eq6zN0v3OSZ7nJ+5dD93tM9/7leMo3R6dm718GAAB4q0j//j+9Xl2Q/A3q/MwUQfPzwO39fXRwHnhfc/PA2dmIonngbPk07WbngfvbnAfO1h+apy01KN/odZdm54E/Hig/Xc2Pk/beByA4TpKeKhon2b/DLxon2fLTHSd9bY6TbP1F4ySvfKPXp5sdJ9cGyoc0Px5aeN+Jwcn3nQiOh6HmxkP2czWLxkO2/HTHQ2+b4yFbf9F4yCvf6H6dZsfDhwPlm9X8+GjvfWGC42NNc+Mj+3kpReMjW3664yNuc3xk6y8aH3nlG93P2Oz4+FCgfKr5/d/e+/YE9/+e5vZ/9nNbivZ/tvx093+pzf2frb9o/+eVb3Q/d7P7/8pA+VT9/h/f8RP7fWT1ji1ba++BnunPbQlpvn0z+7k1rWq+/TP7vk8z3/6ZfV+pmW9/e9dNwfbva++VrubbP7OfS9SqI/Z6bPI3Q0XvP1X0Ou3HAtun+zrtrCnfHJ28TgsAAAAzL339P/04/vT94b+ULAMf09+yN/7ne/v87dz4Hfr87aJ5TPN5DSo7CpjPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6IyergUTy6c+P/aHKxe+98d3jby664rvbrpzz/Csp95z7wee/donvvH8C/OXLvv6zZcdunXOynvuGf7ZBYd+8qc7CgMPVBZnJqu9URS/FEfRyT9d+uW7f/j0CePb4iiKyvHA7iiaH5d+EGcjDL0WRdG6ajvrH3z81eXrx5e7v9RTt/2YTJBsXlF/OW1PXTuj2woz4g2oNxlnX/j+lpN+c85lz+79+aWvDvW+tnX3ZJG4t2Y8RdG8NbXP746iqC/5Py4dbQvSJyfLq6Ioml3zvAsL2nVak+0/O7C+MFnOSpb9BXHSx0/NrHc32Y6uzLK3yee1qjTD8VPp/pszw/VPObpl6pmfLL+VLM+cZvxy+j+OSnHUVa1uYzw5RqKa/RZH8cS+n1wv1Y2FODM24iiKM+ulzHq5O5PXRL3JQCvHcf32tFxm+2CyvSvZfmrBWLsmsP0dab7JD+rBTP7ZoP1TvqnmNSFt1y8btOVIKNUcg/K2p+3tTXZGf7KtPz52ynMO50gfW/XCfY89v/OBxQOB+uJvxkn8uKX4z2y6aP+Snb84sCCQZ7ymlMQvtRR/7JyXH33x6h+dEIy/J41fbin+c+cv+cr3du04OBCK/7u0f7pail9ecdahZXcNrQq2/8E0fm9L8R+69JGvznvXk48G2z+U9k9fa/0zuv316x4+7kAwfpTGn91S/EteOf6MFVse2RCM/0TaP/0txX96bHTl3Tct2jEYir8vjT+3pfin/er66/buH3ku2P7htH8GWor/7sWXXLXywOZ7Q8fOePeR+g0L8Ob0tuQc64vJeqvXme2quV64fyCunPPNSf7P7WRFGeP1zJvB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvDmNXH7/rsv3rb6iK46iOFDmcI70sfKs4eHBFuotrzjr0LK7hlbVblvQQhwAAACgWHodXqpu6Y0WRDvivujE3PLpHMGJ6Vpcvz07h9A3WbIjcUodilPuUJyuDsXp7lCcWR2K09OhOL0FcXqj5uL0NYxTaro9szsUp79DceZ0KM7cDsWZ16E4x3QozkDDOM2Pw/kdinNsh+K8rUNx3t6hOMd1KM7xHYpzQofiZOeUpzsO5yYlF4biTHxTLozTFZerD+TNp6f1nJx5Xmma9fQ3WU92zn669fQ1Wc/pbdbT22Q9S9qsJ26ynjPbrKdUUE86bm/Lti+tJ11rcvzf3qE4OzsU5zMdivPZDsW5o0NxPtehOLvajAPQrPT6f/K6cSDq6bo4mp0ccbKzAOn17qLKs6ccj3qzF+iJNN5Jme2ziuJlL9Qz8RZ1uH2nZbZ318Xrqp43NYg3UBtvcebBwnyzEwqZ9i2dbrzsxAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzKCRy+/fdfm+1VdEcTT+L9fhHOlj5VnDw4Mt1Lvqhfsee37nA4trt/V0tRAIAAAAKJReh3dXt/RGPV3nRrPiWXXl/pNd+4uRq6ofAH7uzuzMsC38pr9AHUihI0tXjEhLF+VParjowywxKAGMBkx3SxnWDdtdZLcprMhaH4gPGkg0cfXJ8IQhPKhBUUmWB41BSdhEsYmgvEgUDZAACTUxGbM7986/znSWEW3Bz+fh3HvP+Z7zvWe2afI9M4XkHKCQPGeK9WtUHtq4jkTbThqfTeJ3Lx66a/fCvUsfnjl0YLo6XZ0bHx+/8vLxvVfs/ejuO2Zmq3vqbcj3WW84WW/h3qU7D8zOVu9eqD93vncpmVdqdk2tN0eT9/7/PnmiJL6Z5z930/+vBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1a1srJcWZucGIlCiHrE1LpIxzK5OC4PkPfaN7fvunr+0enWvnx2gIUAAACAvtI6fLjRUwj5bCZkwrkbTxc2Q4shNOt+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgf0+1srJcWZuc2BKFEPWIqXWRjmVycVweIO9vFmauf+ALO4+09pUGWAcAAADoL63Dhxo9hVAKo2E4OrctLj0bOK9jfmdcus75m4zrPDvoFTe6ybixTcZ9sE/cp5LrPQEAAADe/dL6P9voKYZ89sye9X+/uj6N29kRl0mug/xWAAAAAPj3pPV/rtFTCvlsqVGvb7bev7AjLp3f73v7dH6/7+3TuIt75On8Ph8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH1VKyvLlbXJiUwUQtQjptZFOpbJxXF5gLwvXj727Z8vHzne2pfPDrAQAAAA0FdahzdL70LIZ0fCcNiyUfdfOfb3Ly5NHd02XEyGc7lwz4HFxbv31ts0bvSrr3/udz+NyifEXVZvT8nmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAd1S1srJcWZucOCMKIeoRU+siHcvk4rg8QN4XZw7/89ZHznmtta80wDoAAABAf2kd3qz9C6EUciEXtm88tdb664Y65vc6MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeOxbuXbrzwOxs9W43bty4adyc6v+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA00W1srJcWZucKEQhRD1ial2kY5lcHJcHyPvwxx/97lkf+cVjrX2lAdYBAAAA+kvr8GbtXwilMByGwzkbT93OBDbq/+J/8SUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTQrWyslxZm5w4Mwoh6hFT6yIdy+TiuDxA3gv//PlbV49VX2zty2cHWAgAAADoK63Dc42eQshnLwv5sCN5nm2fEGWSa/dzgea8u9qmjWx63n1t8zKbnve1jp1lk93U5xXS9Yr1a2Ne+cR55RBCKZlXag5Mtc0LD7XNOnPT7/m9tnnFPvMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnIaqlZXlytrkRBSFEPWIqXWRjmVycVweIO9zh646Nrb0x9da+0oDrAMAAAD0l9bhzdq/EErh/HBWOH+j7g/F9vg0bt8jr1z915+d8Y0Q9mz/7QXZnuv/5eLKLzubEIbag4ZC+L8kX9Qj35Ef/+3hV1/9ySdD2HNOZsfbzde+ZFybOr79tmf35Xef5IMBAACA95C0/h9u9BRDPjvXs/5PK++3Vf/Pn33TfduSNqnIO2YMFZN8Qz3y3XnFN39UvuDYH9br/5Pl+/SXz/vEtjB/RTyTtvWeDlFcm31w1/6Xtz59ON11PX+mI3/6ubx0/IefObJw8Cv1/IVQSPrPy3bLf2Lb4Yy49tbcE08d3Ld0Q3v+bI/9P7Dr/X/6/XcOvbKe/42dI438HzjJ/k+e/+ybK88fffyhG9vzD/fIP33Tlu+/WZ7/R+f+RzoWTj75+h+85a/QIYprb8w8c83W1dH97flDCFOtgenn/9QT3yqv/nrboTR/+luRi0c78rf8U2ttO86cori2uuOS6fEnF7e054868qf7P3b/D9760rHnruvc/+2d+++Zv3P/141lbnlh5/ggP54BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgXqFZWlitrkxMhE0LUI6bWRTqWycVxeYC8H7vo2huuf23u6619+ewACwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvmGplZbmyNjkxFIUQ9YipdZGOZXJxXB4g78Klrz/28o2/el9rX2mAdQAAAID+0jq8WfsXQinkQi6MbNT9U8e33/bsvvzuUKyPRsk1Ozu/sPihO+YPz91+it4cAAAA2Ky0/s82eoohn70oDCf1/+qOS6bHn1zcktb/IYSp9aZwx8xsdTw0zgmuG8vc8sLO8XLjnKA17tKD87PJMUG67v1XbX1p4bNr13ddd28z7o2ZZ67Zujq6P40bTq4bcZc142Yf3LX/5a1PH07jhtJzivW4Pc24t+aeeOrgvqUb0vFM63otcWffXHn+6OMP3dhYJ7mOJHkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4F/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb+OQqwq4jgAz9y7q1fvuu0W5SZFKiYaJCsVlRCtQtJDG1LgiwU+ZGVkUksYQrgJWZiETxVBEVEQiBQEPRRhQRkkURChPYShPdRDbEQb4kbF7s7s3j162u3UKsj3wWGcOff85n/mjGfvBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzq+5bT1j7eGnB36/c9Ftn+/eMrzr9ve3PbW/b87hW/fdceyVe988cbJ7xeo3Hlo/8mhH/969fV/fOPLFn09OG/zEeLMydRshxJ9jCFd+ueKFPZ8eWTg6FkMI9dg1GEJ3rH3cHQsJvadDCPdN1Dn15LvD190/2g4+N3fK+EWFkOJ9hWY91zOua2q9XFgaaZ898+H2K35ctf7YoW/XDfc2Tj82OPmR2GjZTyF0bm69vj2EMC8do/Ju68kXp3ZDCGF+y3U3TVPX0hnWf21Jf1Fq56S2OU1OPr+k0G+fYR1thbYxw+uqqs1yfpafX8csz198uRXn6U7te6ld+S/z6/mIoRZD28R0D8fJPRJanlsMcezZT/ZrU/ZCLOyNGEIs9GuFfr29cF9j86aNVo9x6nj+XGF8cRpvS+NLptlrd5eMX57vN/1HPVW4/2Jo84x/TNzXmFzX9/9Qy7lQa3kHnW0819tID6OZxprx4jOu+ess8rmNJ59/+8TOV5d1ldQR34kpP1bK/2bbzUeX7/xuqKcsf3Mt5dcq5Q+s+vXgT3d9trA0f3/Or1fKP3798hc/2LXjVOn6/JLXp61Sfn3NNSOrd/duLK3/tZzfqJT/+roDL3fe8MnB0vp78/rMq7Y+Wx//Y9Nblw6V5oecP79S/trfLrt6zfYDD5Tmf5TXp1kp/8jA1v49D161Y3FZ/lc5f0Gl/KU/3LPp0NEtx0vr78vr01Up/5Zlazf0Dz2yr+zdGQfP1V9YgAvTJek71rOpX/V35n/V8nvhpa44/p2vIx0L/s+JCkbn6ZzFfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JsdOCABAAAAEPT/dTsCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4KAAD//+sBVxg=")
open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001"})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0)

2.850494946s ago: executing program 3 (id=1582):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x17)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000006100)=""/102389, 0x18ff5}], 0x1, 0xfffffffd, 0x8)
shutdown(0xffffffffffffffff, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0xffffff98)
socket(0x26, 0x0, 0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x6d, '\x00', 0x0, 0x0, r1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='ext4_get_implied_cluster_alloc_exit\x00', r1}, 0x10)
futex(&(0x7f00000002c0)=0x2, 0x8c, 0x1, 0x0, 0x0, 0x2)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x96ff03)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
socket$inet6(0xa, 0x0, 0x80000000)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x1c1c40, 0x0)
fcntl$setsig(r3, 0xa, 0x13)
fcntl$setlease(r3, 0x400, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
times(0xfffffffffffffffe)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000021000100fffe0900010073797a30000000000900030073797a3200000000f8000000060a010400000000000000000100000008000b4000000000d0000480540001800a00010072656469720000004400028008000340000000020800034000000003080002400000000c0800034000000010080002400000000f0800034000000011080001400000001508000340000000001c0001800a00010072616e67650000000c000280080001400000000a3c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x16c}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x76, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000e5000084aaa5966701c0000000000000003a3ce0a4bdee3428261a6246533cb334095b7d4868bf3a00b3c9273d992f4064b0a1fab7a1f9b618b3d548530f7ec3d76394"])
socket$nl_generic(0x10, 0x3, 0x10)

2.631455955s ago: executing program 2 (id=1583):
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
pipe(0x0)
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000)
write(0xffffffffffffffff, &(0x7f0000002640)='n', 0x1)
read(0xffffffffffffffff, &(0x7f0000019440)=""/102391, 0x18ff7)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

2.524889819s ago: executing program 2 (id=1585):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100766574680000000004000200080001"], 0x40}}, 0x0)

2.440152332s ago: executing program 2 (id=1586):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(0xffffffffffffffff, 0x28, 0x6, &(0x7f0000000080)={0x0, 0xea60}, 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x0, @host}, 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000003100)={@ifindex, 0xffffffffffffffff, 0x11, 0x10, 0xffffffffffffffff, @prog_fd}, 0x20)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x2f, 0x6e, 0x1, 0x2fb, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x80, 0x800, 0xe5b}})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081780000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103b00000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afc0513466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea01d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a07f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a126a1bdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0d5d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f10bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d00b07862c4fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52c094016406cdd32abf77fea373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515dca8811922929e08538fab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f57cbc05cd897f40693ec427ea71578130cde48de3b4dda0c7b615b57ccd4f8ac729a80f891d91a89d967948b9d95b1f22480ab48969e86b854a8c17f3e264ce11f9f63552364e759eec94572f2f7b0e2f293573d0b80709815f4344f908c00"/2646], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={0xffffffffffffffff, 0x0, 0x14, 0x0, &(0x7f00000006c0)="f6f4e9a1d78ad62ceef1884366a578bb3fb7dbfc", 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000240)="482eadffffffffffff", 0x0}, 0x50)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r2, 0x1, 0x6, @multicast}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff0180c2000b0086dd6012000800383a00fc010000000000000000000000000000ff0200000000000000000000000000010100007800000000600ad91500002c00ff010000000000000000000000000001fe8000000000000000000000000000040000009000000000"], 0x0)

2.329149315s ago: executing program 2 (id=1588):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
splice(r3, 0x0, r2, 0x0, 0x1, 0x0)
ioctl$sock_SIOCINQ(r2, 0x5452, &(0x7f0000000000))
close_range(r2, 0xffffffffffffffff, 0x0)

2.10500112s ago: executing program 1 (id=1590):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6)
r4 = syz_io_uring_setup(0x5aed, &(0x7f0000000080)={0x0, 0x0, 0x85c88f3ff8f4c034, 0x100, 0x80000000}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r7, 0x0)
r8 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, &(0x7f00000001c0)="8b", 0x1, 0xfffffffffffffffd)
r9 = add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r10 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x3}, 0x0, 0x0, r9)
r11 = add_key$user(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000680)="495f3b3dee0000962612c44906d9b7e5cb0f19d0be77d28289ead3a9133ed2e5670275a86f05f9348754177cf35357c2cf03efa1b47db4fbe73e4b5c973652d9e0ed1a84fe25f80f29b02c7a71b309f8eef2de66b2b74e1cfdcc751b21a40b5f64aa20533898fd76a736f169f4cc4c9d477eec008adce4dd4a2487b287377e0d987501c837bec60849e8bc843b7655057c1ecad719dff5aff033358306b4904a6f3dfe324f3d9b792e380e5c0657e663bf452d62314003d320d45f5b32ffb368", 0xc0, r10)
keyctl$dh_compute(0x17, &(0x7f00000000c0)={r8, r11, r8}, &(0x7f0000000300)=""/171, 0xab, &(0x7f0000000400)={&(0x7f0000000180)={'sha384-generic\x00'}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket(0x1d, 0x3, 0x1)
preadv(0xffffffffffffffff, &(0x7f00000038c0)=[{&(0x7f0000001540)=""/207, 0xcf}], 0x1, 0x1f, 0x0)
io_uring_enter(r4, 0xa3d, 0x0, 0x0, 0x0, 0x0)
read$dsp(r3, &(0x7f0000000440)=""/171, 0xab)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2b, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f", {0x0, 0x3f}}, 0x0, 0x0, @random, @val={0x1, 0x7, [{0x36, 0x1}, {0x18, 0x1}, {0xc}, {}, {0x9}, {0xb, 0x1}, {0x16, 0x1}]}, @void}}]}, 0x48}}, 0x0)

2.103953081s ago: executing program 2 (id=1591):
connect$rxrpc(0xffffffffffffffff, &(0x7f0000000480)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000280)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff}, 0x6b)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x14}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="3c00330080000000080211000001080211000000505050505050000000000002aba519ed06dd895d000001"], 0x58}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e22, @empty}, {0x1, @multicast}, 0x0, {0x2, 0x4e21, @empty}, 'syzkaller0\x00'})
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYBLOB="00000000e180000008001b"], 0x34}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

1.980206128s ago: executing program 2 (id=1592):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000040)={0x1})
syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)

1.948959437s ago: executing program 0 (id=1593):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0}, 0x0)

1.939224686s ago: executing program 3 (id=1594):
socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x8, 0x4, {{0x25, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x0, 0x0, 0xb3, 0x6}, 0x48)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000000180)={0x2020}, 0x2020)
lseek(r7, 0xfffffffffffffff5, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000021c0)={0x1b, 0x0, 0x0, 0xfffff000, 0x0, r6, 0x3, '\x00', 0x0, r6, 0x4, 0x1, 0x5}, 0x48)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r8, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_addr=@multicast1, @multicast2}, 0x10)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000001b40)=0xa, 0x4)

1.845017793s ago: executing program 1 (id=1595):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'})
sendto$inet(r0, &(0x7f00000012c0)='\t', 0x1, 0x11, 0x0, 0x0)

1.683939337s ago: executing program 1 (id=1596):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={<r3=>r2})
sendmsg$key(r3, 0x0, 0x2400c010)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r2)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6gre0\x00', 0x0})
r5 = socket$alg(0x26, 0x5, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r3, 0x111, 0x2, 0x1, 0x4)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
sendmmsg$sock(r6, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20000}], 0x3}}], 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

1.578589223s ago: executing program 1 (id=1597):
socket$netlink(0x10, 0x3, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0xffffffff, [{0x0, 0x3}]}, @ptr, @restrict={0x0, 0x0, 0x0, 0x10, 0x2}]}}, 0x0, 0x4a}, 0x20)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x80000000, 0x28}, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x8, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000300), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000001d00)}}, 0x10)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={0xffffffffffffffff, 0xfe, &(0x7f0000000480)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff3c, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r1}, 0x4)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001340), 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f0000000300), 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={0xffffffffffffffff, &(0x7f0000000100)}, 0x20)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="258400010000000000135ad3881eeb48e97000000000ca8080f2ffde"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x6, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r2, r3, 0xffffffffffffffff]}, 0x80)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001f00)={0x0, 0x8, 0x10}, 0xc)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001f40)='cgroup.freeze\x00', 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r5, &(0x7f0000000300), 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r5, &(0x7f0000000100)}, 0x20)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000020c0)=ANY=[@ANYBLOB="bb1cd84e764e341db21430b2e31c3111fd8bca1025ba25232e36210ab43bc18cfc206fb811a000e417d1a6e599ad0efcc522143256e0b2592e255c8b2db3a640a000d7ef0464b1e059d887dfcf4141f323ef00f83fda0ed1b243b2d0224b4a2aa901ac178dea07cc183b131bb7e1723c7b924b80b87449c11f37250b66805ebeb82cc735add5cbae212246b877c6198dd5cf0e8d969731a75c02bd"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000200)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x6, 0x5, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r6, 0xffffffffffffffff]}, 0x90)

1.19757498s ago: executing program 0 (id=1598):
r0 = open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x0, 0x0)
write$tcp_mem(r0, &(0x7f0000000100)={0x1ff, 0x2d, 0x0, 0xa, 0x0, 0x2c}, 0x48)

986.85621ms ago: executing program 1 (id=1600):
syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000000140)='./bus\x00', 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c6261636b67726f756e645f636f6d7072657373696f6e3d7a7374642c7374725f686173683d63726336342c73743332632c646174615f636865636b73756d3d63726336342c646174615f636865636b7375003d6372633332632c7374725f686173683d736970686173682c6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c0063ad2a0f240100000000000080871f7dee411dc51b7c2cc57106643bb5721eae89517d4a6314015fefa971e2255edc0dcd297a5ba652a6c236bba6ae8074b44c616c423519f5e3de4f62550a9c00ea21b273c6024b2a7d6e407de8a0cbb9a45c3b1daeb5fbcacbe5cde2a16190554a40e66d69df39ec5f72bb1cc60249ef27c3b2983e178171c6bc062e199367e9a8b90261927261423ec1e9c9ca9c1a10a425947c1c45e13ec517"], 0xff, 0x5b1c, &(0x7f000000b6c0)="$eJzs3Q2MHNWdIPCq7hnPjMc2YxLAMR8ewPgMF2CMyQEWUQZOAXKJCYHEJIFgO3hshvgDPHYMTogNUkhEOM7SnRIuUhBCicQJIXKLNpuPjUy0hGjDRrGUZU12N0sEiTbsijgikHgxilczXdXTXVOvq6e7xzHw+8memqp+/X/v/+pNTdXrmu4IAACAt4SnPj/2hysXvvfHd428uuuK7266M+ovT2zvTQsMJMvb/lwt5Ejq6VowscyOiz3Ds556z70fePZrn/jG8y/MX7rs6zdfdujWOSvvuWf4Zxcc+smf7iiKm46nMyfX45fiKDr5p0u/fPcPnz5hfFscRVE5HtgdRfPj0g/mx5kQQ69FUbSu2s76Bx9/dfn68eXuL/XUbT8mE8R4f2vrTcbZF76/5aTfnHPZs3t/fumrQ72vbd09WSTurRlPUTRvTe3zu6Mo6kv+j0tH24L0ycnyqiiKZtc878KCdp3WZPvPDqwvTJazkmV/QZz08VMz691NtqMrs+xt8nmtKs1w/FS6/+bMcP3Zg1u2nvnJ8lvJ8sxpxi+n/+OoFEdd1eo2xpNjJKrZb3EUT+z7yfVS3ViIM2MjjqI4s17KrJe7M3lN1JsMtHIc129Py2W2Dybbu5LtpxaMtWsC29+R5pv8oB7M5J8N2j/lm2peE9J2/bJBW46EUs0xKG972t7eZGf0J9v642OnPOdwjvSxVS/c99jzOx9YPBBoR/zNOIkftxT/mU0X7V+y8xcHFoTirykl8UstxR875+VHX7z6RycE4+9J45dbiv/c+Uu+8r1dOw4G++d3af90tRS/vOKsQ8vuGloVbP+DafzeluI/dOkjX533ricfDbZ/KO2fvtb6Z3T769c9fNyBYPwojT+7pfiXvHL8GSu2PLIhGP+JtH/6W4r/9NjoyrtvWrRjMBR/Xxp/bkvxT/vV9dft3T/yXLD9w2n/DLQU/92LL7lq5YHN94aOnfHuI/UbFuDN6W3JOdYXk/VWrzPbVXO9cP9AXDnnm5P8n1vuZE31xuuZN3PhAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiLemhg3cifvnPK613Jek/yzSnlyjLdPiuK4r4oisa2rd26bXTzhsGbt2zfunntxsG12wZHNm/bevvg+e8c3Dpyy8a1t48/OnT28srzjo3iyjI+eUrdhw8fPlwaqN+W1vepC/7344On7P/HKBo67mendAXb/8E7Fv73+TlfM+Lhwxv/1xk3vDjnb7dXNgwk7RoItCsKtOvih19a8Zvv9v3PKBo6vlG7/nXp5T+sa9DEhsk4iVJPVJr4pieenduOaquT9qT91bV+dOPIUHH/lgN5/PrgX3xkx9iNuyv92xvMo8n+7Rs+/MfN337ixot3XlXZcLTu96L+TrNI25f2X2/S3/OSvOYF8uoK5HX3Gaf+yz/8300v7Y6Gun6/aGrdRXl1JwOgO35HU/WmNcyO6/ukNymf7vH0eedu23TLuWO37zx7dNPaDSMbRjYvX778wvOXn3fBef/t3InUK187ln9a/39pMv8jM562XDA8mn5tbjwVtauoP8bbVdwftS0K/fy9/cOX/9Odf7nn6sqGonGelq4eT5Ll7PHdvCyqGW9T+yovr6J+6A70w4Zr+v/fK4Nb/qPoOFS7Z2q/ZsTDh38/+nfvmbP39BsqG47Icb62QS0e56utTtrTXXvcWXb09m9PVE7y6s9t1+l3vfzRv/9OPFht36xZ0W1rt23buqzy9Qjl9fZrPtvZvC5c8u+37lxz5/wpeZ1X+Tonaemc+MTcdmW3pnktmvhajpJuSRdRbyk/v+6o0r7s74X0edle7U8e64+Pzc0rK31s1Qv3Pfb8zgcWh3o6/malxr5obmUZnxQouTHzxHK1wXn1F42PKIrW1G5L+/GJb/+fwb0/nr+pcHxURsaUr9n0hg9/7qI5vx67dt/KyoYjc1ypaVCLx5VqqyfbM9FfE8eV846ePP58+7nuBysePrz3pHduWP7X25If+6L+rZbO69/lUVR0HFiUWZ+p40C2nsny+fEGM+v9Ubml48Zz5y/5yvd27TgYPG78rtnjxmfr1sptHjfiwHja/7n//8fP7H/mfZ07brxvSfnj/7xoedKhR8vPW28yrnsD47ra6qQ9ce24PufGLRvXVbYfvee/ybLg+if9/T12+85Prd24cWTrWHN5NXtektaT7eVWz0vSn75jC/JK99dkXjP3TTP91ezPW9r+ddn+avHnDfL0R3FLv8+e2XTR/iU7f3FgIBA3XlNK4pdaij92zsuPvnj1j04Ixt+Txu9qKX55xVmHlt01tCoY/8E4id/bUvyHLn3kq/Pe9eSjwfhDafv7WjufGN3++nUPHxfu/yiN399S/KfHRlfefdOiHcH4++KknvFzuyh6/NXl6yvrcdSdHIfTdnTXtSvKrseZ9VJmvVy7XqrMwVcrKMdx/fa0XLL91Jq25Lk2iqJ9PVO3p2ePvQsqy4PpepT9pvH2o02p5pwgb3vR+TUAvJmkr/+n5xrp6/+Lkl+INa//V5bxrLrnL0jOpxZMbpq4zrtzsPKLdLrzemk7svN6afylp9fHaHVer2he7rTMetquRUmvpO1pcN4wJ2piXm5qPY3n5TLpF8+bDX4xs6FrYm4vtN+6k5mKvNeZM+2dMx6h3fPsBfmtrp5nh8Zddr4jfZ0+bnLcZe+LSPdv9r6INP7CzARaq/dFtDvu0mmNBuNuIrPi+dSp4yJq0K+T4yI/WnZcTGMcDVTG0cy+LvXGv96f2fn3t8x8QrS7vn+anE842q/30+3p8aGryXmAVYHtnZoHSA8Xabt+2aAtR4J5AACYvP5PzynGr//Hf1cPZs7zi65bslcZabzgfSzl/PYUXf9OvZ9tdkvnlZe8cvwZK7Y8siF4XvxEs/el3FK3NrvgvpSiflycWS/sx8CtIEXzDksy5fujuS3142m/uv66vftHngv243DlRKq4H/fUrc1tsx+XZtYL+7E7v1VF/Zitp2j8nplZ70/uCJpuv7978SVXrTyw+d5gv+9utt8frFsbKOh31+mB+K7T3xSv+xfNR/7Z5gGSeeuZmge4JrB9uvMA/VO+qeY14Q03DxD4vQAAb2Tp9X/1fvnk+v9vMuXavT4MnrcNd+Z+1uB5W/W8tr3z8mD7q+fl7V0XBeNXr4vau24J9k/1uqW9665g/Op1V3vzNMH+eSLtn6nn/buaiJ+e94f+XCA973/jXxfN7DyD66JkPcp+U+G6CACAo0F6/Z+erqb3/z+ZrGfPjWf+Onemr0Nn+jp6pucZZnqe5I1+nXvk5xmaid/8PMNMz7OZBzAPUMw8AADAm8N7k+UNTZbvmriHOIo+eeNN561eN/Lp1eu3joyM3bL2xpHVo5tHt1XLdU9ceU29TzpUX9F90nnlZzcovzoYv749lwXKh7Sbf6i+ovzzyjfKf00wfn17Lg+UD2k3/1B9RfnnlW+U/9pg/Pr2XBEoH9Ju/qH6ivLPK98o/08G49e3532B8iHt5h+qryj/vPKN8r8xGL++Pf8jUD6k3fxD9RXln1e+Uf7Z98sM5f/+QPmQdvMP1VeUf175RvmPBOPXt+cDgfIh7eYfqq8o/7zyjfJfH4xf356VgfIh7eYfqq8o/7zyjfLfEIxf354rA+VD2s0/VF9R/nnlG+V/UzB+fXs+GCgf0m7+ofqK8s8r3yj/0WD8+vZcFShfp2biuN38Q/UV5Z9XvlH+Nwfj17fnQ4HyIe3mH6qvKP+88o3y/1Qwfn17rg6UD2k3/1B9RfnnlW+U/8Zg/Pr2XBMoH9Ju/qH6ivLPK98o/03B+PXt+XCgfEi7+YfqK8o/r3yj/DcH49e35yOB8iHt5h+qryj/vPKN8t8SjF/fnlWB8iHt5h+qryj/vPKN8r8lGL++PdcGyoe0m3+ovqL888o3yv/WYPz69nw0UD6k3fxD9RXln1e+Uf5bg/Hr2/OxQPmQdvMP1VeUf175RvmPBePXt+fjgfIh7eYfqq8o/7zyjfLfFoxf357rAuVD2s0/VF9R/nnlG+W/PRi/vj3XB8qHtJt/qL6i/PPKN8r/08H49e35RKB8SLv5h+oryj+vfKP8dwTj17fnhkD5kHbzD9VXlH9e+Ub53xaMX9+e1YHyIdX8t20dGVm9/ZZ1a7eNrN68Zd3I2OodW0e3bRtJTtTavS8xeF9Zcl9id9TVMP+FmfVjkvcHOibw/kDZ8mnYEye+mfr+QNlquwreJ6dof2XrL3qfobzyeeMttH+LjgfNjoesup+PyiAZ3Tw2snXq8buvYX/Ujolo4ra5vsoyPr6p8tm36wxUU6j5fHob5pPd3JPcCNgTH9dU+SjweXDT1Xw+cTCfvHZM93Ps0rDT+hy7zJcpct6jtS7f9WMTB+nRtRtHd45Mbf/so6D9zfTj7o63ozSlHUX7P870x/ykJfNDn/cW6L8d3/q3h3772796fxQNHVc+qa3+i4cPrzl4/Cd/enHPuePtLzVsf7Vk+rnKBZ9/mC2f5tO1ccvYtv+6fsv2zfmvoKX3O5eq6zN0v3OSZ7nJ+5dD93tM9/7leMo3R6dm718GAAB4q0j//j+9Xl2Q/A3q/MwUQfPzwO39fXRwHnhfc/PA2dmIonngbPk07WbngfvbnAfO1h+apy01KN/odZdm54E/Hig/Xc2Pk/beByA4TpKeKhon2b/DLxon2fLTHSd9bY6TbP1F4ySvfKPXp5sdJ9cGyoc0Px5aeN+Jwcn3nQiOh6HmxkP2czWLxkO2/HTHQ2+b4yFbf9F4yCvf6H6dZsfDhwPlm9X8+GjvfWGC42NNc+Mj+3kpReMjW3664yNuc3xk6y8aH3nlG93P2Oz4+FCgfKr5/d/e+/YE9/+e5vZ/9nNbivZ/tvx093+pzf2frb9o/+eVb3Q/d7P7/8pA+VT9/h/f8RP7fWT1ji1ba++BnunPbQlpvn0z+7k1rWq+/TP7vk8z3/6ZfV+pmW9/e9dNwfbva++VrubbP7OfS9SqI/Z6bPI3Q0XvP1X0Ou3HAtun+zrtrCnfHJ28TgsAAAAzL339P/04/vT94b+ULAMf09+yN/7ne/v87dz4Hfr87aJ5TPN5DSo7CpjPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6IyergUTy6c+P/aHKxe+98d3jby664rvbrpzz/Csp95z7wee/donvvH8C/OXLvv6zZcdunXOynvuGf7ZBYd+8qc7CgMPVBZnJqu9URS/FEfRyT9d+uW7f/j0CePb4iiKyvHA7iiaH5d+EGcjDL0WRdG6ajvrH3z81eXrx5e7v9RTt/2YTJBsXlF/OW1PXTuj2woz4g2oNxlnX/j+lpN+c85lz+79+aWvDvW+tnX3ZJG4t2Y8RdG8NbXP746iqC/5Py4dbQvSJyfLq6Ioml3zvAsL2nVak+0/O7C+MFnOSpb9BXHSx0/NrHc32Y6uzLK3yee1qjTD8VPp/pszw/VPObpl6pmfLL+VLM+cZvxy+j+OSnHUVa1uYzw5RqKa/RZH8cS+n1wv1Y2FODM24iiKM+ulzHq5O5PXRL3JQCvHcf32tFxm+2CyvSvZfmrBWLsmsP0dab7JD+rBTP7ZoP1TvqnmNSFt1y8btOVIKNUcg/K2p+3tTXZGf7KtPz52ynMO50gfW/XCfY89v/OBxQOB+uJvxkn8uKX4z2y6aP+Snb84sCCQZ7ymlMQvtRR/7JyXH33x6h+dEIy/J41fbin+c+cv+cr3du04OBCK/7u0f7pail9ecdahZXcNrQq2/8E0fm9L8R+69JGvznvXk48G2z+U9k9fa/0zuv316x4+7kAwfpTGn91S/EteOf6MFVse2RCM/0TaP/0txX96bHTl3Tct2jEYir8vjT+3pfin/er66/buH3ku2P7htH8GWor/7sWXXLXywOZ7Q8fOePeR+g0L8Ob0tuQc64vJeqvXme2quV64fyCunPPNSf7P7WRFGeP1zJvB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvDmNXH7/rsv3rb6iK46iOFDmcI70sfKs4eHBFuotrzjr0LK7hlbVblvQQhwAAACgWHodXqpu6Y0WRDvivujE3PLpHMGJ6Vpcvz07h9A3WbIjcUodilPuUJyuDsXp7lCcWR2K09OhOL0FcXqj5uL0NYxTaro9szsUp79DceZ0KM7cDsWZ16E4x3QozkDDOM2Pw/kdinNsh+K8rUNx3t6hOMd1KM7xHYpzQofiZOeUpzsO5yYlF4biTHxTLozTFZerD+TNp6f1nJx5Xmma9fQ3WU92zn669fQ1Wc/pbdbT22Q9S9qsJ26ynjPbrKdUUE86bm/Lti+tJ11rcvzf3qE4OzsU5zMdivPZDsW5o0NxPtehOLvajAPQrPT6f/K6cSDq6bo4mp0ccbKzAOn17qLKs6ccj3qzF+iJNN5Jme2ziuJlL9Qz8RZ1uH2nZbZ318Xrqp43NYg3UBtvcebBwnyzEwqZ9i2dbrzsxAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzKCRy+/fdfm+1VdEcTT+L9fhHOlj5VnDw4Mt1Lvqhfsee37nA4trt/V0tRAIAAAAKJReh3dXt/RGPV3nRrPiWXXl/pNd+4uRq6ofAH7uzuzMsC38pr9AHUihI0tXjEhLF+VParjowywxKAGMBkx3SxnWDdtdZLcprMhaH4gPGkg0cfXJ8IQhPKhBUUmWB41BSdhEsYmgvEgUDZAACTUxGbM7986/znSWEW3Bz+fh3HvP+Z7zvWe2afI9M4XkHKCQPGeK9WtUHtq4jkTbThqfTeJ3Lx66a/fCvUsfnjl0YLo6XZ0bHx+/8vLxvVfs/ejuO2Zmq3vqbcj3WW84WW/h3qU7D8zOVu9eqD93vncpmVdqdk2tN0eT9/7/PnmiJL6Z5z930/+vBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1a1srJcWZucGIlCiHrE1LpIxzK5OC4PkPfaN7fvunr+0enWvnx2gIUAAACAvtI6fLjRUwj5bCZkwrkbTxc2Q4shNOt+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgf0+1srJcWZuc2BKFEPWIqXWRjmVycVweIO9vFmauf+ALO4+09pUGWAcAAADoL63Dhxo9hVAKo2E4OrctLj0bOK9jfmdcus75m4zrPDvoFTe6ybixTcZ9sE/cp5LrPQEAAADe/dL6P9voKYZ89sye9X+/uj6N29kRl0mug/xWAAAAAPj3pPV/rtFTCvlsqVGvb7bev7AjLp3f73v7dH6/7+3TuIt75On8Ph8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH1VKyvLlbXJiUwUQtQjptZFOpbJxXF5gLwvXj727Z8vHzne2pfPDrAQAAAA0FdahzdL70LIZ0fCcNiyUfdfOfb3Ly5NHd02XEyGc7lwz4HFxbv31ts0bvSrr3/udz+NyifEXVZvT8nmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAd1S1srJcWZucOCMKIeoRU+siHcvk4rg8QN4XZw7/89ZHznmtta80wDoAAABAf2kd3qz9C6EUciEXtm88tdb664Y65vc6MwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeOxbuXbrzwOxs9W43bty4adyc6v+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA00W1srJcWZucKEQhRD1ial2kY5lcHJcHyPvwxx/97lkf+cVjrX2lAdYBAAAA+kvr8GbtXwilMByGwzkbT93OBDbq/+J/8SUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDTQrWyslxZm5w4Mwoh6hFT6yIdy+TiuDxA3gv//PlbV49VX2zty2cHWAgAAADoK63Dc42eQshnLwv5sCN5nm2fEGWSa/dzgea8u9qmjWx63n1t8zKbnve1jp1lk93U5xXS9Yr1a2Ne+cR55RBCKZlXag5Mtc0LD7XNOnPT7/m9tnnFPvMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnIaqlZXlytrkRBSFEPWIqXWRjmVycVweIO9zh646Nrb0x9da+0oDrAMAAAD0l9bhzdq/EErh/HBWOH+j7g/F9vg0bt8jr1z915+d8Y0Q9mz/7QXZnuv/5eLKLzubEIbag4ZC+L8kX9Qj35Ef/+3hV1/9ySdD2HNOZsfbzde+ZFybOr79tmf35Xef5IMBAACA95C0/h9u9BRDPjvXs/5PK++3Vf/Pn33TfduSNqnIO2YMFZN8Qz3y3XnFN39UvuDYH9br/5Pl+/SXz/vEtjB/RTyTtvWeDlFcm31w1/6Xtz59ON11PX+mI3/6ubx0/IefObJw8Cv1/IVQSPrPy3bLf2Lb4Yy49tbcE08d3Ld0Q3v+bI/9P7Dr/X/6/XcOvbKe/42dI438HzjJ/k+e/+ybK88fffyhG9vzD/fIP33Tlu+/WZ7/R+f+RzoWTj75+h+85a/QIYprb8w8c83W1dH97flDCFOtgenn/9QT3yqv/nrboTR/+luRi0c78rf8U2ttO86cori2uuOS6fEnF7e054868qf7P3b/D9760rHnruvc/+2d+++Zv3P/141lbnlh5/ggP54BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgXqFZWlitrkxMhE0LUI6bWRTqWycVxeYC8H7vo2huuf23u6619+ewACwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvmGplZbmyNjkxFIUQ9YipdZGOZXJxXB4g78Klrz/28o2/el9rX2mAdQAAAID+0jq8WfsXQinkQi6MbNT9U8e33/bsvvzuUKyPRsk1Ozu/sPihO+YPz91+it4cAAAA2Ky0/s82eoohn70oDCf1/+qOS6bHn1zcktb/IYSp9aZwx8xsdTw0zgmuG8vc8sLO8XLjnKA17tKD87PJMUG67v1XbX1p4bNr13ddd28z7o2ZZ67Zujq6P40bTq4bcZc142Yf3LX/5a1PH07jhtJzivW4Pc24t+aeeOrgvqUb0vFM63otcWffXHn+6OMP3dhYJ7mOJHkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4F/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb+OQqwq4jgAz9y7q1fvuu0W5SZFKiYaJCsVlRCtQtJDG1LgiwU+ZGVkUksYQrgJWZiETxVBEVEQiBQEPRRhQRkkURChPYShPdRDbEQb4kbF7s7s3j162u3UKsj3wWGcOff85n/mjGfvBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzq+5bT1j7eGnB36/c9Ftn+/eMrzr9ve3PbW/b87hW/fdceyVe988cbJ7xeo3Hlo/8mhH/969fV/fOPLFn09OG/zEeLMydRshxJ9jCFd+ueKFPZ8eWTg6FkMI9dg1GEJ3rH3cHQsJvadDCPdN1Dn15LvD190/2g4+N3fK+EWFkOJ9hWY91zOua2q9XFgaaZ898+H2K35ctf7YoW/XDfc2Tj82OPmR2GjZTyF0bm69vj2EMC8do/Ju68kXp3ZDCGF+y3U3TVPX0hnWf21Jf1Fq56S2OU1OPr+k0G+fYR1thbYxw+uqqs1yfpafX8csz198uRXn6U7te6ld+S/z6/mIoRZD28R0D8fJPRJanlsMcezZT/ZrU/ZCLOyNGEIs9GuFfr29cF9j86aNVo9x6nj+XGF8cRpvS+NLptlrd5eMX57vN/1HPVW4/2Jo84x/TNzXmFzX9/9Qy7lQa3kHnW0819tID6OZxprx4jOu+ess8rmNJ59/+8TOV5d1ldQR34kpP1bK/2bbzUeX7/xuqKcsf3Mt5dcq5Q+s+vXgT3d9trA0f3/Or1fKP3798hc/2LXjVOn6/JLXp61Sfn3NNSOrd/duLK3/tZzfqJT/+roDL3fe8MnB0vp78/rMq7Y+Wx//Y9Nblw6V5oecP79S/trfLrt6zfYDD5Tmf5TXp1kp/8jA1v49D161Y3FZ/lc5f0Gl/KU/3LPp0NEtx0vr78vr01Up/5Zlazf0Dz2yr+zdGQfP1V9YgAvTJek71rOpX/V35n/V8nvhpa44/p2vIx0L/s+JCkbn6ZzFfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JsdOCABAAAAEPT/dTsCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4KAAD//+sBVxg=")
r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
io_setup(0x5ff, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0x1}])

854.644489ms ago: executing program 3 (id=1601):
connect$rxrpc(0xffffffffffffffff, &(0x7f0000000480)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x24)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000280)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff}, 0x6b)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x14}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="3c00330080000000080211000001080211000000505050505050000000000002aba519ed06dd895d000001"], 0x58}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e22, @empty}, {0x1, @multicast}, 0x0, {0x2, 0x4e21, @empty}, 'syzkaller0\x00'})
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYBLOB="00000000e180000008001b"], 0x34}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

695.039323ms ago: executing program 3 (id=1602):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f000087e000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x46f, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9ef048332f3fcc797076f8c02858548418e34a9967282de2eb4cc6438f0b6c9dcc204cdd732dd88624b39c16e8f80819cb72be6ab07492ed05ade4caf1ae3d723830523e32c02786c50ac1f47b994ed49fc4b9b318a4c86b4f7fb0d3c6a8763ef27cd52936cc55ef5ac50935a7f706464be90ea4b5f894ad92910de17889a6236a4bda8aac5e1daa70a8fcf248360cdd4e86f854f23e3e4792d91c85f1ed6cf7c36bbe9d879fc86b55e55e0566b6451aad55b1b24156d5735d1ee7064b07bde3a7643cb7631057"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000004d00)=""/4097, 0x1001}], 0x1}}], 0x2, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
getpid()
pipe2$9p(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r6, 0xc0185879, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020}, 0x2020)
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x3200214, &(0x7f0000003080)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRESOCT], 0x1, 0x60b, &(0x7f0000002080)="$eJzs3U9oHNcdB/DvrFey1gVXSezElECFDWmpqK0/KK16iVtK0SGUkB56FrYcC6+VIClFCaWo/9JrD7kW0oNuPRV6N7Tn5parjoFCLjkJelCZ2VlpVa2U9T/tOv58zJv33r6ZN7/5zZ/VSpgN8Nxamk7zQYosTb+5VfZ3d+bbuzvz5+vhdpKy3UianSrFWtL8S3IznZKxnumK3rlbPe2PVxff/uzL3c87vWZdqvUbR6d4FNt1yVSSc3V93Cm72d8/cb5bJ843qOIgM2XCrpX19mNNCE/G/jHdK/O/g2xePN3ogLNQdN43j76SZDK5kGSi/jkg9dOhcfYRPlnefwEAAHgeXP0oe9nKxWHHAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+S+vv/i7o0uu2pFN3v/x+vX0vdfsYUR3oPhhYHAAAAAAAAADw5397LXrZysdvfL6q/+V+tOpeq5TfyfjaykvVcz1aWs5nNrGc2yWTPRONby5ub67MDbDnXd8u5szleAAAAAAAAAPia+l2WDv/+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo6BIznWqqlzqtifTaCaZSDJerredfNptP8seDDsAAAAAOAPf3MtetnKx298vqs/8L1ef+yfyftaymdVspp2V3K5+F9D51N/Y3Zlv7+7M3y/L8Xl//MVDhVHNmM7vHvrv+Uq1Rit3slq9cj238m7auZ1GtWXpSjee/nH9toypeKOjGDCy23Vdrv/nuh4Nk1VGxg4yMlPnoVy+cHomTjk7jQH2NJvGwW9+Lj1Ezt8Y8Mgu1HWZ649GOudz9dX3aXnPnJ6J5Dv/+Nsv77bX7t29szE9Oof0iOpMbDfrTMz33IevPFeZmKkycfmgv5Sf5ReZzlTeynpW86ssZzMrmcpPq9ZyfT2Xy8nTM3XzSO+tr4pkvD4vnafow8V0tdr2Ylbz87yb21nJ69W/uczmB1nIQhZ7zvDlU+L+or7rGw9311/7bt1oJflTXY+GMq8v9OS195k7WY0dfQp3s/TiyVkqHvHZ2PxW3Sj38fsTntfD8f+ZmO3JxEunX+d/3S+XG+21e+t3l98bcH+v1XWZyj+O1LtEeb28WJ6sqnf06ijHXuo7NluNXToYaxwbu3ww1vdOXe/uf7Fa++W+M81VY6/0HZuvxq70jPX7eQuAkXfhexfGW/9p/bv1SesPrbutNyd+cv6H518dz9i/xn7UnDn3WuPV4u/5JL85/PwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8uo0PPry33G6vrA+5UdRf5DMq8Wg8/UYmRiIMjf5nB/iau7F5/70bGx98+P3V+8vvrLyzsja2sLA4s7jw+vyNO6vtlZnOcthRAk/D4Zv+sCMBAAAAAAAAAAAABnUW/51g2McIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPNuWptN8kCKzM9dnyv7uzny7LN324ZrNJI0kxa+T4p/JzXRKJnumK07az8eri29/9uXu54dzNbvrN07bro/G8Ze265KpJOfq+jEcme/WY89XHBxhmbBr3cTBsP0vAAD//w+7DV4=")
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e370248", 0x26}], 0x1}, 0x0)
socket$kcm(0x10, 0x3, 0x10)

137.768714ms ago: executing program 3 (id=1603):
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="03a3d74264beee3a4b5819ed386dc61a7e0fd90af404bed6e723504aaae4078ff6a7f4673c3b4171b4d1dd38873132505a64d3efbf9549176ec500e908cc5cd9e8e492c25357f4ef1df4148b92f50e6781bbf3017932d96882adc64bb89555353e99e02408747553ea7bd60b6600cba03a1e7025e20ea03f8382834177c7d7c01d138d685d73d18d7fa2e189df9ec406955e4c708ae049ca2b63861d09b69ed6ecf7a3fbb5d2cfb4d6e3529bc24f72"], 0x13)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000006100)=""/102389, 0x18ff5}], 0x1, 0xfffffffd, 0x8)
shutdown(0xffffffffffffffff, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0xffffff98)
socket(0x26, 0x0, 0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x6d, '\x00', 0x0, 0x0, r1}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='ext4_get_implied_cluster_alloc_exit\x00', r1}, 0x10)
futex(&(0x7f00000002c0)=0x2, 0x8c, 0x1, 0x0, 0x0, 0x2)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x96ff03)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
socket$inet6(0xa, 0x0, 0x80000000)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x1c1c40, 0x0)
fcntl$setsig(r3, 0xa, 0x13)
fcntl$setlease(r3, 0x400, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
times(0xfffffffffffffffe)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000021000100fffe0900010073797a30000000000900030073797a3200000000f8000000060a010400000000000000000100000008000b4000000000d0000480540001800a00010072656469720000004400028008000340000000020800034000000003080002400000000c0800034000000010080002400000000f0800034000000011080001400000001508000340000000001c0001800a00010072616e67650000000c000280080001400000000a3c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x16c}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x76, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000e5000084aaa5966701c0000000000000003a3ce0a4bdee3428261a6246533cb334095b7d4868bf3a00b3c9273d992f4064b0a1fab7a1f9b618b3d548530f7ec3d76394"])
socket$nl_generic(0x10, 0x3, 0x10)

0s ago: executing program 1 (id=1604):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2008410, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRESDEC], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
ftruncate(r0, 0xc17a)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000040)={0x0, 0x800})

kernel console output (not intermixed with test programs):

endor=0525, idProduct=a4a1, bcdDevice= 0.40
[  173.875268][ T7815] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  173.878452][ T5244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.883060][ T7815] F2FS-fs (loop3): invalid crc value
[  173.884275][ T5244] usb 5-1: Product: syz
[  173.888112][ T5244] usb 5-1: Manufacturer: syz
[  173.890101][ T5244] usb 5-1: SerialNumber: syz
[  173.890300][ T7815] F2FS-fs (loop3): Found nat_bits in checkpoint
[  173.939384][ T7815] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  173.941966][ T7815] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  174.133538][ T7808] loop0: detected capacity change from 0 to 512
[  174.152343][ T7808] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  174.158292][ T7808] EXT4-fs (loop0): 1 truncate cleaned up
[  174.162911][ T7808] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.214961][ T5202] bcachefs (loop1): shutting down
[  174.217958][ T5202] bcachefs (loop1): going read-only
[  174.220510][ T5202] bcachefs (loop1): finished waiting for writes to stop
[  174.226436][ T5202] bcachefs (loop1): flushing journal and stopping allocators, journal seq 12
[  174.230904][ T5202] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 12
[  174.239163][ T5202] bcachefs (loop1): shutdown complete, journal seq 13
[  174.243023][ T5202] bcachefs (loop1): marking filesystem clean
[  174.269975][ T5202] bcachefs (loop1): shutdown complete
[  174.414594][ T5244] cdc_ncm 5-1:1.0: bind() failure
[  174.421366][ T5244] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  174.424032][ T5244] cdc_ncm 5-1:1.1: bind() failure
[  174.428039][ T5244] usb 5-1: USB disconnect, device number 5
[  174.702854][ T7829] sctp: [Deprecated]: syz.1.776 (pid 7829) Use of int in max_burst socket option deprecated.
[  174.702854][ T7829] Use struct sctp_assoc_value instead
[  174.917791][ T7842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.780'.
[  174.990505][ T7841] netlink: 4 bytes leftover after parsing attributes in process `syz.3.779'.
[  175.021911][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.185025][ T7858] sctp: [Deprecated]: syz.3.785 (pid 7858) Use of int in max_burst socket option deprecated.
[  175.185025][ T7858] Use struct sctp_assoc_value instead
[  175.228839][ T7860] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  175.231312][ T7860] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  175.235196][ T7860] vhci_hcd vhci_hcd.0: Device attached
[  175.350351][ T7871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.789'.
[  175.460910][ T5265] vhci_hcd: vhci_device speed not set
[  175.536324][ T5265] usb 13-1: new full-speed USB device number 7 using vhci_hcd
[  175.553998][ T7863] vhci_hcd: connection closed
[  175.554286][ T1193] vhci_hcd: stop threads
[  175.561064][ T1193] vhci_hcd: release socket
[  175.563053][ T1193] vhci_hcd: disconnect device
[  175.717316][ T7892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.799'.
[  175.741111][ T5244] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  175.927729][ T5244] usb 6-1: Using ep0 maxpacket: 32
[  175.932867][ T5244] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.939022][ T5244] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.943309][ T5244] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  175.947737][ T5244] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  175.952158][ T5244] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  175.956266][ T5244] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  175.964019][ T5244] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  175.968728][ T5244] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.971945][ T5244] usb 6-1: Product: syz
[  175.973677][ T5244] usb 6-1: Manufacturer: syz
[  175.975619][ T5244] usb 6-1: SerialNumber: syz
[  176.232601][ T7876] loop1: detected capacity change from 0 to 512
[  176.247757][ T5214] Bluetooth: hci0: command 0x0406 tx timeout
[  176.250845][ T5214] Bluetooth: hci2: command 0x0406 tx timeout
[  176.253461][ T5218] Bluetooth: hci3: command 0x0406 tx timeout
[  176.253699][ T5204] Bluetooth: hci1: command 0x0406 tx timeout
[  176.278566][ T7876] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  176.284252][ T7876] EXT4-fs (loop1): 1 truncate cleaned up
[  176.288788][ T7876] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.346536][ T7905] loop3: detected capacity change from 0 to 40427
[  176.355186][ T7905] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  176.359153][ T7905] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  176.368703][ T7905] F2FS-fs (loop3): invalid crc value
[  176.391490][ T7905] F2FS-fs (loop3): Found nat_bits in checkpoint
[  176.437642][ T7905] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  176.440859][ T7905] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  176.500481][ T5244] cdc_ncm 6-1:1.0: bind() failure
[  176.505645][ T5244] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  176.508792][ T5244] cdc_ncm 6-1:1.1: bind() failure
[  176.513055][ T5244] usb 6-1: USB disconnect, device number 9
[  176.573413][ T7927] netlink: 'syz.0.811': attribute type 4 has an invalid length.
[  176.595832][ T7927] netlink: 'syz.0.811': attribute type 4 has an invalid length.
[  177.073044][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.373015][ T7935] netlink: 180 bytes leftover after parsing attributes in process `syz.0.814'.
[  177.392458][ T7938] bond0: (slave bond_slave_0): Releasing backup interface
[  177.431894][ T7940] loop0: detected capacity change from 0 to 512
[  177.445972][ T7943] sctp: [Deprecated]: syz.3.817 (pid 7943) Use of int in max_burst socket option deprecated.
[  177.445972][ T7943] Use struct sctp_assoc_value instead
[  177.450862][ T7940] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  177.457085][ T7940] EXT4-fs (loop0): 1 truncate cleaned up
[  177.462357][ T7940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.562986][ T7945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.818'.
[  177.733134][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.924332][ T7954] lo speed is unknown, defaulting to 1000
[  177.936603][ T7954] lo speed is unknown, defaulting to 1000
[  177.946325][ T7954] lo speed is unknown, defaulting to 1000
[  178.134526][ T7954] infiniband syz0: set active
[  178.138819][ T7954] infiniband syz0: added lo
[  178.139845][   T74] lo speed is unknown, defaulting to 1000
[  178.210641][ T7954] RDS/IB: syz0: added
[  178.239003][ T7954] smc: adding ib device syz0 with port count 1
[  178.241461][ T7954] smc:    ib device syz0 port 1 has pnetid 
[  178.250709][   T74] lo speed is unknown, defaulting to 1000
[  178.256136][ T7954] lo speed is unknown, defaulting to 1000
[  178.457250][ T7954] lo speed is unknown, defaulting to 1000
[  178.530120][ T7968] bond0: (slave bond_slave_0): Releasing backup interface
[  178.737969][ T7954] lo speed is unknown, defaulting to 1000
[  178.762352][ T7972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.828'.
[  178.801641][ T7978] loop1: detected capacity change from 0 to 512
[  178.831225][ T7978] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  178.838976][ T7978] EXT4-fs (loop1): 1 truncate cleaned up
[  178.842625][ T7978] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.918772][ T7983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.830'.
[  178.971850][ T7983] macsec1: entered promiscuous mode
[  179.011311][ T7954] lo speed is unknown, defaulting to 1000
[  179.164123][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.233010][ T7954] lo speed is unknown, defaulting to 1000
[  179.594538][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.839'.
[  179.706733][ T8016] pimreg: entered allmulticast mode
[  179.733185][ T8017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  179.766933][ T8019] loop2: detected capacity change from 0 to 512
[  179.778873][ T8019] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  179.784944][ T8019] EXT4-fs (loop2): 1 truncate cleaned up
[  179.789513][ T8019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.821344][ T8017] netlink: 12 bytes leftover after parsing attributes in process `syz.0.841'.
[  180.086715][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.316828][ T8025] lo speed is unknown, defaulting to 1000
[  180.667905][ T5265] vhci_hcd: vhci_device speed not set
[  180.844217][ T8047] netlink: 180 bytes leftover after parsing attributes in process `syz.1.852'.
[  180.961249][ T8058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.857'.
[  180.964761][ T8058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.857'.
[  181.091902][ T8058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.857'.
[  181.500754][ T8077] syz0: rxe_newlink: already configured on lo
[  181.518236][ T8082] netlink: 180 bytes leftover after parsing attributes in process `syz.1.864'.
[  181.873065][ T8089] loop0: detected capacity change from 0 to 40427
[  181.878240][ T8089] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  181.881666][ T8089] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  181.888861][ T8097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.871'.
[  181.893713][ T8089] F2FS-fs (loop0): invalid crc value
[  181.905431][ T8089] F2FS-fs (loop0): Found nat_bits in checkpoint
[  181.922895][ T8097] macsec1: entered promiscuous mode
[  181.950696][ T8089] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  181.953886][ T8089] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  182.122444][ T8112] netlink: 180 bytes leftover after parsing attributes in process `syz.2.874'.
[  182.264578][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.876'.
[  182.275257][ T8117] rdma_rxe: rxe_newlink: failed to add lo
[  182.378915][ T8128] syz_tun: entered promiscuous mode
[  182.388341][ T8128] syz_tun: left promiscuous mode
[  182.602937][ T8139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.851415][ T8141] pimreg: entered allmulticast mode
[  182.859216][ T8143] loop0: detected capacity change from 0 to 512
[  182.870989][ T8143] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  182.880031][ T8143] EXT4-fs (loop0): 1 truncate cleaned up
[  182.883140][ T8143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.178305][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.214462][ T8148] netlink: 180 bytes leftover after parsing attributes in process `syz.2.885'.
[  183.410428][ T8153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.887'.
[  183.636147][ T8162] loop3: detected capacity change from 0 to 40427
[  183.642710][ T8162] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  183.645948][ T8162] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  183.651319][ T8162] F2FS-fs (loop3): invalid crc value
[  183.656290][ T8162] F2FS-fs (loop3): Found nat_bits in checkpoint
[  183.703065][ T8162] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  183.706414][ T8162] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  183.726956][ T8176] loop1: detected capacity change from 0 to 512
[  183.742381][ T8176] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  183.748711][ T8176] EXT4-fs (loop1): 1 truncate cleaned up
[  183.752732][ T8176] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.966474][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.992033][ T8189] macsec1: entered promiscuous mode
[  184.381823][ T8207] loop1: detected capacity change from 0 to 512
[  184.390111][ T8207] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  184.393497][ T8207] EXT4-fs (loop1): 1 truncate cleaned up
[  184.396094][ T8207] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.638276][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.679897][ T8217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.801292][ T8224] macsec1: entered promiscuous mode
[  185.027721][ T8222] loop3: detected capacity change from 0 to 40427
[  185.032369][ T8222] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  185.035797][ T8222] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  185.041978][ T8222] F2FS-fs (loop3): invalid crc value
[  185.051492][ T8222] F2FS-fs (loop3): Found nat_bits in checkpoint
[  185.084426][ T8222] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  185.087993][ T8222] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  185.164592][ T8239] loop1: detected capacity change from 0 to 512
[  185.171386][ T8239] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  185.175867][ T8239] EXT4-fs (loop1): 1 truncate cleaned up
[  185.179038][ T8239] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  185.363150][ T8248] netlink: 'syz.0.920': attribute type 4 has an invalid length.
[  185.373997][ T8248] infiniband syz0: set down
[  185.376375][ T5389] lo speed is unknown, defaulting to 1000
[  185.380453][ T5389] lo speed is unknown, defaulting to 1000
[  185.473352][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.649635][ T8252] macsec1: entered promiscuous mode
[  186.010073][ T8263] __nla_validate_parse: 9 callbacks suppressed
[  186.010089][ T8263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.923'.
[  186.031098][ T8263] team0: entered promiscuous mode
[  186.033444][ T8263] team_slave_1: entered promiscuous mode
[  186.037497][ T8262] team0: left promiscuous mode
[  186.039963][ T8262] team_slave_1: left promiscuous mode
[  186.120258][ T8265] netlink: 4 bytes leftover after parsing attributes in process `syz.1.928'.
[  186.204284][ T8278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.932'.
[  186.217413][ T8278] macsec1: entered promiscuous mode
[  186.394340][ T8291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.937'.
[  186.511637][ T8298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.938'.
[  186.518852][ T5211] Bluetooth: hci2: SCO packet for unknown connection handle 1955
[  186.712809][ T8317] netlink: 4 bytes leftover after parsing attributes in process `syz.2.943'.
[  186.762706][ T8319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.945'.
[  186.784410][ T8319] macsec1: entered promiscuous mode
[  187.005243][ T8324] netlink: 4 bytes leftover after parsing attributes in process `syz.2.947'.
[  187.020996][ T8326] netlink: 4 bytes leftover after parsing attributes in process `syz.3.948'.
[  187.220757][ T8339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.953'.
[  187.539784][ T5211] Bluetooth: hci1: SCO packet for unknown connection handle 1955
[  187.578976][ T8351] loop0: detected capacity change from 0 to 40427
[  187.587644][ T8351] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  187.591462][ T8351] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  187.596862][ T8351] F2FS-fs (loop0): invalid crc value
[  187.603127][ T8351] F2FS-fs (loop0): Found nat_bits in checkpoint
[  187.643372][ T8351] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  187.645974][ T8351] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  188.633538][ T5211] Bluetooth: hci2: SCO packet for unknown connection handle 1955
[  188.816340][ T8391] loop3: detected capacity change from 0 to 40427
[  188.828253][ T8391] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  188.831288][ T8391] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  188.837175][ T8391] F2FS-fs (loop3): invalid crc value
[  188.842851][ T8391] F2FS-fs (loop3): Found nat_bits in checkpoint
[  188.864563][ T8398] netlink: set zone limit has 8 unknown bytes
[  188.873140][ T8391] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  188.876027][ T8391] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  189.583466][ T8408] pimreg: entered allmulticast mode
[  190.037489][ T8423] netlink: set zone limit has 8 unknown bytes
[  190.248377][ T8431] netlink: 'syz.3.983': attribute type 4 has an invalid length.
[  190.270480][ T8431] netlink: 'syz.3.983': attribute type 4 has an invalid length.
[  191.051111][ T8466] __nla_validate_parse: 14 callbacks suppressed
[  191.051134][ T8466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.998'.
[  191.208419][ T8473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1001'.
[  191.718931][ T5362] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  191.919890][ T5362] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  191.924752][ T5362] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  191.928568][ T8494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1007'.
[  191.941082][ T5362] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  191.949813][ T8494] macsec1: entered promiscuous mode
[  191.952123][ T5362] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  191.958035][ T5362] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.961779][ T5362] usb 7-1: Product: syz
[  191.963614][ T5362] usb 7-1: Manufacturer: syz
[  191.965650][ T5362] usb 7-1: SerialNumber: syz
[  191.973442][ T5362] hub 7-1:1.0: bad descriptor, ignoring hub
[  191.976298][ T5362] hub 7-1:1.0: probe with driver hub failed with error -5
[  191.983479][ T8496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1008'.
[  192.141933][ T8503] syzkaller0: entered promiscuous mode
[  192.145623][ T8503] syzkaller0: entered allmulticast mode
[  192.197900][ T5362] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  192.251814][ T8502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1011'.
[  192.538156][ T5244] usb 7-1: USB disconnect, device number 4
[  192.543476][ T5244] usblp0: removed
[  193.360320][ T8529] loop2: detected capacity change from 0 to 40427
[  193.365373][ T8529] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  193.369238][ T8529] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  193.381334][ T8529] F2FS-fs (loop2): invalid crc value
[  193.389084][ T8529] F2FS-fs (loop2): Found nat_bits in checkpoint
[  193.464767][ T8529] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  193.472484][ T8529] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  193.853310][ T8536] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1020'.
[  194.011352][ T8538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1019'.
[  194.442661][ T8543] loop0: detected capacity change from 0 to 512
[  194.468154][ T8543] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  194.473065][ T8543] EXT4-fs (loop0): 1 truncate cleaned up
[  194.482740][ T8543] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.558619][ T8556] syz.2.1024 (pid 8556) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  194.598944][ T8556] ubi0: attaching mtd0
[  194.620880][ T8556] ubi0: scanning is finished
[  194.623566][ T8556] ubi0: empty MTD device detected
[  194.708160][ T8556] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  194.714271][ T8556] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  194.721382][ T8556] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  194.728200][ T8556] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  194.735993][ T8556] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  194.743262][ T8556] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  194.751318][ T8556] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1701572563
[  194.762751][ T8556] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  194.788224][ T8562] ubi0: background thread "ubi_bgt0d" started, PID 8562
[  194.800987][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.989749][ T8560] loop1: detected capacity change from 0 to 40427
[  195.005721][ T8560] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  195.026883][ T8560] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  195.049855][ T8560] F2FS-fs (loop1): invalid crc value
[  195.055353][ T8560] F2FS-fs (loop1): Found nat_bits in checkpoint
[  195.063384][ T8569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1031'.
[  195.088567][ T8570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1030'.
[  195.102929][ T8560] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  195.108202][ T8560] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  195.208186][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1033'.
[  195.235965][ T8580] macsec1: entered promiscuous mode
[  195.324788][ T8589] loop2: detected capacity change from 0 to 1024
[  195.331778][ T8587] loop0: detected capacity change from 0 to 512
[  195.332893][ T8589] hfsplus: creator requires a 4 character value
[  195.337444][ T8589] hfsplus: unable to parse mount options
[  195.343230][ T8587] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  195.348538][ T8587] EXT4-fs (loop0): 1 truncate cleaned up
[  195.352557][ T8587] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.401411][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.492718][ T6021] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  195.576881][ T8598] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  195.686446][ T8608] loop2: detected capacity change from 0 to 64
[  195.695291][ T8607] macsec1: entered promiscuous mode
[  195.756392][   T39] audit: type=1800 audit(1719406973.046:33): pid=8608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1046" name="bus" dev="loop2" ino=21 res=0 errno=0
[  195.913974][ T8613] loop2: detected capacity change from 0 to 1024
[  195.920519][ T8613] hfsplus: creator requires a 4 character value
[  195.931839][ T8613] hfsplus: unable to parse mount options
[  195.988378][ T6021] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  196.057001][ T8604] syz.0.1045 uses obsolete (PF_INET,SOCK_PACKET)
[  196.648532][ T8634] __nla_validate_parse: 4 callbacks suppressed
[  196.648544][ T8634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1056'.
[  196.747189][ T8626] loop1: detected capacity change from 0 to 40427
[  196.787689][ T8626] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  196.791419][ T8626] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  196.800362][ T8626] F2FS-fs (loop1): invalid crc value
[  196.805919][ T8626] F2FS-fs (loop1): Found nat_bits in checkpoint
[  196.843418][ T8642] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  196.846086][ T8642] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  196.850415][ T8642] vhci_hcd vhci_hcd.0: Device attached
[  196.851962][ T8626] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  196.855997][ T8626] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  196.881002][ T8648] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1057'.
[  197.067846][ T5244] vhci_hcd: vhci_device speed not set
[  197.137689][ T5244] usb 17-1: new full-speed USB device number 8 using vhci_hcd
[  197.142409][ T8644] vhci_hcd: connection closed
[  197.142680][   T45] vhci_hcd: stop threads
[  197.145887][   T45] vhci_hcd: release socket
[  197.147679][   T45] vhci_hcd: disconnect device
[  197.395147][ T5211] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  197.542563][ T8667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1064'.
[  197.701399][ T8671] ubi: mtd0 is already attached to ubi0
[  197.752023][ T8673] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1066'.
[  197.878792][ T8677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'.
[  197.880989][ T8675] loop2: detected capacity change from 0 to 512
[  197.887871][ T8677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'.
[  197.891518][ T8675] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  197.896432][ T8675] EXT4-fs (loop2): 1 truncate cleaned up
[  197.903925][ T8675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.965018][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1068'.
[  197.965234][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.138482][ T8681] loop0: detected capacity change from 0 to 4096
[  198.148396][ T8681] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  198.358655][   T35] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  198.524952][ T5211] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  198.557948][   T35] usb 8-1: Using ep0 maxpacket: 32
[  198.562113][   T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.566545][   T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  198.575139][   T35] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  198.579999][   T35] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  198.583814][   T35] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  198.587488][   T35] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  198.593019][   T35] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  198.596821][   T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.601800][   T35] usb 8-1: Product: syz
[  198.603472][   T35] usb 8-1: Manufacturer: syz
[  198.605218][   T35] usb 8-1: SerialNumber: syz
[  198.614500][ T8696] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1075'.
[  198.651311][ T8697] pimreg: entered allmulticast mode
[  198.844151][ T8687] loop3: detected capacity change from 0 to 512
[  198.865208][ T8687] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  198.870080][ T8687] EXT4-fs (loop3): 1 truncate cleaned up
[  198.873594][ T8687] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.077119][   T35] cdc_ncm 8-1:1.0: bind() failure
[  199.083736][   T35] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  199.086058][   T35] cdc_ncm 8-1:1.1: bind() failure
[  199.090274][   T35] usb 8-1: USB disconnect, device number 13
[  199.270947][ T8711] loop2: detected capacity change from 0 to 512
[  199.280337][ T8711] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  199.285177][ T8711] EXT4-fs (loop2): 1 truncate cleaned up
[  199.289199][ T8711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.335723][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.440249][ T5211] Bluetooth: hci1: SCO packet for unknown connection handle 1955
[  199.665944][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.781682][ T1355] ieee802154 phy0 wpan0: encryption failed: -22
[  199.783789][ T1355] ieee802154 phy1 wpan1: encryption failed: -22
[  199.792354][ T8723] loop0: detected capacity change from 0 to 4096
[  199.806083][ T8723] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  199.950535][ T8729] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1086'.
[  199.963468][ T8729] team0: entered promiscuous mode
[  199.968600][ T8729] team_slave_1: entered promiscuous mode
[  199.973992][ T8728] team0: left promiscuous mode
[  199.975912][ T5211] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  199.976286][ T8728] team_slave_1: left promiscuous mode
[  200.335312][ T8736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1090'.
[  200.487879][   T35] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  200.505759][ T8757] team0: entered promiscuous mode
[  200.508581][ T8757] team_slave_1: entered promiscuous mode
[  200.516309][ T8756] team0: left promiscuous mode
[  200.518711][ T8756] team_slave_1: left promiscuous mode
[  200.601488][ T8763] loop1: detected capacity change from 0 to 4096
[  200.606528][ T8763] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  200.618106][ T5269] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  200.670646][   T35] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  200.674898][   T35] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  200.679880][   T35] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  200.688182][   T35] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  200.692548][   T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.695227][   T35] usb 7-1: Product: syz
[  200.696777][   T35] usb 7-1: Manufacturer: syz
[  200.698441][   T35] usb 7-1: SerialNumber: syz
[  200.702789][   T35] hub 7-1:1.0: bad descriptor, ignoring hub
[  200.704852][   T35] hub 7-1:1.0: probe with driver hub failed with error -5
[  200.730840][ T8769] macsec1: entered promiscuous mode
[  200.818801][ T5269] usb 5-1: Using ep0 maxpacket: 32
[  200.836313][ T5269] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.850437][ T5269] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.856651][ T5269] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  200.862259][ T5269] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  200.866796][ T5269] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  200.871497][ T5269] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  200.878197][ T5269] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  200.882028][ T5269] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.885358][ T5269] usb 5-1: Product: syz
[  200.887127][ T5269] usb 5-1: Manufacturer: syz
[  200.889293][ T5269] usb 5-1: SerialNumber: syz
[  200.913638][   T35] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  201.112384][ T8746] loop0: detected capacity change from 0 to 512
[  201.133378][ T8746] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  201.137315][ T8746] EXT4-fs (loop0): 1 truncate cleaned up
[  201.140197][ T8746] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.257997][ T5208] usb 7-1: USB disconnect, device number 5
[  201.266529][ T5208] usblp0: removed
[  201.377444][ T5269] cdc_ncm 5-1:1.0: bind() failure
[  201.381519][ T5269] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  201.384244][ T5269] cdc_ncm 5-1:1.1: bind() failure
[  201.389609][ T5269] usb 5-1: USB disconnect, device number 6
[  201.397899][ T5195] udevd[5195]: setting mode of /dev/bus/usb/005/006 to 020664 failed: No such file or directory
[  201.405023][ T5195] udevd[5195]: setting owner of /dev/bus/usb/005/006 to uid=0, gid=0 failed: No such file or directory
[  201.417269][ T8788] team0: entered promiscuous mode
[  201.421485][ T8788] team_slave_1: entered promiscuous mode
[  201.425471][ T8787] team0: left promiscuous mode
[  201.427359][ T8787] team_slave_1: left promiscuous mode
[  201.575853][ T8793] loop1: detected capacity change from 0 to 1024
[  201.583772][ T8793] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  201.590546][ T8793] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  201.594086][ T8793] EXT4-fs (loop1): orphan cleanup on readonly fs
[  201.597413][ T8793] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz.1.1108: Freeing blocks not in datazone - block = 0, count = 4096
[  201.607863][ T8795] macsec1: entered promiscuous mode
[  201.607919][ T8793] EXT4-fs (loop1): 1 orphan inode deleted
[  201.612866][ T8793] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  201.688886][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.842171][ T8799] loop3: detected capacity change from 0 to 4096
[  201.847336][ T8799] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  201.937310][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.194639][ T8814] loop0: detected capacity change from 0 to 4096
[  202.199670][ T8814] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  202.252150][ T8816] __nla_validate_parse: 11 callbacks suppressed
[  202.252165][ T8816] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1120'.
[  202.267874][ T8816] macsec1: entered promiscuous mode
[  202.268857][ T5244] vhci_hcd: vhci_device speed not set
[  202.426694][ T8827] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1123'.
[  202.456301][ T8825] loop1: detected capacity change from 0 to 1024
[  202.470092][ T8825] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  202.489705][ T8825] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  202.496205][ T8825] EXT4-fs (loop1): orphan cleanup on readonly fs
[  202.503558][ T8825] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz.1.1122: Freeing blocks not in datazone - block = 0, count = 4096
[  202.518087][ T8825] EXT4-fs (loop1): 1 orphan inode deleted
[  202.522031][ T8825] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  202.544727][ T8829] loop3: detected capacity change from 0 to 1024
[  202.579981][ T8829] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  202.593857][ T8829] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  202.603125][ T8829] EXT4-fs (loop3): orphan cleanup on readonly fs
[  202.606141][ T8829] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1124: Freeing blocks not in datazone - block = 0, count = 4096
[  202.617319][ T8829] EXT4-fs (loop3): 1 orphan inode deleted
[  202.621142][ T8829] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  202.663693][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.744343][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.966334][ T8842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1129'.
[  203.014798][ T8844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1130'.
[  203.033236][ T8844] macsec1: entered promiscuous mode
[  203.116698][ T8848] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1132'.
[  203.133800][ T8849] netlink: 'syz.0.1131': attribute type 4 has an invalid length.
[  203.147215][ T5211] Bluetooth: hci0: SCO packet for unknown connection handle 1955
[  203.254224][ T8856] loop3: detected capacity change from 0 to 1024
[  203.280524][ T8856] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  203.289554][ T8856] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  203.296187][ T8856] EXT4-fs (loop3): orphan cleanup on readonly fs
[  203.300788][ T8856] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1135: Freeing blocks not in datazone - block = 0, count = 4096
[  203.315023][ T8856] EXT4-fs (loop3): 1 orphan inode deleted
[  203.320392][ T8856] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  203.428555][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.618196][ T8866] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1138'.
[  203.950231][ T8868] loop3: detected capacity change from 0 to 32768
[  203.956044][ T8868] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1139 (8868)
[  203.984880][ T8868] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  203.993517][ T8868] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  204.004227][ T8868] BTRFS info (device loop3): using free-space-tree
[  204.509767][ T8892] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1141'.
[  204.881729][ T8898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1143'.
[  204.913658][ T8898] macsec1: entered promiscuous mode
[  204.990150][ T5213] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  205.416322][ T8903] loop3: detected capacity change from 0 to 32768
[  205.426915][ T8903] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1144 (8903)
[  205.448503][ T8907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1147'.
[  205.453687][ T8903] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  205.464769][ T8903] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  205.468532][ T8903] BTRFS info (device loop3): using free-space-tree
[  205.567878][ T8922] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  205.570887][ T8922] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  205.579311][ T8922] vhci_hcd vhci_hcd.0: Device attached
[  205.650859][   T39] audit: type=1804 audit(1719406982.946:34): pid=8903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1144" name="/syzkaller.tUIpWp/294/file0/file1" dev="loop3" ino=260 res=1 errno=0
[  205.700935][ T5213] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9
[  205.778695][ T5389] vhci_hcd: vhci_device speed not set
[  205.848105][ T5389] usb 15-1: new full-speed USB device number 7 using vhci_hcd
[  205.861096][ T8929] vhci_hcd: connection closed
[  205.861407][   T13] vhci_hcd: stop threads
[  205.867323][   T13] vhci_hcd: release socket
[  205.868427][ T5208] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  205.870335][   T13] vhci_hcd: disconnect device
[  205.924459][ T8939] pimreg: left allmulticast mode
[  205.928700][ T8938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1152'.
[  206.027933][ T5211] Bluetooth: hci3: SCO packet for unknown connection handle 1955
[  206.057874][ T5208] usb 7-1: Using ep0 maxpacket: 32
[  206.064679][ T5208] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.073784][ T5208] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.083523][ T5208] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  206.087297][ T5208] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  206.093775][ T5208] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  206.098747][ T5208] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  206.104543][ T5208] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  206.108426][ T5208] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.112079][ T5208] usb 7-1: Product: syz
[  206.113900][ T5208] usb 7-1: Manufacturer: syz
[  206.115875][ T5208] usb 7-1: SerialNumber: syz
[  206.348528][ T8923] loop2: detected capacity change from 0 to 512
[  206.369987][ T8923] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  206.373831][ T8923] EXT4-fs (loop2): 1 truncate cleaned up
[  206.376534][ T8923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.513284][ T5208] cdc_ncm 7-1:1.0: bind() failure
[  206.519455][ T5208] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  206.532588][ T5208] cdc_ncm 7-1:1.1: bind() failure
[  206.548308][ T5208] usb 7-1: USB disconnect, device number 6
[  206.721072][ T8958] macsec1: entered promiscuous mode
[  206.902048][ T8965] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  206.904761][ T8965] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  206.908699][ T8965] vhci_hcd vhci_hcd.0: Device attached
[  207.093447][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.147487][ T8973] loop0: detected capacity change from 0 to 4096
[  207.158666][ T8973] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  207.361680][ T5211] Bluetooth: hci3: SCO packet for unknown connection handle 1955
[  208.218633][ T8968] vhci_hcd: connection closed
[  208.222352][ T1193] vhci_hcd: stop threads
[  208.225570][ T1193] vhci_hcd: release socket
[  208.231751][ T1193] vhci_hcd: disconnect device
[  208.289724][ T8996] __nla_validate_parse: 7 callbacks suppressed
[  208.289737][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1169'.
[  208.310640][ T8996] macsec1: entered promiscuous mode
[  208.437447][ T8999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1171'.
[  208.443539][ T8999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1171'.
[  208.584137][ T8999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1171'.
[  208.594719][ T9006] syzkaller0: entered promiscuous mode
[  208.596875][ T9006] syzkaller0: entered allmulticast mode
[  208.679245][ T5211] Bluetooth: hci3: SCO packet for unknown connection handle 1955
[  208.798206][ T5269] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  209.007670][ T5269] usb 6-1: Using ep0 maxpacket: 32
[  209.015002][ T5269] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.020311][ T5269] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.024392][ T5269] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  209.031887][ T5269] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  209.036126][ T5269] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  209.041397][ T5269] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  209.049534][ T5269] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  209.053910][ T5269] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.057426][ T5269] usb 6-1: Product: syz
[  209.063134][ T5269] usb 6-1: Manufacturer: syz
[  209.065407][ T5269] usb 6-1: SerialNumber: syz
[  209.366233][ T9011] loop1: detected capacity change from 0 to 512
[  209.381025][ T9011] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  209.386484][ T9011] EXT4-fs (loop1): 1 truncate cleaned up
[  209.390110][ T9011] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.096706][ T9021] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  210.099654][ T9021] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  210.107905][ T9021] vhci_hcd vhci_hcd.0: Device attached
[  210.338438][ T1264] vhci_hcd: vhci_device speed not set
[  210.407688][ T1264] usb 17-1: new full-speed USB device number 9 using vhci_hcd
[  210.417459][ T9023] vhci_hcd: connection closed
[  210.420286][ T3477] vhci_hcd: stop threads
[  210.427068][ T3477] vhci_hcd: release socket
[  210.435697][ T3477] vhci_hcd: disconnect device
[  210.763827][ T5269] cdc_ncm 6-1:1.0: bind() failure
[  210.770826][ T5269] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  210.773966][ T5269] cdc_ncm 6-1:1.1: bind() failure
[  210.790902][ T5269] usb 6-1: USB disconnect, device number 10
[  210.978127][ T5389] vhci_hcd: vhci_device speed not set
[  211.011805][ T9032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1180'.
[  211.024946][ T9032] macsec1: entered promiscuous mode
[  211.040574][ T9028] loop3: detected capacity change from 0 to 32768
[  211.052699][ T9028] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1178 (9028)
[  211.069849][ T9028] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  211.074442][ T9028] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  211.078559][ T9028] BTRFS info (device loop3): using free-space-tree
[  211.386648][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.428820][ T5213] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  211.581404][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1185'.
[  211.684386][ T9071] loop3: detected capacity change from 0 to 1024
[  211.706384][ T9071] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  211.714954][ T9071] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  211.721307][ T9071] EXT4-fs (loop3): orphan cleanup on readonly fs
[  211.725169][ T9071] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1183: Freeing blocks not in datazone - block = 0, count = 4096
[  211.732632][ T9071] EXT4-fs (loop3): 1 orphan inode deleted
[  211.737131][ T9071] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  211.758943][ T9076] syzkaller0: entered promiscuous mode
[  211.761522][ T9076] syzkaller0: entered allmulticast mode
[  211.818460][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.176878][ T9087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1191'.
[  212.455845][ T9090] loop1: detected capacity change from 0 to 256
[  212.474398][ T9088] loop3: detected capacity change from 0 to 32768
[  212.487780][ T9088] bcachefs (/dev/loop3): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-4502-8265-f57f48ba6d81)
[  212.541764][ T9090] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  212.667273][ T9088] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  212.674226][ T9088] bcachefs (loop3): recovering from clean shutdown, journal seq 13
[  212.712691][ T9088] bcachefs (loop3): alloc_read... done
[  212.715198][ T9088] bcachefs (loop3): stripes_read... done
[  212.717967][ T9088] bcachefs (loop3): snapshots_read... done
[  212.723596][ T9088] bcachefs (loop3): journal_replay... done
[  212.726300][ T9088] bcachefs (loop3): resume_logged_ops... done
[  212.729654][ T9088] bcachefs (loop3): going read-write
[  212.743004][ T9088] bcachefs (loop3): done starting filesystem
[  213.236874][ T9088] syz.3.1191 (9088) used greatest stack depth: 18520 bytes left
[  213.865305][ T9079] netlink: 'syz.0.1189': attribute type 4 has an invalid length.
[  213.916707][ T5213] bcachefs (loop3): shutting down
[  213.926317][ T5213] bcachefs (loop3): going read-only
[  213.931974][ T5213] bcachefs (loop3): finished waiting for writes to stop
[  213.946150][ T5213] bcachefs (loop3): flushing journal and stopping allocators, journal seq 14
[  213.974353][ T5213] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 16
[  213.983050][ T5213] bcachefs (loop3): shutdown complete, journal seq 17
[  213.986369][ T5213] bcachefs (loop3): marking filesystem clean
[  214.045172][ T5213] bcachefs (loop3): shutdown complete
[  214.155848][ T9111] loop2: detected capacity change from 0 to 1024
[  214.199190][ T9111] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  214.241954][ T9111] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  214.245731][ T9111] EXT4-fs (loop2): orphan cleanup on readonly fs
[  214.250389][ T9111] EXT4-fs error (device loop2): ext4_free_blocks:6589: comm syz.2.1197: Freeing blocks not in datazone - block = 0, count = 4096
[  214.271710][ T9111] EXT4-fs (loop2): 1 orphan inode deleted
[  214.275715][ T9111] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  214.335744][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.702087][ T9133] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1203'.
[  214.717716][   T56] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  214.900855][   T56] usb 8-1: Using ep0 maxpacket: 32
[  214.905177][   T56] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.909834][   T56] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.913749][   T56] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  214.918130][   T56] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  214.921921][   T56] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  214.926089][   T56] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  214.932659][   T56] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  214.936771][   T56] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.940792][   T56] usb 8-1: Product: syz
[  214.942860][   T56] usb 8-1: Manufacturer: syz
[  214.945039][   T56] usb 8-1: SerialNumber: syz
[  214.949889][ T9133] loop2: detected capacity change from 0 to 32768
[  214.957091][ T9133] bcachefs (/dev/loop2): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-4502-8265-f57f48ba6d81)
[  215.022042][ T9133] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  215.030860][ T9133] bcachefs (loop2): recovering from clean shutdown, journal seq 13
[  215.057499][ T9133] bcachefs (loop2): alloc_read... done
[  215.061899][ T9133] bcachefs (loop2): stripes_read... done
[  215.064987][ T9133] bcachefs (loop2): snapshots_read... done
[  215.086466][ T9133] bcachefs (loop2): journal_replay... done
[  215.089568][ T9133] bcachefs (loop2): resume_logged_ops... done
[  215.091786][ T9133] bcachefs (loop2): going read-write
[  215.121814][ T9133] bcachefs (loop2): done starting filesystem
[  215.181675][ T9143] syzkaller0: entered promiscuous mode
[  215.184217][ T9143] syzkaller0: entered allmulticast mode
[  215.186803][ T9146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1205'.
[  215.212668][ T9126] loop3: detected capacity change from 0 to 512
[  215.250908][ T9126] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  215.257008][ T9126] EXT4-fs (loop3): 1 truncate cleaned up
[  215.263999][ T9126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.322400][ T9153] loop0: detected capacity change from 0 to 256
[  215.343148][ T9153] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  215.400493][ T9153] Process accounting resumed
[  215.481095][   T56] cdc_ncm 8-1:1.0: bind() failure
[  215.486791][   T56] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  215.491032][   T56] cdc_ncm 8-1:1.1: bind() failure
[  215.496441][   T56] usb 8-1: USB disconnect, device number 14
[  215.528015][ T1264] vhci_hcd: vhci_device speed not set
[  215.635037][ T9133] syz.2.1203 (9133) used greatest stack depth: 18176 bytes left
[  215.697415][ T5205] bcachefs (loop2): shutting down
[  215.700004][ T5205] bcachefs (loop2): going read-only
[  215.703524][ T5205] bcachefs (loop2): finished waiting for writes to stop
[  215.717978][ T5205] bcachefs (loop2): flushing journal and stopping allocators, journal seq 14
[  215.749811][ T5205] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 16
[  215.768961][ T5205] bcachefs (loop2): shutdown complete, journal seq 17
[  215.773967][ T5205] bcachefs (loop2): marking filesystem clean
[  215.811427][ T5205] bcachefs (loop2): shutdown complete
[  216.133152][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.775870][ T9175] loop3: detected capacity change from 0 to 32768
[  216.799745][ T9175] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1213 (9175)
[  216.842846][ T9175] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  216.848452][ T9175] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  216.852772][ T9175] BTRFS info (device loop3): disk space caching is enabled
[  217.013592][ T9175] BTRFS info (device loop3): rebuilding free space tree
[  217.023218][ T9175] BTRFS info (device loop3): disabling free space tree
[  217.026478][ T9175] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  217.032692][ T9175] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  217.828765][ T9199] pimreg: left allmulticast mode
[  218.100753][ T9203] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1215'.
[  218.593757][ T5211] Bluetooth: hci2: SCO packet for unknown connection handle 1955
[  219.041319][ T9223] loop2: detected capacity change from 0 to 32768
[  219.055095][ T9223] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1223 (9223)
[  219.089230][ T9223] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  219.095248][ T9223] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  219.100586][ T9223] BTRFS info (device loop2): using free-space-tree
[  220.018711][ T9246] loop0: detected capacity change from 0 to 32768
[  220.052663][ T9246] BTRFS: device /dev/loop0 (7:0) using temp-fsid 7ce172cb-b9f1-4076-98b1-adc429fc860a
[  220.061555][ T9246] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1225 (9246)
[  220.082519][ T9246] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  220.087675][ T9246] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  220.094460][ T9246] BTRFS info (device loop0): using free-space-tree
[  220.450194][ T5207] BTRFS info (device loop0): last unmount of filesystem 7ce172cb-b9f1-4076-98b1-adc429fc860a
[  220.771265][ T9268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1227'.
[  220.791008][ T5205] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  220.817861][ T9268] team0: entered promiscuous mode
[  220.820829][ T9268] team_slave_1: entered promiscuous mode
[  220.833160][ T9267] team0: left promiscuous mode
[  220.846323][ T9267] team_slave_1: left promiscuous mode
[  220.869072][ T5213] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  221.184287][ T9279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'.
[  221.294014][ T9283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1232'.
[  221.306990][ T9284] loop3: detected capacity change from 0 to 256
[  221.324241][ T9284] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  221.343786][ T9284] Process accounting resumed
[  221.372383][ T9286] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1233'.
[  221.492868][ T9289] pimreg: entered allmulticast mode
[  221.529388][ T9289] pimreg: left allmulticast mode
[  221.638537][ T9283] loop1: detected capacity change from 0 to 32768
[  221.649391][ T9283] bcachefs (/dev/loop1): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-4502-8265-f57f48ba6d81)
[  221.779768][ T9283] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  221.812208][ T9283] bcachefs (loop1): recovering from clean shutdown, journal seq 13
[  221.825464][ T9291] loop2: detected capacity change from 0 to 32768
[  221.836154][ T9291] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1235 (9291)
[  221.860823][ T9291] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.869579][ T9283] bcachefs (loop1): alloc_read... done
[  221.872897][ T9283] bcachefs (loop1): stripes_read... done
[  221.875902][ T9291] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  221.884300][ T9283] bcachefs (loop1): snapshots_read... done
[  221.886941][ T9291] BTRFS info (device loop2): using free-space-tree
[  221.889996][ T9283] bcachefs (loop1): journal_replay... done
[  221.892416][ T9283] bcachefs (loop1): resume_logged_ops... done
[  221.895023][ T9283] bcachefs (loop1): going read-write
[  221.900153][ T9283] bcachefs (loop1): done starting filesystem
[  222.121852][ T9323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1238'.
[  222.152188][ T9323] team0: entered promiscuous mode
[  222.154750][ T9323] team_slave_1: entered promiscuous mode
[  222.162163][ T9322] team0: left promiscuous mode
[  222.164789][ T9322] team_slave_1: left promiscuous mode
[  222.275179][ T9283] syz.1.1232 (9283) used greatest stack depth: 17496 bytes left
[  222.304831][ T9304] loop3: detected capacity change from 0 to 32768
[  222.310369][ T9304] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1237 (9304)
[  222.325259][ T9304] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  222.332121][ T9304] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  222.341926][ T5205] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.348285][ T9304] BTRFS info (device loop3): disk space caching is enabled
[  222.352844][ T5202] bcachefs (loop1): shutting down
[  222.355117][ T5202] bcachefs (loop1): going read-only
[  222.357709][ T5202] bcachefs (loop1): finished waiting for writes to stop
[  222.364157][ T5202] bcachefs (loop1): flushing journal and stopping allocators, journal seq 14
[  222.398158][ T5202] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 16
[  222.437097][ T5202] bcachefs (loop1): shutdown complete, journal seq 17
[  222.446737][ T5202] bcachefs (loop1): marking filesystem clean
[  222.505749][ T5202] bcachefs (loop1): shutdown complete
[  222.672112][ T9304] BTRFS info (device loop3): rebuilding free space tree
[  222.720187][ T9304] BTRFS info (device loop3): disabling free space tree
[  222.728114][ T9304] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  222.741186][ T9304] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  222.932850][ T9361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1241'.
[  223.128606][   T74] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  223.317717][   T74] usb 7-1: Using ep0 maxpacket: 32
[  223.323460][   T74] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.330179][   T74] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.344703][   T74] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  223.349882][   T74] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  223.354249][   T74] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  223.377784][   T74] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  223.384966][   T74] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  223.389610][   T74] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.397950][   T74] usb 7-1: Product: syz
[  223.399972][   T74] usb 7-1: Manufacturer: syz
[  223.402174][   T74] usb 7-1: SerialNumber: syz
[  223.414320][ T9365] pimreg: left allmulticast mode
[  223.644795][ T9358] loop2: detected capacity change from 0 to 512
[  223.662881][ T9358] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  223.675091][ T9358] EXT4-fs (loop2): 1 truncate cleaned up
[  223.680501][ T9358] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.921710][   T74] cdc_ncm 7-1:1.0: bind() failure
[  223.926415][   T74] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  223.929966][   T74] cdc_ncm 7-1:1.1: bind() failure
[  223.944714][   T74] usb 7-1: USB disconnect, device number 7
[  224.248236][ T9372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1248'.
[  224.265462][ T9372] team0: entered promiscuous mode
[  224.271927][ T9372] team_slave_1: entered promiscuous mode
[  224.280084][ T9371] team0: left promiscuous mode
[  224.283611][ T9371] team_slave_1: left promiscuous mode
[  224.496219][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.582990][ T9378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1250'.
[  224.846042][ T9378] loop1: detected capacity change from 0 to 32768
[  224.855370][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  224.872771][ T9378] bcachefs (/dev/loop1): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-4502-8265-f57f48ba6d81)
[  225.024480][ T9378] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  225.034007][ T9378] bcachefs (loop1): recovering from clean shutdown, journal seq 13
[  225.175345][ T9378] bcachefs (loop1): alloc_read... done
[  225.177114][ T9398] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1256'.
[  225.184039][ T9378] bcachefs (loop1): stripes_read... done
[  225.187880][ T9378] bcachefs (loop1): snapshots_read... done
[  225.193474][ T9378] bcachefs (loop1): journal_replay... done
[  225.198903][ T9378] bcachefs (loop1): resume_logged_ops... done
[  225.206566][ T9378] bcachefs (loop1): going read-write
[  225.220875][ T9378] bcachefs (loop1): done starting filesystem
[  225.231952][ T9398] macsec1: entered promiscuous mode
[  225.465536][ T9404] loop2: detected capacity change from 0 to 512
[  225.476151][ T9404] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  225.482587][ T9404] EXT4-fs (loop2): 1 truncate cleaned up
[  225.486893][ T9404] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.734093][ T5202] bcachefs (loop1): shutting down
[  225.736186][ T5202] bcachefs (loop1): going read-only
[  225.739528][ T5202] bcachefs (loop1): finished waiting for writes to stop
[  225.743497][ T5202] bcachefs (loop1): flushing journal and stopping allocators, journal seq 14
[  225.768631][ T5202] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 15
[  225.785652][ T5202] bcachefs (loop1): shutdown complete, journal seq 16
[  225.790413][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.791283][ T5202] bcachefs (loop1): marking filesystem clean
[  225.843974][ T5202] bcachefs (loop1): shutdown complete
[  225.929682][ T5211] Bluetooth: hci1: SCO packet for unknown connection handle 1955
[  225.968947][ T9410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1257'.
[  225.983563][ T9410] team0: entered promiscuous mode
[  225.988529][ T9410] team_slave_1: entered promiscuous mode
[  226.023830][ T9409] team0: left promiscuous mode
[  226.026902][ T9409] team_slave_1: left promiscuous mode
[  226.567444][ T9423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1262'.
[  226.715206][ T5213] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  226.888833][ T9427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1265'.
[  226.979196][ T9429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1266'.
[  226.993471][ T9429] macsec1: entered promiscuous mode
[  227.200797][ T9440] loop1: detected capacity change from 0 to 512
[  227.237810][ T9440] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  227.246091][ T9440] EXT4-fs (loop1): 1 truncate cleaned up
[  227.251825][ T9440] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.549804][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.957357][ T9462] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1271'.
[  228.577652][   T74] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  228.791212][   T74] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  228.813420][   T74] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  228.828275][   T74] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  228.840101][   T74] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  228.843991][   T74] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.857424][   T74] usb 6-1: Product: syz
[  228.867834][   T74] usb 6-1: Manufacturer: syz
[  228.871197][   T74] usb 6-1: SerialNumber: syz
[  228.903643][   T74] hub 6-1:1.0: bad descriptor, ignoring hub
[  228.917834][   T74] hub 6-1:1.0: probe with driver hub failed with error -5
[  229.115303][   T74] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  229.448346][ T5244] usb 6-1: USB disconnect, device number 11
[  229.453752][ T5244] usblp0: removed
[  229.537373][ T9473] loop0: detected capacity change from 0 to 32768
[  229.694944][ T9473] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  229.704947][ T9473] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  229.735319][ T9473] bcachefs (loop0): alloc_read... done
[  229.741123][ T9473] bcachefs (loop0): stripes_read... done
[  229.748930][ T9473] bcachefs (loop0): snapshots_read... done
[  229.760955][ T9473] bcachefs (loop0): journal_replay... done
[  229.775748][ T9473] bcachefs (loop0): resume_logged_ops... done
[  229.785550][ T9473] bcachefs (loop0): going read-write
[  229.792395][ T9473] bcachefs (loop0): done starting filesystem
[  230.099762][ T9491] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  230.102758][ T9491] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  230.116442][ T9491] vhci_hcd vhci_hcd.0: Device attached
[  230.227276][    C3] vkms_vblank_simulate: vblank timer overrun
[  230.277996][    C3] vkms_vblank_simulate: vblank timer overrun
[  230.327684][    T8] vhci_hcd: vhci_device speed not set
[  230.397839][    T8] usb 15-1: new full-speed USB device number 8 using vhci_hcd
[  230.429383][ T9495] vhci_hcd: connection closed
[  230.429759][ T3477] vhci_hcd: stop threads
[  230.434403][ T3477] vhci_hcd: release socket
[  230.439029][ T3477] vhci_hcd: disconnect device
[  230.738314][ T9504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1284'.
[  230.842659][ T9506] syzkaller0: entered promiscuous mode
[  230.846224][ T9506] syzkaller0: entered allmulticast mode
[  230.853433][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1286'.
[  231.043310][ T9511] loop1: detected capacity change from 0 to 512
[  231.073365][ T9511] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  231.082314][ T9511] EXT4-fs (loop1): blocks per group (3008) and clusters per group (32768) inconsistent
[  232.831885][ T9515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1288'.
[  233.187901][ T9516] loop1: detected capacity change from 0 to 32768
[  233.224278][ T9516] bcachefs (/dev/loop1): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-4502-8265-f57f48ba6d81)
[  233.386236][ T9516] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  233.396768][ T9516] bcachefs (loop1): recovering from clean shutdown, journal seq 13
[  233.459566][ T9516] bcachefs (loop1): alloc_read... done
[  233.462093][ T9516] bcachefs (loop1): stripes_read... done
[  233.464697][ T9516] bcachefs (loop1): snapshots_read... done
[  233.483402][ T9516] bcachefs (loop1): journal_replay... done
[  233.486212][ T9516] bcachefs (loop1): resume_logged_ops... done
[  233.490425][ T9516] bcachefs (loop1): going read-write
[  233.535547][ T9516] bcachefs (loop1): done starting filesystem
[  233.658353][ T9508] macsec1: entered promiscuous mode
[  233.707287][    C3] vkms_vblank_simulate: vblank timer overrun
[  233.961952][ T9516] syz.1.1288 (9516) used greatest stack depth: 17152 bytes left
[  234.003836][ T5202] bcachefs (loop1): shutting down
[  234.006521][ T5202] bcachefs (loop1): going read-only
[  234.011698][ T5202] bcachefs (loop1): finished waiting for writes to stop
[  234.028625][ T5202] bcachefs (loop1): flushing journal and stopping allocators, journal seq 14
[  234.055859][ T5202] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 16
[  234.076200][ T5202] bcachefs (loop1): shutdown complete, journal seq 17
[  234.080469][ T5202] bcachefs (loop1): marking filesystem clean
[  234.144989][ T5202] bcachefs (loop1): shutdown complete
[  234.248081][   T35] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  234.460679][   T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  234.468425][   T35] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  234.475099][   T35] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  234.484204][   T35] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  234.497638][   T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.513422][   T35] usb 8-1: Product: syz
[  234.515682][   T35] usb 8-1: Manufacturer: syz
[  234.529345][   T35] usb 8-1: SerialNumber: syz
[  234.542224][   T35] hub 8-1:1.0: bad descriptor, ignoring hub
[  234.545093][   T35] hub 8-1:1.0: probe with driver hub failed with error -5
[  234.753445][   T35] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  234.768063][ T5207] bcachefs (loop0): shutting down
[  234.777042][ T5207] bcachefs (loop0): going read-only
[  234.779885][ T5207] bcachefs (loop0): finished waiting for writes to stop
[  234.786072][ T5207] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12
[  234.794098][ T5207] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12
[  234.802678][ T5207] bcachefs (loop0): shutdown complete, journal seq 13
[  234.811347][ T5207] bcachefs (loop0): marking filesystem clean
[  234.857824][ T5207] bcachefs (loop0): shutdown complete
[  235.088411][   T35] usb 8-1: USB disconnect, device number 15
[  235.127930][   T35] usblp0: removed
[  235.527686][    T8] vhci_hcd: vhci_device speed not set
[  235.741253][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1299'.
[  235.754524][ T9557] macsec1: entered promiscuous mode
[  236.080524][ T9560] loop1: detected capacity change from 0 to 256
[  236.154030][ T9560] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  236.742071][    C3] vkms_vblank_simulate: vblank timer overrun
[  237.086088][ T9574] netlink: 892 bytes leftover after parsing attributes in process `syz.1.1305'.
[  237.890478][ T9594] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1308'.
[  238.195379][ T5211] Bluetooth: hci1: SCO packet for unknown connection handle 1955
[  238.316745][ T9614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1320'.
[  238.719250][ T9620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1322'.
[  240.143339][    C3] vkms_vblank_simulate: vblank timer overrun
[  241.643545][ T9635] loop1: detected capacity change from 0 to 32768
[  241.649349][ T9635] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1329 (9635)
[  241.690071][ T9635] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  241.694959][ T9635] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  241.717504][ T9635] BTRFS info (device loop1): using free-space-tree
[  241.989930][ T5202] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  242.138073][    T8] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  242.330212][    T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  242.338140][    T8] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  242.342411][    T8] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  242.352686][    T8] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  242.356783][    T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.361277][    T8] usb 8-1: Product: syz
[  242.363202][    T8] usb 8-1: Manufacturer: syz
[  242.365269][    T8] usb 8-1: SerialNumber: syz
[  242.373261][    T8] hub 8-1:1.0: bad descriptor, ignoring hub
[  242.376202][    T8] hub 8-1:1.0: probe with driver hub failed with error -5
[  242.498355][ T9665] loop1: detected capacity change from 0 to 32768
[  242.582487][    T8] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  242.913601][ T9670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1334'.
[  242.929285][ T5265] usb 8-1: USB disconnect, device number 16
[  242.938262][ T5265] usblp0: removed
[  243.974219][ T9679] loop3: detected capacity change from 0 to 32768
[  243.987825][ T9679] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1340 (9679)
[  244.013202][ T9679] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  244.018184][ T9679] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  244.023238][ T9679] BTRFS info (device loop3): disk space caching is enabled
[  244.091889][ T9687] loop0: detected capacity change from 0 to 1024
[  244.122706][ T9687] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  244.145062][ T9687] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  244.151112][ T9687] EXT4-fs (loop0): orphan cleanup on readonly fs
[  244.155030][ T9687] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.1343: Freeing blocks not in datazone - block = 0, count = 4096
[  244.165575][ T9687] EXT4-fs (loop0): 1 orphan inode deleted
[  244.169706][ T9687] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  244.268007][ T9679] BTRFS info (device loop3): rebuilding free space tree
[  244.282346][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.308688][ T9679] BTRFS info (device loop3): disabling free space tree
[  244.311732][ T9679] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  244.338626][ T9679] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  244.719578][   T39] audit: type=1800 audit(1719407022.016:35): pid=9718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1347" name="bus" dev="sda1" ino=1965 res=0 errno=0
[  244.730073][   T39] audit: type=1804 audit(1719407022.026:36): pid=9718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1347" name="/syzkaller.zLTXJH/381/bus" dev="sda1" ino=1965 res=1 errno=0
[  244.998600][ T9721] pimreg: entered allmulticast mode
[  245.005437][ T9721] pimreg: left allmulticast mode
[  245.494890][ T9729] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1352'.
[  245.584080][ T9733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1353'.
[  245.617779][ T9733] macsec1: entered promiscuous mode
[  245.791565][ T9731] netlink: 'syz.2.1354': attribute type 21 has an invalid length.
[  245.912866][ T9742] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1356'.
[  246.041958][ T9753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1359'.
[  246.121911][ T9757] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1361'.
[  246.442194][ T5213] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  246.604165][ T9765] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  246.608678][ T9765] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  246.618486][ T9765] vhci_hcd vhci_hcd.0: Device attached
[  246.707404][ T9771] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1364'.
[  246.828634][ T5269] vhci_hcd: vhci_device speed not set
[  246.831386][ T9773] netlink: 'syz.3.1366': attribute type 21 has an invalid length.
[  246.897981][ T5269] usb 13-1: new full-speed USB device number 8 using vhci_hcd
[  246.911981][ T9767] vhci_hcd: connection closed
[  246.912487][ T1193] vhci_hcd: stop threads
[  246.921704][ T1193] vhci_hcd: release socket
[  246.924834][ T1193] vhci_hcd: disconnect device
[  247.087139][ T9783] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1371'.
[  247.350262][ T9785] loop1: detected capacity change from 0 to 32768
[  247.356113][ T9785] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1372 (9785)
[  247.372845][ T9785] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  247.377654][ T9785] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  247.381171][ T9785] BTRFS info (device loop1): disk space caching is enabled
[  247.464775][ T9785] BTRFS info (device loop1): rebuilding free space tree
[  247.476313][ T9806] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1374'.
[  247.482551][ T9785] BTRFS info (device loop1): disabling free space tree
[  247.489913][ T9785] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  247.495536][ T9785] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  247.512625][    T8] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  247.628073][ T9811] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1376'.
[  247.725616][    T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  247.730581][    T8] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  247.734916][    T8] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  247.753776][    T8] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  247.757888][    T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.761174][    T8] usb 8-1: Product: syz
[  247.763229][    T8] usb 8-1: Manufacturer: syz
[  247.765285][    T8] usb 8-1: SerialNumber: syz
[  247.775852][    T8] hub 8-1:1.0: bad descriptor, ignoring hub
[  247.780287][    T8] hub 8-1:1.0: probe with driver hub failed with error -5
[  247.989165][    T8] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  248.162090][ T9818] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1379'.
[  248.295523][ T9827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1381'.
[  248.318196][ T5265] usb 8-1: USB disconnect, device number 17
[  248.328614][ T5265] usblp0: removed
[  248.354756][ T9829] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  248.357718][ T9829] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  248.364622][ T9829] vhci_hcd vhci_hcd.0: Device attached
[  248.577724][   T74] vhci_hcd: vhci_device speed not set
[  248.647882][   T74] usb 17-1: new full-speed USB device number 10 using vhci_hcd
[  248.655499][ T9831] vhci_hcd: connection closed
[  248.656459][   T13] vhci_hcd: stop threads
[  248.660925][   T13] vhci_hcd: release socket
[  248.663362][   T13] vhci_hcd: disconnect device
[  248.720920][ T9839] netlink: 'syz.0.1384': attribute type 4 has an invalid length.
[  248.782232][ T5211] Bluetooth: hci2: unexpected event for opcode 0x0cfc
[  248.958957][ T5211] Bluetooth: hci2: SCO packet for unknown connection handle 1955
[  249.039321][ T9855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1390'.
[  249.055392][ T9855] team0: entered promiscuous mode
[  249.061648][ T9855] team_slave_1: entered promiscuous mode
[  249.068829][ T9854] team0: left promiscuous mode
[  249.071204][ T9854] team_slave_1: left promiscuous mode
[  249.287265][ T5202] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  249.416982][ T9857] loop3: detected capacity change from 0 to 32768
[  249.561466][ T9857] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  249.568604][ T9857] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  249.569237][ T9875] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1394'.
[  249.626391][ T9857] bcachefs (loop3): alloc_read... done
[  249.628897][ T9857] bcachefs (loop3): stripes_read... done
[  249.631271][ T9857] bcachefs (loop3): snapshots_read... done
[  249.635961][ T9857] bcachefs (loop3): journal_replay... done
[  249.640696][ T9857] bcachefs (loop3): resume_logged_ops... done
[  249.644197][ T9857] bcachefs (loop3): going read-write
[  249.662861][ T9857] bcachefs (loop3): done starting filesystem
[  251.647110][ T9891] syzkaller0: entered promiscuous mode
[  251.650740][ T9891] syzkaller0: entered allmulticast mode
[  252.018258][ T5269] vhci_hcd: vhci_device speed not set
[  252.228815][ T9897] loop1: detected capacity change from 0 to 512
[  252.243766][ T9897] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  252.249654][ T9897] EXT4-fs (loop1): 1 truncate cleaned up
[  252.253319][ T9897] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.789182][   T74] vhci_hcd: vhci_device speed not set
[  254.013401][ T9899] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  254.027963][ T9899] EXT4-fs (loop1): Remounting filesystem read-only
[  254.117057][ T9905] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1405'.
[  254.216181][ T9907] loop0: detected capacity change from 0 to 1024
[  254.232589][ T9907] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  254.253585][ T9907] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  254.270103][ T9907] EXT4-fs (loop0): orphan cleanup on readonly fs
[  254.274571][ T9907] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.1406: Freeing blocks not in datazone - block = 0, count = 4096
[  254.283578][ T9907] EXT4-fs (loop0): 1 orphan inode deleted
[  254.292466][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.292715][ T9907] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  254.380694][ T5213] bcachefs (loop3): shutting down
[  254.383238][ T5213] bcachefs (loop3): going read-only
[  254.387935][ T5213] bcachefs (loop3): finished waiting for writes to stop
[  254.400703][ T5213] bcachefs (loop3): flushing journal and stopping allocators, journal seq 12
[  254.406152][ T5213] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 12
[  254.418280][ T5213] bcachefs (loop3): shutdown complete, journal seq 13
[  254.423523][ T5213] bcachefs (loop3): marking filesystem clean
[  254.426509][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.457889][ T5213] bcachefs (loop3): shutdown complete
[  254.569677][ T9918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1412'.
[  254.571188][ T9920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1410'.
[  254.588997][ T9920] macsec1: entered promiscuous mode
[  254.630426][ T9918] team0: entered promiscuous mode
[  254.632873][ T9918] team_slave_1: entered promiscuous mode
[  254.642321][ T9917] team0: left promiscuous mode
[  254.642363][ T9921] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1410'.
[  254.644537][ T9917] team_slave_1: left promiscuous mode
[  254.805895][ T9926] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1414'.
[  254.868396][ T9927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1415'.
[  254.897902][ T9929] loop0: detected capacity change from 0 to 512
[  254.917666][ T9929] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  254.923339][ T9929] EXT4-fs (loop0): 1 truncate cleaned up
[  254.927386][ T9929] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.263858][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.427480][ T9935] loop3: detected capacity change from 0 to 32768
[  255.491580][ T9941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1419'.
[  255.584545][ T9935] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  255.591579][ T9935] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  255.610286][ T9935] bcachefs (loop3): alloc_read... done
[  255.612926][ T9935] bcachefs (loop3): stripes_read... done
[  255.615448][ T9935] bcachefs (loop3): snapshots_read... done
[  255.622008][ T9935] bcachefs (loop3): journal_replay... done
[  255.624903][ T9935] bcachefs (loop3): resume_logged_ops... done
[  255.628418][ T9950] loop0: detected capacity change from 0 to 1024
[  255.630330][ T9935] bcachefs (loop3): going read-write
[  255.647963][ T9950] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  255.650514][ T9935] bcachefs (loop3): done starting filesystem
[  255.681652][ T9950] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  255.686029][ T9950] EXT4-fs (loop0): orphan cleanup on readonly fs
[  255.698010][ T9950] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.1420: Freeing blocks not in datazone - block = 0, count = 4096
[  255.707250][ T9950] EXT4-fs (loop0): 1 orphan inode deleted
[  255.720838][ T9950] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  255.909948][ T5207] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.098052][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1421'.
[  256.119939][ T9959] team0: entered promiscuous mode
[  256.122079][ T9959] team_slave_1: entered promiscuous mode
[  256.139748][ T9958] team0: left promiscuous mode
[  256.142461][ T9958] team_slave_1: left promiscuous mode
[  256.917469][ T9965] loop0: detected capacity change from 0 to 32768
[  256.944145][ T9965] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1424 (9965)
[  256.959106][ T9965] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  256.969373][ T9965] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  256.975880][ T9965] BTRFS info (device loop0): using free-space-tree
[  257.326589][ T5207] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  257.557702][   T35] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  257.626680][ T9985] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  257.629348][ T9985] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  257.635458][ T9985] vhci_hcd vhci_hcd.0: Device attached
[  257.740395][   T35] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  257.745057][   T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.753187][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1426'.
[  257.770716][   T35] usb 7-1: config 0 descriptor??
[  257.778947][   T35] cp210x 7-1:0.0: cp210x converter detected
[  257.827837][ T5265] vhci_hcd: vhci_device speed not set
[  257.902089][ T5265] usb 13-1: new full-speed USB device number 9 using vhci_hcd
[  257.909029][ T9987] vhci_hcd: connection closed
[  257.910017][   T77] vhci_hcd: stop threads
[  257.914714][   T77] vhci_hcd: release socket
[  257.916942][   T77] vhci_hcd: disconnect device
[  258.005323][ T9993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1428'.
[  258.130460][ T9996] loop1: detected capacity change from 0 to 1024
[  258.162885][ T9996] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  258.183451][ T9996] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  258.187297][ T9996] EXT4-fs (loop1): orphan cleanup on readonly fs
[  258.191223][ T9996] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz.1.1429: Freeing blocks not in datazone - block = 0, count = 4096
[  258.200509][ T9996] EXT4-fs (loop1): 1 orphan inode deleted
[  258.215891][ T9996] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  258.359502][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.751642][   T35] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  258.986543][   T35] usb 7-1: cp210x converter now attached to ttyUSB0
[  259.205337][ T5213] bcachefs (loop3): shutting down
[  259.208270][ T5213] bcachefs (loop3): going read-only
[  259.210934][ T5213] bcachefs (loop3): finished waiting for writes to stop
[  259.256805][T10014] loop0: detected capacity change from 0 to 32768
[  259.264408][ T5213] bcachefs (loop3): flushing journal and stopping allocators, journal seq 12
[  259.277685][ T5213] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 12
[  259.277897][T10014] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1435 (10014)
[  259.297145][ T5213] bcachefs (loop3): shutdown complete, journal seq 13
[  259.302538][ T5213] bcachefs (loop3): marking filesystem clean
[  259.315450][T10014] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  259.323309][T10014] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  259.332939][    T8] usb 7-1: USB disconnect, device number 8
[  259.339050][ T5213] bcachefs (loop3): shutdown complete
[  259.344364][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  259.357785][T10014] BTRFS info (device loop0): using free-space-tree
[  259.378518][    T8] cp210x 7-1:0.0: device disconnected
[  259.395394][T10013] loop1: detected capacity change from 0 to 40427
[  259.436865][T10013] F2FS-fs (loop1): invalid crc value
[  259.443387][T10013] F2FS-fs (loop1): Found nat_bits in checkpoint
[  259.486331][T10013] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  259.492964][ T5207] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  259.837273][   T39] audit: type=1800 audit(1719407037.126:37): pid=10041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1434" name="file2" dev="loop1" ino=14 res=0 errno=0
[  259.855107][T10040] __nla_validate_parse: 1 callbacks suppressed
[  259.855122][T10040] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1436'.
[  260.066454][T10045] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  260.070166][T10045] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  260.087799][T10045] vhci_hcd vhci_hcd.0: Device attached
[  260.289059][    T8] vhci_hcd: vhci_device speed not set
[  260.354147][T10056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1442'.
[  260.358312][    T8] usb 19-1: new full-speed USB device number 7 using vhci_hcd
[  260.363272][T10049] vhci_hcd: connection closed
[  260.363552][ T3477] vhci_hcd: stop threads
[  260.368365][ T3477] vhci_hcd: release socket
[  260.370869][ T3477] vhci_hcd: disconnect device
[  260.391124][ T5202] syz-executor: attempt to access beyond end of device
[  260.391124][ T5202] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  260.402296][ T5202] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  260.409877][ T5202] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  260.457706][   T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  260.660564][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  260.665435][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.670601][   T10] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  260.678199][   T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  260.682164][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.686403][   T10] usb 7-1: Product: syz
[  260.690463][   T10] usb 7-1: Manufacturer: syz
[  260.692831][   T10] usb 7-1: SerialNumber: syz
[  260.920234][ T5250] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  260.934163][T10057] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  261.100069][ T5250] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  261.103919][ T5250] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.110097][ T5250] usb 5-1: config 0 descriptor??
[  261.114765][ T5250] cp210x 5-1:0.0: cp210x converter detected
[  261.212663][ T1355] ieee802154 phy0 wpan0: encryption failed: -22
[  261.215572][ T1355] ieee802154 phy1 wpan1: encryption failed: -22
[  261.387866][   T10] cdc_ncm 7-1:1.0: failed GET_NTB_PARAMETERS
[  261.391578][   T10] cdc_ncm 7-1:1.0: bind() failure
[  261.397332][   T10] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  261.400856][   T10] cdc_ncm 7-1:1.1: bind() failure
[  261.414070][   T10] usb 7-1: USB disconnect, device number 9
[  261.509656][   T30] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  261.539499][T10081] netdevsim netdevsim1 
€Â: renamed from netdevsim0 (while UP)
[  261.705382][   T30] usb 8-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=68.24
[  261.709745][   T30] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.713220][   T30] usb 8-1: Product: syz
[  261.715007][   T30] usb 8-1: Manufacturer: syz
[  261.716949][   T30] usb 8-1: SerialNumber: syz
[  261.725667][   T30] usb 8-1: config 0 descriptor??
[  261.733091][   T30] ipw 8-1:0.0: IPWireless converter converter detected
[  261.870541][T10083] loop1: detected capacity change from 0 to 40427
[  261.880734][T10083] F2FS-fs (loop1): invalid crc value
[  261.888493][ T5250] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  261.894800][T10083] F2FS-fs (loop1): Found nat_bits in checkpoint
[  261.944201][   T10] usb 8-1: USB disconnect, device number 18
[  261.960855][   T10] ipw 8-1:0.0: device disconnected
[  261.966535][T10083] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  261.974180][T10089] netlink: 'syz.2.1453': attribute type 4 has an invalid length.
[  262.109894][ T5250] usb 5-1: cp210x converter now attached to ttyUSB0
[  262.380521][   T35] usb 5-1: USB disconnect, device number 7
[  262.388787][   T35] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  262.406322][   T35] cp210x 5-1:0.0: device disconnected
[  262.782662][ T5202] syz-executor: attempt to access beyond end of device
[  262.782662][ T5202] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  262.789915][ T5202] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  262.981930][T10116] netlink: 'syz.0.1462': attribute type 4 has an invalid length.
[  263.058060][ T5265] vhci_hcd: vhci_device speed not set
[  263.059983][T10117] pimreg: left allmulticast mode
[  263.062298][T10111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1461'.
[  263.168904][T10121] loop0: detected capacity change from 0 to 512
[  263.188941][T10121] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  263.192923][T10121] EXT4-fs (loop0): blocks per group (3008) and clusters per group (32768) inconsistent
[  263.259727][ T6021] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  263.902613][T10140] loop2: detected capacity change from 0 to 40427
[  263.910690][T10140] F2FS-fs (loop2): invalid crc value
[  263.919012][T10140] F2FS-fs (loop2): Found nat_bits in checkpoint
[  263.990482][T10140] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  264.047749][ T5250] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  264.230230][ T5250] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  264.235241][ T5250] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  264.240413][ T5250] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  264.241117][T10153] netlink: 'syz.1.1472': attribute type 4 has an invalid length.
[  264.253392][ T5250] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  264.260679][ T5250] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.264629][ T5250] usb 8-1: Product: syz
[  264.266536][ T5250] usb 8-1: Manufacturer: syz
[  264.269624][ T5250] usb 8-1: SerialNumber: syz
[  264.276802][ T5250] hub 8-1:1.0: bad descriptor, ignoring hub
[  264.281756][ T5250] hub 8-1:1.0: probe with driver hub failed with error -5
[  264.357556][T10156] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  264.360287][T10156] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  264.364682][T10156] vhci_hcd vhci_hcd.0: Device attached
[  264.498878][ T5250] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  264.557717][ T5247] vhci_hcd: vhci_device speed not set
[  264.627719][ T5247] usb 15-1: new full-speed USB device number 9 using vhci_hcd
[  264.633111][T10158] vhci_hcd: connection closed
[  264.633639][   T77] vhci_hcd: stop threads
[  264.640426][   T77] vhci_hcd: release socket
[  264.642865][   T77] vhci_hcd: disconnect device
[  264.710692][ T5205] syz-executor: attempt to access beyond end of device
[  264.710692][ T5205] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  264.722107][ T5205] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  264.828212][   T74] usb 8-1: USB disconnect, device number 19
[  264.841097][   T74] usblp0: removed
[  265.094067][T10162] loop2: detected capacity change from 0 to 512
[  265.099476][T10162] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  265.104191][T10162] EXT4-fs (loop2): blocks per group (3008) and clusters per group (32768) inconsistent
[  265.389424][T10170] loop1: detected capacity change from 0 to 256
[  265.424717][T10170] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  265.439178][T10170] Process accounting resumed
[  265.448132][    T8] vhci_hcd: vhci_device speed not set
[  265.488901][ T5362] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  265.702864][ T5362] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  265.706563][ T5362] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.725669][ T5362] usb 7-1: config 0 descriptor??
[  265.730901][ T5362] cp210x 7-1:0.0: cp210x converter detected
[  265.810581][T10178] loop1: detected capacity change from 0 to 512
[  265.848533][T10178] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  265.853590][T10178] EXT4-fs (loop1): 1 truncate cleaned up
[  265.857454][T10178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.206175][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.486080][ T5216] Bluetooth: hci0: SCO packet for unknown connection handle 1955
[  266.652575][ T5362] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  266.687249][T10196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1484'.
[  266.868656][ T5362] usb 7-1: cp210x converter now attached to ttyUSB0
[  267.152524][    T8] usb 7-1: USB disconnect, device number 10
[  267.160080][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  267.166894][    T8] cp210x 7-1:0.0: device disconnected
[  267.167991][   T74] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  267.381213][   T74] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  267.385782][   T74] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  267.391119][   T74] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  267.400184][   T74] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  267.414537][   T74] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.418159][   T74] usb 8-1: Product: syz
[  267.420059][   T74] usb 8-1: Manufacturer: syz
[  267.422078][   T74] usb 8-1: SerialNumber: syz
[  267.430571][   T74] hub 8-1:1.0: bad descriptor, ignoring hub
[  267.433829][   T74] hub 8-1:1.0: probe with driver hub failed with error -5
[  267.639845][   T74] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  267.968247][ T5250] usb 8-1: USB disconnect, device number 20
[  267.977422][ T5250] usblp0: removed
[  268.038088][T10207] loop1: detected capacity change from 0 to 32768
[  268.043905][T10207] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1488 (10207)
[  268.054895][T10207] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  268.060389][T10207] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  268.064252][T10207] BTRFS info (device loop1): using free-space-tree
[  268.198975][ T5202] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  268.834274][T10238] loop1: detected capacity change from 0 to 32768
[  268.956898][T10249] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1498'.
[  268.971744][T10249] macsec1: entered promiscuous mode
[  269.128151][ T5362] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  269.344539][ T5362] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  269.352153][ T5362] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.360563][ T5362] usb 7-1: config 0 descriptor??
[  269.367866][ T5362] cp210x 7-1:0.0: cp210x converter detected
[  269.617941][T10257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1502'.
[  269.729427][T10260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.779484][ T5247] vhci_hcd: vhci_device speed not set
[  270.117928][ T5362] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  270.177684][T10265] loop0: detected capacity change from 0 to 32768
[  270.285426][T10265] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  270.293530][T10265] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  270.321874][ T5216] Bluetooth: hci0: SCO packet for unknown connection handle 1955
[  270.339675][ T5362] usb 7-1: cp210x converter now attached to ttyUSB0
[  270.345996][T10265] bcachefs (loop0): alloc_read... done
[  270.352002][T10265] bcachefs (loop0): stripes_read... done
[  270.356538][T10265] bcachefs (loop0): snapshots_read... done
[  270.362475][T10265] bcachefs (loop0): journal_replay... done
[  270.365400][T10265] bcachefs (loop0): resume_logged_ops... done
[  270.372580][T10265] bcachefs (loop0): going read-write
[  270.379230][T10265] bcachefs (loop0): done starting filesystem
[  270.607435][ T5208] usb 7-1: USB disconnect, device number 11
[  270.618214][ T5208] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  270.632160][ T5208] cp210x 7-1:0.0: device disconnected
[  271.445589][T10293] loop3: detected capacity change from 0 to 32768
[  271.452087][T10293] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1510 (10293)
[  271.465285][T10293] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  271.471199][T10293] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  271.480141][T10293] BTRFS info (device loop3): using free-space-tree
[  271.800569][ T5213] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  271.817279][T10315] loop2: detected capacity change from 0 to 512
[  271.825567][T10315] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  271.832787][T10315] EXT4-fs (loop2): 1 truncate cleaned up
[  271.835654][T10315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.212371][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.279528][ T5216] Bluetooth: hci3: SCO packet for unknown connection handle 1955
[  272.425633][T10329] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  272.653715][    C3] vkms_vblank_simulate: vblank timer overrun
[  272.993515][T10335] loop1: detected capacity change from 0 to 40427
[  273.005733][T10335] F2FS-fs (loop1): invalid crc value
[  273.053382][T10335] F2FS-fs (loop1): Found nat_bits in checkpoint
[  273.107284][T10335] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  273.268151][    T8] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  273.471726][    T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  273.472431][ T5202] syz-executor: attempt to access beyond end of device
[  273.472431][ T5202] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  273.480286][    T8] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  273.489403][    T8] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  273.492116][ T5202] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  273.515950][    T8] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  273.523493][    T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.528168][    T8] usb 8-1: Product: syz
[  273.530092][    T8] usb 8-1: Manufacturer: syz
[  273.532891][    T8] usb 8-1: SerialNumber: syz
[  273.546635][T10349] loop2: detected capacity change from 0 to 512
[  273.577454][T10349] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  273.590901][T10349] EXT4-fs (loop2): 1 truncate cleaned up
[  273.595633][T10349] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.764209][T10337] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  273.919663][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.975938][    T8] cdc_ncm 8-1:1.0: bind() failure
[  273.984591][    T8] cdc_ncm 8-1:1.1: probe with driver cdc_ncm failed with error -71
[  273.995295][    T8] cdc_mbim 8-1:1.1: probe with driver cdc_mbim failed with error -71
[  274.000255][    T8] usbtest 8-1:1.1: probe with driver usbtest failed with error -71
[  274.042125][    T8] usb 8-1: USB disconnect, device number 21
[  274.177733][T10360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1523'.
[  274.256735][ T5207] bcachefs (loop0): shutting down
[  274.262070][ T5207] bcachefs (loop0): going read-only
[  274.264681][ T5207] bcachefs (loop0): finished waiting for writes to stop
[  274.273242][ T5207] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12
[  274.276644][ T5207] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12
[  274.287292][ T5207] bcachefs (loop0): shutdown complete, journal seq 13
[  274.291080][ T5207] bcachefs (loop0): marking filesystem clean
[  274.314348][ T5207] bcachefs (loop0): shutdown complete
[  274.654761][T10382] loop3: detected capacity change from 0 to 1024
[  274.654806][T10384] loop2: detected capacity change from 0 to 512
[  274.670971][T10382] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  274.685756][T10382] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  274.691660][T10384] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  274.691679][T10382] EXT4-fs (loop3): orphan cleanup on readonly fs
[  274.699956][T10382] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1530: Freeing blocks not in datazone - block = 0, count = 4096
[  274.705307][T10384] EXT4-fs (loop2): 1 truncate cleaned up
[  274.709820][T10384] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.732408][T10382] EXT4-fs (loop3): 1 orphan inode deleted
[  274.742745][T10382] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  274.998829][ T5205] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.999145][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.172330][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1533'.
[  275.483522][T10416] loop1: detected capacity change from 0 to 512
[  275.500767][T10416] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  275.506827][T10416] EXT4-fs (loop1): 1 truncate cleaned up
[  275.512089][T10416] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.583400][T10418] pimreg: entered allmulticast mode
[  275.593354][T10418] pimreg: left allmulticast mode
[  275.608193][ T5244] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  275.798737][ T5244] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  275.817206][ T5202] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.817990][ T5244] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.832020][ T5244] usb 7-1: config 0 descriptor??
[  275.840638][ T5244] cp210x 7-1:0.0: cp210x converter detected
[  275.994552][T10421] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.011513][T10421] team0: Port device bond0 added
[  276.298221][T10432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1546'.
[  276.375038][T10436] netlink: 'syz.1.1548': attribute type 4 has an invalid length.
[  276.457143][ T5244] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  276.566497][T10443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1550'.
[  276.679482][ T5244] usb 7-1: cp210x converter now attached to ttyUSB0
[  276.929061][   T56] usb 7-1: USB disconnect, device number 12
[  276.937383][   T56] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  276.948569][   T56] cp210x 7-1:0.0: device disconnected
[  277.157506][T10455] pimreg: entered allmulticast mode
[  277.180114][T10455] pimreg: left allmulticast mode
[  277.604894][T10464] netlink: 'syz.2.1558': attribute type 4 has an invalid length.
[  277.726012][T10471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1560'.
[  277.742939][T10467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1561'.
[  277.885890][T10480] loop0: detected capacity change from 0 to 512
[  277.911543][T10480] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  277.926868][T10480] UDF-fs: Scanning with blocksize 512 failed
[  277.934921][T10480] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  277.939050][T10480] UDF-fs: Scanning with blocksize 1024 failed
[  277.946398][T10482] loop3: detected capacity change from 0 to 1024
[  277.948625][T10480] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  277.953038][T10480] UDF-fs: Scanning with blocksize 2048 failed
[  277.961315][T10480] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  277.975140][T10480] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  277.998267][T10482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.104250][   T39] audit: type=1800 audit(1719407055.396:38): pid=10480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1566" name="bus" dev="loop0" ino=61 res=0 errno=0
[  278.105068][T10480] syz.0.1566: attempt to access beyond end of device
[  278.105068][T10480] loop0: rw=34817, sector=501, nr_sectors = 971 limit=512
[  278.183121][T10471] loop1: detected capacity change from 0 to 32768
[  278.191647][T10471] bcachefs (/dev/loop1): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-4502-8265-f57f48ba6d81)
[  278.287952][T10492] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  278.291077][T10492] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  278.301291][T10492] vhci_hcd vhci_hcd.0: Device attached
[  278.344106][T10471] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  278.353853][T10471] bcachefs (loop1): recovering from clean shutdown, journal seq 13
[  278.390741][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.414435][T10471] bcachefs (loop1): alloc_read... done
[  278.424694][T10471] bcachefs (loop1): stripes_read... done
[  278.427493][T10471] bcachefs (loop1): snapshots_read... done
[  278.433171][T10471] bcachefs (loop1): journal_replay... done
[  278.436717][T10471] bcachefs (loop1): resume_logged_ops... done
[  278.440836][T10471] bcachefs (loop1): going read-write
[  278.455874][T10471] bcachefs (loop1): done starting filesystem
[  278.507887][ T5250] vhci_hcd: vhci_device speed not set
[  278.519742][T10508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1573'.
[  278.578450][ T5250] usb 17-1: new full-speed USB device number 11 using vhci_hcd
[  278.588165][T10501] vhci_hcd: connection closed
[  278.588818][ T1161] vhci_hcd: stop threads
[  278.593039][ T1161] vhci_hcd: release socket
[  278.595120][ T1161] vhci_hcd: disconnect device
[  278.719685][ T5202] bcachefs (loop1): shutting down
[  278.721819][ T5202] bcachefs (loop1): going read-only
[  278.724651][ T5202] bcachefs (loop1): finished waiting for writes to stop
[  278.739993][ T5202] bcachefs (loop1): flushing journal and stopping allocators, journal seq 15
[  278.751024][ T5202] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 16
[  278.758922][ T5202] bcachefs (loop1): shutdown complete, journal seq 17
[  278.762522][ T5202] bcachefs (loop1): marking filesystem clean
[  278.800283][ T5202] bcachefs (loop1): shutdown complete
[  279.322470][T10531] loop0: detected capacity change from 0 to 32768
[  279.442140][T10553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1586'.
[  279.457063][T10553] team0: entered promiscuous mode
[  279.459505][T10553] team_slave_1: entered promiscuous mode
[  279.465632][T10551] team0: left promiscuous mode
[  279.468635][T10551] team_slave_1: left promiscuous mode
[  279.481362][T10531] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,background_compression=zstd,str_hash=crc32c,nojournal_transaction_names
[  279.499309][T10531] bcachefs (loop0): recovering from clean shutdown, journal seq 8
[  279.568832][T10531] bcachefs (loop0): alloc_read... done
[  279.574633][T10531] bcachefs (loop0): stripes_read... done
[  279.592631][T10531] bcachefs (loop0): snapshots_read... done
[  279.601069][T10531] bcachefs (loop0): journal_replay... done
[  279.603720][T10531] bcachefs (loop0): resume_logged_ops... done
[  279.606983][T10531] bcachefs (loop0): going read-write
[  279.627520][T10531] bcachefs (loop0): done starting filesystem
[  279.720637][T10531] loop0: detected capacity change from 32768 to 64
[  279.744855][T10567] syz.0.1581: attempt to access beyond end of device
[  279.744855][T10567] loop0: rw=0, sector=8712, nr_sectors = 24 limit=64
[  279.756375][T10567] bcachefs (loop0 inum 1610612736 offset 0): data read error: I/O
[  279.761113][   T69] kworker/2:1H: attempt to access beyond end of device
[  279.761113][   T69] loop0: rw=4097, sector=10520, nr_sectors = 8 limit=64
[  279.766744][ T1095] bcachefs (loop0 inum 1610612736 offset 0): no device to read from
[  279.769268][   T69] bcachefs (loop0): btree write error: I/O
[  279.776939][   T69] bcachefs (loop0): btree_node_write_work(): fatal error writing btree node: btree_node_write_all_failed
[  279.780957][ T1095] bcachefs (loop0 inum 1610612736 offset 0): read error 3 from btree lookup
[  279.786783][   T69] bcachefs (loop0): fatal error - emergency read only
[  279.789356][ T5211] bcachefs (loop0): unable to write journal to sufficient devices
[  279.793414][T10567] syz.0.1581: attempt to access beyond end of device
[  279.793414][T10567] loop0: rw=2048, sector=8712, nr_sectors = 16 limit=64
[  279.794828][ T5247] bcachefs (loop0): going read-only
[  279.801208][T10567] bcachefs (loop0 inum 1610612736 offset 0): data read error: I/O
[  279.802376][ T5247] bcachefs (loop0): finished waiting for writes to stop
[  279.809665][   T45] bcachefs (loop0 inum 1610612736 offset 0): no device to read from
[  279.814056][   T45] bcachefs (loop0 inum 1610612736 offset 0): read error 3 from btree lookup
[  279.824996][ T5247] bcachefs (loop0): flushing journal and stopping allocators, journal seq 9
[  279.827206][   T39] audit: type=1800 audit(1719407057.116:39): pid=10567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1581" name="file2" dev="loop0" ino=1610612736 res=0 errno=0
[  279.830566][ T5247] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 9
[  279.831142][ T5247] bcachefs (loop0): unshutdown complete, journal seq 9
[  279.858119][ T5247] bcachefs (loop0): done going read-only, filesystem not clean
[  279.921736][ T7377] bcachefs (loop0): shutting down
[  279.942818][ T7377] bcachefs (loop0): shutdown complete
[  280.198592][  T825] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  280.201409][T10578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1596'.
[  280.324795][T10579] pimreg: entered allmulticast mode
[  280.333571][T10579] pimreg: left allmulticast mode
[  280.415368][  T825] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  280.420585][  T825] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.425622][  T825] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.437661][  T825] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  280.448550][  T825] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  280.453307][  T825] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  280.456949][  T825] usb 7-1: Manufacturer: syz
[  280.469919][  T825] usb 7-1: config 0 descriptor??
[  280.693563][ T3477] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.860331][ T3477] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.899905][  T825] appleir 0003:05AC:8243.0003: unknown main item tag 0x0
[  280.903786][  T825] appleir 0003:05AC:8243.0003: No inputs registered, leaving
[  280.913262][  T825] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  280.995230][ T3477] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.153041][T10586] loop1: detected capacity change from 0 to 32768
[  281.157022][ T3477] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  281.199445][T10590] loop3: detected capacity change from 0 to 512
[  281.221374][ T5216] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  281.233851][ T5216] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  281.241523][ T5216] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  281.249263][T10590] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  281.259830][T10590] EXT4-fs (loop3): 1 truncate cleaned up
[  281.263215][ T5216] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  281.272397][T10590] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.298260][ T5216] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  281.303068][ T5216] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  281.342435][T10586] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,background_compression=zstd,str_hash=crc64,nojournal_transaction_names
[  281.352957][T10586] bcachefs (loop1): recovering from clean shutdown, journal seq 8
[  281.426720][T10596] lo speed is unknown, defaulting to 1000
[  281.430572][T10586] bcachefs (loop1): alloc_read... done
[  281.434086][T10586] bcachefs (loop1): stripes_read... done
[  281.441124][T10586] bcachefs (loop1): snapshots_read... done
[  281.446810][T10586] bcachefs (loop1): journal_replay... done
[  281.449836][T10586] bcachefs (loop1): resume_logged_ops... done
[  281.453586][T10586] bcachefs (loop1): going read-write
[  281.466689][T10586] bcachefs (loop1): done starting filesystem
[  281.487921][ T3477] bridge_slave_1: left allmulticast mode
[  281.491084][ T3477] bridge_slave_1: left promiscuous mode
[  281.496520][ T3477] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.542327][   T39] audit: type=1800 audit(1719407058.836:40): pid=10586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1600" name="bus" dev="loop1" ino=4102 res=0 errno=0
[  281.653972][ T3477] bridge_slave_0: left allmulticast mode
[  281.670956][ T3477] bridge_slave_0: left promiscuous mode
[  281.676060][ T3477] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.711979][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.847949][ T5202] bcachefs (loop1): shutting down
[  281.850287][ T5202] bcachefs (loop1): going read-only
[  281.852607][ T5202] bcachefs (loop1): finished waiting for writes to stop
[  281.862506][ T5216] Bluetooth: hci3: SCO packet for unknown connection handle 1955
[  281.883639][ T5202] bcachefs (loop1): flushing journal and stopping allocators, journal seq 9
[  281.925713][ T5202] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 10
[  281.952753][ T5202] bcachefs (loop1): shutdown complete, journal seq 11
[  281.956909][ T5202] bcachefs (loop1): marking filesystem clean
[  282.042076][ T5202] bcachefs (loop1): shutdown complete
[  282.659369][ T3477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  282.667321][ T3477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  282.676972][ T3477] bond0 (unregistering): Released all slaves
[  282.716327][T10607] ------------[ cut here ]------------
[  282.718933][T10607] WARNING: CPU: 3 PID: 10607 at kernel/rcu/srcutree.c:653 cleanup_srcu_struct+0x37c/0x520
[  282.723345][T10607] Modules linked in:
[  282.725120][T10607] CPU: 3 PID: 10607 Comm: syz.3.1603 Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0
[  282.732376][T10607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  282.737414][T10607] RIP: 0010:cleanup_srcu_struct+0x37c/0x520
[  282.740596][T10607] Code: 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 0f 0b 90 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 <0f> 0b 90 e9 35 ff ff ff 90 0f 0b 90 48 b8 00 00 00 00 00 fc ff df
[  282.750061][T10607] RSP: 0018:ffffc90003257d10 EFLAGS: 00010202
[  282.752691][T10607] RAX: 0000000000000001 RBX: ffffc9000287e000 RCX: 0000000000000008
[  282.756467][T10607] RDX: fffff91ffffabf04 RSI: 0000000000000008 RDI: ffffe8ffffd5f818
[  282.760330][T10607] RBP: ffff888029d66800 R08: 0000000000000000 R09: fffff91ffffabf03
[  282.762965][T10607] R10: ffffe8ffffd5f81f R11: 0000000000000000 R12: ffffc900028878a8
[  282.765518][T10607] R13: ffffc90002887880 R14: ffffc90002887868 R15: 0000000000000004
[  282.769603][T10607] FS:  0000000000000000(0000) GS:ffff88802c300000(0063) knlGS:0000000056e8c440
[  282.770322][T10615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1605'.
[  282.773810][T10607] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  282.781110][T10607] CR2: 00000000310fcff8 CR3: 0000000000e30000 CR4: 0000000000352ef0
[  282.781274][T10613] loop1: detected capacity change from 0 to 40427
[  282.785174][T10607] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  282.792531][T10607] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  282.795457][T10607] Call Trace:
[  282.796575][T10607]  <TASK>
[  282.797512][T10607]  ? show_regs+0x8c/0xa0
[  282.797641][T10613] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  282.805562][T10607]  ? __warn+0xe5/0x3c0
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  282.811912][T10607]  ? cleanup_srcu_struct+0x37c/0x520
[  282.814235][T10607]  ? report_bug+0x3c0/0x580
[  282.816518][T10607]  ? handle_bug+0x3d/0x70
[  282.818535][T10607]  ? exc_invalid_op+0x17/0x50
[  282.820508][T10607]  ? asm_exc_invalid_op+0x1a/0x20
[  282.822687][T10607]  ? cleanup_srcu_struct+0x37c/0x520
[  282.825012][T10607]  kvm_put_kvm+0x8df/0xb80
[  282.827138][T10607]  ? __pfx_kvm_vm_release+0x10/0x10
[  282.830231][T10607]  kvm_vm_release+0x42/0x60
[  282.832542][T10607]  __fput+0x408/0xbb0
[  282.834224][T10607]  ? _raw_spin_unlock_irq+0x23/0x50
[  282.834565][T10613] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  282.836081][T10607]  task_work_run+0x14e/0x250
[  282.842033][T10607]  ? __pfx_task_work_run+0x10/0x10
[  282.844269][T10607]  ? __pfx___close_range+0x10/0x10
[  282.846531][T10607]  syscall_exit_to_user_mode+0x278/0x2a0
[  282.849238][T10607]  __do_fast_syscall_32+0x80/0x120
[  282.851729][T10607]  do_fast_syscall_32+0x32/0x80
[  282.853933][T10607]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  282.857192][T10607] RIP: 0023:0xf743b579
[  282.859102][T10607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  282.867385][T10607] RSP: 002b:00000000ffffd4ec EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[  282.871554][T10607] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  282.875190][T10607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  282.878870][T10607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  282.882006][T10607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  282.885748][T10607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  282.890066][T10607]  </TASK>
[  282.891748][T10607] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  282.895430][T10607] CPU: 3 PID: 10607 Comm: syz.3.1603 Not tainted 6.10.0-rc5-syzkaller-00018-g55027e689933 #0
[  282.900054][T10607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  282.904978][T10607] Call Trace:
[  282.906460][T10607]  <TASK>
[  282.907762][T10607]  dump_stack_lvl+0x3d/0x1f0
[  282.909802][T10607]  panic+0x6f5/0x7a0
[  282.911579][T10607]  ? __pfx_panic+0x10/0x10
[  282.913780][T10607]  ? show_trace_log_lvl+0x363/0x500
[  282.917130][T10607]  ? check_panic_on_warn+0x1f/0xb0
[  282.920024][T10607]  ? cleanup_srcu_struct+0x37c/0x520
[  282.922507][T10607]  check_panic_on_warn+0xab/0xb0
[  282.925153][T10607]  __warn+0xf1/0x3c0
[  282.926893][T10607]  ? cleanup_srcu_struct+0x37c/0x520
[  282.929219][T10607]  report_bug+0x3c0/0x580
[  282.931334][T10607]  handle_bug+0x3d/0x70
[  282.933442][T10607]  exc_invalid_op+0x17/0x50
[  282.935446][T10607]  asm_exc_invalid_op+0x1a/0x20
[  282.937480][T10607] RIP: 0010:cleanup_srcu_struct+0x37c/0x520
[  282.940600][T10607] Code: 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 0f 0b 90 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 <0f> 0b 90 e9 35 ff ff ff 90 0f 0b 90 48 b8 00 00 00 00 00 fc ff df
[  282.949852][T10607] RSP: 0018:ffffc90003257d10 EFLAGS: 00010202
[  282.952450][T10607] RAX: 0000000000000001 RBX: ffffc9000287e000 RCX: 0000000000000008
[  282.955904][T10607] RDX: fffff91ffffabf04 RSI: 0000000000000008 RDI: ffffe8ffffd5f818
[  282.959367][T10607] RBP: ffff888029d66800 R08: 0000000000000000 R09: fffff91ffffabf03
[  282.962816][T10607] R10: ffffe8ffffd5f81f R11: 0000000000000000 R12: ffffc900028878a8
[  282.966337][T10607] R13: ffffc90002887880 R14: ffffc90002887868 R15: 0000000000000004
[  282.970305][T10607]  kvm_put_kvm+0x8df/0xb80
[  282.972580][T10607]  ? __pfx_kvm_vm_release+0x10/0x10
[  282.975331][T10607]  kvm_vm_release+0x42/0x60
[  282.977843][T10607]  __fput+0x408/0xbb0
[  282.980045][T10607]  ? _raw_spin_unlock_irq+0x23/0x50
[  282.982521][T10607]  task_work_run+0x14e/0x250
[  282.984634][T10607]  ? __pfx_task_work_run+0x10/0x10
[  282.987634][T10607]  ? __pfx___close_range+0x10/0x10
[  282.990281][T10607]  syscall_exit_to_user_mode+0x278/0x2a0
[  282.993262][T10607]  __do_fast_syscall_32+0x80/0x120
[  282.995800][T10607]  do_fast_syscall_32+0x32/0x80
[  282.998131][T10607]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  283.002429][T10607] RIP: 0023:0xf743b579
[  283.004382][T10607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  283.012457][T10607] RSP: 002b:00000000ffffd4ec EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[  283.016102][T10607] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  283.020225][T10607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  283.023993][T10607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  283.027130][T10607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  283.030133][T10607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  283.033675][T10607]  </TASK>
[  283.036545][T10607] Kernel Offset: disabled
[  283.038246][T10607] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:04:20  Registers:
info registers vcpu 0

CPU#0
RAX=fffffbfff1fc5442 RBX=fffffbfff1fc5443 RCX=ffffffff816cbc6b RDX=fffffbfff1fc5443
RSI=0000000000000008 RDI=ffffffff8fe2a210 RBP=fffffbfff1fc5442 RSP=ffffc90007b77398
R8 =0000000000000000 R9 =fffffbfff1fc5442 R10=ffffffff8fe2a217 R11=0000000000000002
R12=0000000000000001 R13=0000000000000000 R14=ffffffff8dd3a040 R15=0000000000000000
RIP=ffffffff81ebab21 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802c000000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000005740f4c0 CR3=00000000563fc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000019800000000 0000000700000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ffffffffffff ffffffffffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=0000000000000050 RCX=ffffffff816bc8ae RDX=fffffbfff283ea5a
RSI=0000000000000008 RDI=ffffffff941f52c8 RBP=0000000000000000 RSP=ffffc90000598b78
R8 =0000000000000000 R9 =fffffbfff283ea59 R10=ffffffff941f52cf R11=0000000000000004
R12=0000000000000002 R13=0000000000000000 R14=ffff88801a148b58 R15=0000000000000050
RIP=ffffffff816bc8b6 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802c100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f285d5 CR3=0000000047456000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000236400000000 0000000b00000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ffffffffffff ffffffffffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=ffffc90007947138 RCX=ffffc90002f9a000 RDX=1ffff92000f28e28
RSI=ffffffff813c83b2 RDI=ffffc90007947138 RBP=ffffc900079471c8 RSP=ffffc90007947018
R8 =0000000000000001 R9 =0000000000000004 R10=0000000000000001 R11=0000000000000003
R12=ffffc90007947140 R13=ffffc90007947148 R14=ffffc90007940000 R15=0000000000000001
RIP=ffffffff813c83d5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802c200000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055c1116b0000 CR3=0000000059800000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=4c22396b4c22396b 4c22396b4c22396b 4c22396b4c22396b 4c22396b4c22396b 4c22396b4c22396b 4c22396b4c22396b 4c22396b4c22396b 4c22396b4c22396b
ZMM22=74f3354374f33543 74f3354374f33543 74f3354374f33543 74f3354374f33543 74f3354374f33543 74f3354374f33543 74f3354374f33543 74f3354374f33543
ZMM23=4ef643844ef64384 4ef643844ef64384 4ef643844ef64384 4ef643844ef64384 4ef643844ef64384 4ef643844ef64384 4ef643844ef64384 4ef643844ef64384
ZMM24=8d2f40438d2f4043 8d2f40438d2f4043 8d2f40438d2f4043 8d2f40438d2f4043 8d2f40438d2f4043 8d2f40438d2f4043 8d2f40438d2f4043 8d2f40438d2f4043
ZMM25=276ff9a7276ff9a7 276ff9a7276ff9a7 276ff9a7276ff9a7 276ff9a7276ff9a7 276ff9a7276ff9a7 276ff9a7276ff9a7 276ff9a7276ff9a7 276ff9a7276ff9a7
ZMM26=adb551c7adb551c7 adb551c7adb551c7 adb551c7adb551c7 adb551c7adb551c7 adb551c7adb551c7 adb551c7adb551c7 adb551c7adb551c7 adb551c7adb551c7
ZMM27=fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa fd3ed5aafd3ed5aa
ZMM28=000000500000004f 0000004e0000004d 0000004c0000004b 0000004a00000049 0000004800000047 0000004600000045 0000004400000043 0000004200000041
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=6214000062140000 6214000062140000 6214000062140000 6214000062140000 6214000062140000 6214000062140000 6214000062140000 6214000062140000
info registers vcpu 3

CPU#3
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84f95405 RDI=ffffffff94d5c040 RBP=ffffffff94d5c000 RSP=ffffc90003257700
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000003
R12=0000000000000000 R13=0000000000000074 R14=ffffffff84f953a0 R15=0000000000000000
RIP=ffffffff84f9542f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802c300000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000310fcff8 CR3=0000000000e30000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000feffffd0 Opmask01=0000000000004211 Opmask02=000000000000ffdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd107fde60 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a2a2a 2a2a2a2a2a2a2a2a
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000ff000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ffff0000ff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 20a0e55aea0229b4 737326c5ed6089c7
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737142 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656c696620732520 6465746165726300 0a73253a47000a73 253d73253a45000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40494c4305560005 4140514440574600 0a56001f47000a56 001856001f45000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 000055b3c52ee410 0000000000000051 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 68636163627c2a64 76787c2a64767c2a 72737c2a64737c2a 656d766e006c7463
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7c2a6d656d707c2a 6d63737c2a646275 7c2a003177617264 6968007761726469
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000e 0000000000000000 00007ffd107fd9a8 6373797300333a37
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000e 0000000000000000 0000506310505c66 4c5c5635001c1518
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000e 0000000000000000 0000786310785c66 6373633500333a37
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000