last executing test programs:

4.505313285s ago: executing program 1 (id=2098):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
setxattr$security_ima(0x0, &(0x7f0000000140), &(0x7f0000000340)=ANY=[], 0x700, 0x0)
setxattr$security_ima(&(0x7f0000000080)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000240)=@md5={0x1, "8654b22939e1a8554224d1325532c7b5"}, 0x11, 0x1)

4.271600109s ago: executing program 3 (id=2101):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0xc08c5335, &(0x7f0000000180)={0x0, 0x80})
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x19, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@dev}, {@multicast2}, {@rand_addr, 0xfffffffc}, {@broadcast, 0x52b3}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="a3897f4237", 0x5, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x821dc, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x1}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@block_validity}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP")
chdir(&(0x7f0000000000)='./file0\x00')
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r6, 0xae9a)
mount$9p_rdma(&(0x7f0000000100), &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x11000, &(0x7f0000000440)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x7fffffff}}, {@common=@access_user}, {@rq={'rq', 0x3d, 0x1}}, {@timeout={'timeout', 0x3d, 0x4}}, {@common=@privport}, {@common=@access_user}, {@rq={'rq', 0x3d, 0x1}}, {@common=@fscache}, {@sq={'sq', 0x3d, 0x2}}], [{@appraise_type}, {@dont_appraise}, {@subj_user}]}})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat(r1, &(0x7f0000000040)='./file0\x00', 0x12800, 0x10)

4.209298361s ago: executing program 4 (id=2102):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "ef6a8457727885e48ed2c9915addd5aa"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt(r1, 0x4, 0x0, &(0x7f0000000340)="781197fd16d42b510ba503121a2d", 0xe)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000380)={0x33b7, 0x6d8, 0x0, {0x8, @pix_mp={0xb, 0x7, 0x49433553, 0x4, 0x9, [{0x0, 0x80}, {0x1, 0x5}, {0x81, 0x3}, {0x7fff}, {0x7, 0x9}, {0x2, 0x2}, {0x5, 0x6}, {0x6, 0x7fff}], 0xff, 0x2f, 0xe, 0x2, 0x3}}, 0xef7})
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000240)={[{@noblock_validity}, {@quota}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@grpid}, {@auto_da_alloc}, {@noload}, {@nouid32}, {@bh}, {@user_xattr}]}, 0x1, 0x4e2, &(0x7f0000000b80)="$eJzs3c9vG1kdAPDvTOImm81usrASPwRsWRYKqmon7m602tNyAaHVSogVJw7ZkLhRFDuOYmdpQiXS/wGJSpzgT+CAxAGpJ+7c4MalHJAKVKAGiYPRjCdpSOMkbRMb7M9HGs28eeP5vldr3nO/SfwCGFlXI2IvIq5ExMcRMVOcT4ot3u9u2XWPH91Z3n90ZzmJTuejvyV5fXYujrwm83Jxz8mI+N63I36YPB23tbO7vlSv17aKcqXd2Ky0dnZvrDWWVmurtY1qdWF+Ye7dm+9UL6yvbzR+9fBbax98/7e/+eKD3+9948dZs6aLuqP9uEjdrpcO42TGI+KDywg2AGNFf64MuiE8lzQiPhURb+bP/0yM5e/m+ZzwWAMA/wc6nZnozBwtAwDDLs1zYElaLnIB05Gm5XI3h/d6TKX1Zqt9/VZze2OlmyubjVJ6a61emytyhbNRSrLyfH78pFw9Vr4ZEa9FxE8nXsrL5eXz5xkAgIv18rH5/58T3fkfABhyk2ddsNifdgAA/XPm/A8ADB3zPwCMHvM/AIwe8z8AjB7zPwCMnmL+Hxt0OwCAvvjuhx9mW2e/+P7rlU92ttebn9xYqbXWy43t5fJyc2uzvNpsrtZr5eVm46z71ZvNzfm3Y/t2pV1rtSutnd3FRnN7o72Yf6/3Yq3Ul14BAKd57Y37f0wiYu+9l/ItjqzlYK6G4ZYOugHAwMj5w+jyLdwwuvwfHzhrLc+evyJ87zmCdX7yHC8CLtq1z8n/w6iS/4fRJf8Po0v+H0ZXp5P0WvM/PbwEABgqcvxAX3/+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENiOt+StFysBT4daVouR7wSEbNRSm6t1WtzEfFqRPxhojSRlecH3WgA4AWlf0mK9b+uzbw1fbz2SvKviXwfET/6+Uc/u73Ubm/NZ+f/fni+fa84Xx1E+wGAsxzM0wfz+IHHj+4sH2z9bM/Db3YXF83i7hdbt2Y8xvP9ZJQiYuofSVHuyj6vjF1A/L27EfHZk/qf5LmR2WLl0+Pxs9iv9DV++l/x07yuu8/+LT79DDHPWusVRsX9bPx5/6TnL42r+X7yxMWPJ/MR6sUdjH/7T41/6eH4N9Zj/Lt63hhv/+47PevuRnx+/KT4yWH8pEf8t84Z/09f+NKbveo6v4i4FifHPxqr0m5sVlo7uzfWGkurtdXaRrW6ML8w9+7Nd6qVPEddOchUP+2v711/9bT+T/WIP3lG/796aq87EwdHv/z3xz/48inxv/6Vk9//10+Jn82JXzs1/hNLU7/uuXx3Fn+l2/+7z/r+Xz9n/Ad/3l0556UAQB+0dnbXl+r12taFHpTigm945CC5pDY7GPKD7PP4i97nM0XK7H+gO5d9MOiRCbhsTx76QbcEAAAAAAAAAAAAAADo5dL/nCgddA8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYZv8JAAD//wqryik=")
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2000005}, 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff0000080000000000000001000084060000000000000001"], 0x0, 0x42}, 0x20)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000005c0))
r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0)
r4 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000180)=""/109, 0x6d}, {&(0x7f0000000480)=""/6, 0x6}], 0x2, 0x9, 0x5)
write$binfmt_elf64(r4, &(0x7f0000000000)=ANY=[], 0xfd14)
ioctl$EXT4_IOC_MIGRATE(r3, 0x6609)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000000), 0x4)

3.355899474s ago: executing program 3 (id=2104):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)={0xa0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x59, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x21, 0x2, "a1"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xa0}}, 0x0)

3.327198838s ago: executing program 1 (id=2106):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f0000000100)={"cf9120d39e43eb6bff50dc3a4cd648632ea711ced8756732f044c65be125", 0x2, 0x13f, 0x3, [0xcc000000, 0xda1c, 0x4, 0x6, 0xb, 0x0, 0x1, 0x7fff, 0xb, 0x3, 0x101, 0x6, 0x800, 0x8, 0x5, 0xbab, 0x8, 0x6]})
pipe2(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="260000000300b085b5"], 0x26)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
splice(r1, 0x0, r3, 0x0, 0x26, 0x0)

3.183768684s ago: executing program 4 (id=2107):
sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20c01a}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40408b0}, 0x20000891)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192}, 0x90)
r0 = openat(0xffffffffffffff9c, 0x0, 0x1817c1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x6, 0xc}, 0xf)
openat(0xffffffffffffffff, &(0x7f0000000340)='./file2\x00', 0x26e3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1, 0x1, {0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}, 0x7f}}}, 0x3a)
dup2(r4, r3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x4, 0x8, 0x4, 0x100, r1, 0x5, '\x00', 0x0, r0, 0x5, 0x4, 0x3, 0x5}, 0xb86efdd64a79a83)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r5, @ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
clock_gettime(0x3, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0xffffff85, 0x0, 0x0, 0xfffffffffffffca9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x27)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)

3.166804279s ago: executing program 3 (id=2108):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000010000100000000790f7905b12c6dcdbb5d7d"], 0x50}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c}, 0x38)

2.631309004s ago: executing program 0 (id=2109):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000380)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @loopback}}}, &(0x7f0000000200)=0x90)

2.597295449s ago: executing program 3 (id=2110):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_TP_METER(r0, 0x0, 0x20044840)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x0)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000080)=0x1)
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
ioctl$SIOCAX25GETUID(r2, 0x89e0, &(0x7f0000000040)={0x3, @null})

2.496264164s ago: executing program 0 (id=2111):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000001800), 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x7, 0x0, &(0x7f0000000040))

2.436969643s ago: executing program 3 (id=2112):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0xc08c5335, &(0x7f0000000180)={0x0, 0x80}) (fail_nth: 3)

2.429020487s ago: executing program 0 (id=2113):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "0062030082000000000000000000f7ffffff00"})
ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x14)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$TCSETSW2(r2, 0x80045440, 0x0)

2.400192962s ago: executing program 1 (id=2114):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x24, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="040100001000010400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000200040800b0001006d61637365630000100002800c000f0000000000000000000c001980060002003a0000000500110080000000b0001a"], 0x104}}, 0x0)

2.087575174s ago: executing program 1 (id=2115):
memfd_create(&(0x7f0000000580)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\vsW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05k4p\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000400)='./bus\x00', 0x4003e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17ffff6, 0x11, r1, 0x0)
ioctl$DRM_IOCTL_AGP_INFO(r0, 0x80386433, &(0x7f00000007c0)=""/242)
ftruncate(r0, 0x7fff)
r2 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x3, 0x0, 'syz1\x00', &(0x7f0000000340)=['g\xaf\x9bcG\xac\xbd\xba\x88\x1b\x8d\xa5f\xf8\x00', '-[\'\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0x23})
r3 = syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r3, 0xc2604110, &(0x7f0000003ac0)={0x0, [[0x3], [0x7f7f], [0x1, 0x0, 0x0, 0x0, 0x0, 0x1]], '\x00', [{0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x800000}], '\x00', 0xff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x8)
connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000001c40)='batadv0\x00', 0x10)
write$binfmt_script(r7, &(0x7f0000000400), 0x4)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="25003300d000000008021100000108021100000050505050505000000302"], 0x44}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000580)={{0x12, 0x1, 0x0, 0x97, 0x4, 0xe9, 0x40, 0x59cc, 0x980d, 0xb48e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0x3, 0x50}}]}}]}}, 0x0)
timer_create(0x2, &(0x7f0000000240)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x1c, r9, 0x5, 0x0, 0x0, {{0x18}, {@val={0x8, 0x3, r10}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_AUTHENTICATE(r8, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)={0x7c, r5, 0x2, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x83, 0x3d}}}}, [@key_params=[@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x23a}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}], @NL80211_ATTR_MAC={0xa, 0x6, @random="3a123baa06bc"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x111}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1bd}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x5)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
io_setup(0x900a, &(0x7f0000000000))

2.033871787s ago: executing program 3 (id=2116):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
setxattr$security_ima(0x0, &(0x7f0000000140), &(0x7f0000000340)=ANY=[], 0x700, 0x0)
setxattr$security_ima(&(0x7f0000000080)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000240)=@md5={0x1, "8654b22939e1a8554224d1325532c7b5"}, 0x11, 0x1)

1.986138308s ago: executing program 4 (id=2117):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000380)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r4=>0x0})
syz_open_procfs(r4, &(0x7f0000000600)='fd/4\x00')
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_setup(0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x3, 0x0, @fd_index=0xa, 0xbd, &(0x7f0000000440)="18", 0x1, 0x22})
io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x12, 0xfffffffffffffffe, 0x0, {0x20000000000}}, 0x18)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="beef915d564c90c200"/24, 0x18)
r6 = accept$alg(r5, 0x0, 0x0)
poll(&(0x7f00000000c0)=[{r6}], 0x1, 0xb5e7)

1.503948768s ago: executing program 0 (id=2118):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)={0xa0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x59, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x21, 0x2, "a1"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xa0}}, 0x0)

1.459852109s ago: executing program 0 (id=2120):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000010000100000000790f7905b12c6dcdbb5d7d"], 0x50}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c}, 0x38)

1.12945919s ago: executing program 0 (id=2122):
unshare(0x6020400)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="8500000061000000350000000000000085000000230000009500000000000000f4670880271e3542dfa8ba6287066c5197fabc5f7010e81ae0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e20100000000000000c09cc28de194f40800000000b0d3fe2c7e93366796c7224a0c2c0213af2eff010000e3d800000104f4b1fc30dc914bc16543d4baa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3012e95752003b2f7846c744ae6af3c037102124d8eb000013000000000000000000a46aac3abe6c4d7f47ef6d02bad9dddacecf7eaa4a9779f8555ed6aea768c1f28221c110ed050000000ee282ab76ef93d96bc46a7c04b8c5324812d992a4f8dc6fcba00b1b2da951667d0276a0327b56c0ebfb19b3426887b6f1b6070e0ce1f844ce32a9988ca042dca52fbb8c1452b683f60f2744419a2f238f173d0000003cf4fbd775d9c04dac60ff00a629b3b2000000000000000000001d004e41ff9b4d00e07ff771cea08bea2fa81fb4c4c43f74936f333e3ae44f7ddd2fb35d4c46392ae855531b1eaf40aee8c94fd812e40f14e519a264ff3c572eecd5f6ca98b55e78f8d94f57ed7e6a3ab5dd9a4adedbdf0e58f58eb2e83500000000000000934c92002eace9a8d6f3dd008acf8a5c0fb433678060ac0e201e401fb1711d41f45d90a1e19795c995ffdd7055ee872d0e3e62dd578d590e62ff74d667477ac69a806d4552084a87f74fdfc117d4975576c102976c1ef70ceac9ff714bab1f59f8ebd67f2aca41706c147e3e0d3e557de0349c5ca80f10361bedc4832ae62a2b045ef6587710a82c2e27bacc81877b996a708c3a9235bdbec2cde0cfca78205439b4fd312c7106000000000000000000000000df83e1a6c37e26d8f98d7e9419275bc3bba633b47d00000000000000000000000000000000000000000000009d6ccaab1c17bbfdd16cbf3bb706537fe8cfed4272e665566d6ae239a97a1f6d00df0d03a22818be6aba095303e587b2b4520b2c5959d6581b7fe36733eb690b3fad4da9652edab3e76432c4212a38119d64465532c7abdc6f71439ec93bae9cb88349c1e0ba02e7d9d4e636acaae12c3853f388940cf59b056d8318d4cc52182acaa0de24a14600000000000000000000000000006efb26dd3e1d58b159c3828e1cb39cd81410a4d4acb14dbee7207fecf684463e333aa565db09e51caa690171b4c12f5e8f057a6ccb616989b6e4de92ea167928e3957dc9270e0ad2c0178888c9e7366bdf23cc5cd96a41540b6ade1b35c533a5d3022ae4318d66d9f3cced9e13a7f5b0e366edaedaa1d5492a7d189afd83ccca0d732d04f75b9bbb56a12ad943dac925c2f2ab663b5b44e33629c272358097e2d9719b23e9928a15914450bf2508f2c83e13e7ba667fc385bf5b64b774d92b61b1dae0c97dbe12454e2f4219be49888ce974720127c9c1db2238"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0xfffff000, 0xe80, 0x0, &(0x7f0000000880)="61df712bc884fed5722780b686dd", 0x0, 0x8000, 0x0, 0xfffffffffffffeca, 0x0, &(0x7f0000000000), &(0x7f0000000800)="ffe200004e379b19393a41afde6b0b1235c1278ebf59a5d4d697bc199e060b675b46d4ff37c7f91ceaa6790cd8570f080b0d2375918cd7dfcf26aa90dc6a5617be488475b892958512c8e814c24d7efc26f9f2512dec8c759773c42a2fca2735984613809a78eb", 0x0, 0x2}, 0x28)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000004c0))
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xc)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x1000, 0x3})
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)
syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000240), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
chdir(&(0x7f0000000040)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.current\x00', 0x275a, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @multicast1}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @local}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)={0x114, 0x1f, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x114}], 0x1, 0x0, 0x0, 0x20008051}, 0x0)

964.156317ms ago: executing program 4 (id=2124):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x11, &(0x7f0000000000)={&(0x7f0000000f00)=@newlink={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x34, 0x16, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x7}, {0x14}]}]}]}, @IFLA_TXQLEN={0x8}]}, 0x5c}}, 0x0)

957.959827ms ago: executing program 2 (id=2125):
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
ioctl$RNDADDENTROPY(r0, 0x401c5820, 0x0)

919.967762ms ago: executing program 2 (id=2126):
symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000001200)='blkio.throttle.io_serviced_recursive\x00')
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000003c0)={0x4, 0x0, [{0x1, 0x87, &(0x7f0000000300)=""/135}, {0x1000, 0x1000, &(0x7f0000001ec0)=""/4096}, {0x2004, 0x2c, &(0x7f0000000500)=""/44}, {0x0, 0x60, 0x0}]})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000840)={0x4, 0x0, [{0xd000, 0x94, &(0x7f0000000600)=""/148}, {0x2000, 0x14, &(0x7f0000000240)=""/20}, {0x10000, 0x63, &(0x7f00000006c0)=""/99}, {0x2, 0x4c, &(0x7f00000007c0)=""/76}]})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04080400c8"], 0x7)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0xb, &(0x7f0000000080)=0x80000001, 0x4)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280))
r4 = socket(0x10, 0x4, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000940)=@newqdisc={0x70, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x2b54f49c5eabd2bb}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x2, 0x630}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xbe6bd86713d51e6c}]}}]}, 0x70}}, 0x0)
socket$inet(0x2, 0xc080f, 0x4)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_buf(r6, 0x0, 0x8008000000010, &(0x7f0000000000)="170000000200010000ffbe8c5ee17688a2002b000301000a000002a257fc5ad90200bb6a880000d6c8db0000dba67e060a0000e28900000200df01800a000000fc0607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dfc060115003901000000000000ea000000000000000062068f5ee50ce5af9b1c568302ffff02ff030000ba000840024f0298e9e90539062a80e605007f71174aa951f3c63e5a1b47b63a6323ded2", 0xd2)
gettid()
socket$key(0xf, 0x3, 0x2)
accept(r5, &(0x7f0000000480)=@l2tp={0x2, 0x0, @local}, &(0x7f0000000500)=0x80)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0xd, 0x1}, 0x48)

772.13541ms ago: executing program 4 (id=2127):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
write$binfmt_misc(r0, &(0x7f0000000500)={'syz0', "1186e848f1d0db6ce0e857e439213e847298d9c022b4f1f896c4e915ce767647e73172b9ba73c6fc37ea33f708e697e786fa0f30260f523b0cbff131dab6c250b9afb120b84ad30313f675062d08d8e36171bf39675208c0d6447fa6ab0d180e5d24d3463214c858bf6f3f0972b796e01386f79a7f740ca0508749de048b43f00caec2c9a1f29adb02259bf8a6fe828763e11deb7ac65918faba70"}, 0x9f)
write$binfmt_script(r2, 0x0, 0xfffffe5d)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000440)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b00010062726964676500002000028008001a00fc0f000005001700010000000c002e00010000000000000008000a00", @ANYRES32=r4], 0x58}}, 0x0)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
shutdown(r6, 0x2)
shutdown(r6, 0x2)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=@newqdisc={0x24, 0x11, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r3}}, 0x24}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f0000000100), r7)

729.815619ms ago: executing program 2 (id=2128):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xa00, &(0x7f0000000000)={&(0x7f0000000640)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_PROTOINFO={0x8, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x4}}]}, 0x6c}}, 0x0)

613.877627ms ago: executing program 2 (id=2129):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x90) (async, rerun: 32)
r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) (rerun: 32)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
chdir(&(0x7f0000000180)='./file0\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r3 = getpid()
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'pim6reg0\x00', 0x31a57ec0e9bd18e2})
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) (async, rerun: 32)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) (rerun: 32)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r6, 0x0, 0x0, 0x2, 0x0)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb}, {0x65, 0x0, 0x6}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0xa, 0x9}, {0x7, 0x0, 0x3, 0x9}, {}, {}, {0x15}}], {{0x5, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
ioctl$CAPI_CLR_FLAGS(0xffffffffffffffff, 0x80044325, &(0x7f00000000c0)=0x1) (async, rerun: 64)
r9 = fsmount(r1, 0x0, 0x0) (rerun: 64)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r9, 0x3, 0x0, @void}, 0x62) (async)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000280)=0x1)
sendto$inet6(r10, 0x0, 0x0, 0x20080001, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x11}, 0x1c)

392.066471ms ago: executing program 2 (id=2130):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)={0xa0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x59, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x21, 0x2, "a1"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xa0}}, 0x0)

339.807638ms ago: executing program 4 (id=2131):
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'team0\x00', <r0=>0x0})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}, @IFLA_MASTER={0x8, 0xa, r0}]}, 0x3c}}, 0x0)

261.804176ms ago: executing program 2 (id=2132):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000010000100000000790f7905b12c6dcdbb5d7d"], 0x50}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c}, 0x38)

203.615713ms ago: executing program 1 (id=2133):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendto$inet6(r0, &(0x7f0000000380)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @loopback}}}, &(0x7f0000000200)=0x90)

0s ago: executing program 1 (id=2134):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), 0x0, &(0x7f0000000280)=<r2=>0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_setup(0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x3, 0x0, @fd_index=0xa, 0xbd, &(0x7f0000000440)="18", 0x1, 0x22})
io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x12, 0xfffffffffffffffe, 0x0, {0x20000000000}}, 0x18)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="beef915d564c90c200"/24, 0x18)
r5 = accept$alg(r4, 0x0, 0x0)
poll(&(0x7f00000000c0)=[{r5}], 0x1, 0xb5e7)

kernel console output (not intermixed with test programs):

his program
[  529.838317][ T2840] hfsplus: b-tree write err: -5, ino 4
[  530.077490][T12571] FAULT_INJECTION: forcing a failure.
[  530.077490][T12571] name failslab, interval 1, probability 0, space 0, times 0
[  530.090284][T12571] CPU: 1 UID: 0 PID: 12571 Comm: syz.3.1778 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  530.100546][T12571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  530.110644][T12571] Call Trace:
[  530.113935][T12571]  <TASK>
[  530.116880][T12571]  dump_stack_lvl+0x241/0x360
[  530.121585][T12571]  ? __pfx_dump_stack_lvl+0x10/0x10
[  530.126915][T12571]  ? __pfx__printk+0x10/0x10
[  530.131533][T12571]  should_fail_ex+0x3b0/0x4e0
[  530.136322][T12571]  should_failslab+0xac/0x100
[  530.141027][T12571]  __kmalloc_node_noprof+0xdf/0x440
[  530.146247][T12571]  ? __kvmalloc_node_noprof+0x72/0x190
[  530.151720][T12571]  __kvmalloc_node_noprof+0x72/0x190
[  530.157017][T12571]  seq_read_iter+0x202/0xd60
[  530.161648][T12571]  ? kernfs_fop_read_iter+0x143/0x640
[  530.167131][T12571]  vfs_read+0x9bd/0xbc0
[  530.171354][T12571]  ? __pfx_lock_release+0x10/0x10
[  530.176416][T12571]  ? __pfx_vfs_read+0x10/0x10
[  530.181130][T12571]  ksys_read+0x1a0/0x2c0
[  530.185407][T12571]  ? __pfx_ksys_read+0x10/0x10
[  530.190217][T12571]  ? rcu_is_watching+0x15/0xb0
[  530.195019][T12571]  ? rcu_is_watching+0x15/0xb0
[  530.199841][T12571]  do_syscall_64+0xf3/0x230
[  530.204383][T12571]  ? clear_bhb_loop+0x35/0x90
[  530.209087][T12571]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.215011][T12571] RIP: 0033:0x7fae7f975bd9
[  530.219439][T12571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  530.239061][T12571] RSP: 002b:00007fae80759048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  530.247515][T12571] RAX: ffffffffffffffda RBX: 00007fae7fb04110 RCX: 00007fae7f975bd9
[  530.255508][T12571] RDX: 00000000000000fc RSI: 0000000020000040 RDI: 0000000000000008
[  530.263504][T12571] RBP: 00007fae807590a0 R08: 0000000000000000 R09: 0000000000000000
[  530.272096][T12571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.280081][T12571] R13: 000000000000006e R14: 00007fae7fb04110 R15: 00007fff5cd46ff8
[  530.288087][T12571]  </TASK>
[  530.657894][T12576] IPv6: addrconf: prefix option has invalid lifetime
[  530.662877][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  530.823903][T12588] loop4: detected capacity change from 0 to 1024
[  530.869038][T12589] syz.3.1785 (12589): drop_caches: 1
[  530.897978][T12590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1785'.
[  530.948608][T12590] geneve2: entered promiscuous mode
[  530.985283][T12589] syz.3.1785 (12589): drop_caches: 1
[  531.333960][T12598] loop2: detected capacity change from 0 to 256
[  531.341857][T12598] exfat: Deprecated parameter 'utf8'
[  531.355177][T12598] exfat: Deprecated parameter 'utf8'
[  531.366343][T12598] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  531.903604][T12610] loop0: detected capacity change from 0 to 64
[  531.987572][ T2840] hfsplus: b-tree write err: -5, ino 8
[  532.252887][T12620] loop3: detected capacity change from 0 to 256
[  532.262012][T12620] vfat: Unknown parameter '�'
[  532.386575][T12622] netlink: 'syz.3.1795': attribute type 27 has an invalid length.
[  532.706472][T12606] loop2: detected capacity change from 0 to 32768
[  532.746274][T12622] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.754172][T12622] bridge0: port 1(bridge_slave_0) entered disabled state
[  533.118936][T12606] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  533.212834][T12622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  533.293075][T12622] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  533.388471][T12606] XFS (loop2): Ending clean mount
[  533.414744][T12654] loop4: detected capacity change from 0 to 1024
[  533.417723][T12606] XFS (loop2): Quotacheck needed: Please wait.
[  533.427632][T12622] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  533.438844][T12622] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  533.456927][T12622] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  533.475578][T12622] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  533.494687][T12654] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  533.516429][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  533.532748][T12606] XFS (loop2): Quotacheck: Done.
[  533.681932][T12654] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  533.697219][T12654] EXT4-fs (loop4): orphan cleanup on readonly fs
[  533.705206][T12654] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=2
[  533.774841][T12654] EXT4-fs warning (device loop4): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
[  533.799369][T12654] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  533.812594][T12654] EXT4-fs (loop4): 1 truncate cleaned up
[  533.819324][T12654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  533.905069][T12654] IPv6: addrconf: prefix option has invalid lifetime
[  534.084036][T12107] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.428158][T11346] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  534.447783][T12667] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1800'.
[  534.573131][T12667] geneve2: entered promiscuous mode
[  534.963934][T12666] syz.0.1800 (12666): drop_caches: 1
[  535.076857][T12664] loop4: detected capacity change from 0 to 32768
[  535.114575][T12664] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  535.261519][T12664] XFS (loop4): Ending clean mount
[  535.271382][T12664] XFS (loop4): Quotacheck needed: Please wait.
[  535.307850][T12664] XFS (loop4): Quotacheck: Done.
[  535.316914][T12666] syz.0.1800 (12666): drop_caches: 1
[  535.323899][T12664] FAULT_INJECTION: forcing a failure.
[  535.323899][T12664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  535.364550][T12664] CPU: 1 UID: 0 PID: 12664 Comm: syz.4.1799 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  535.374854][T12664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  535.384963][T12664] Call Trace:
[  535.388271][T12664]  <TASK>
[  535.391224][T12664]  dump_stack_lvl+0x241/0x360
[  535.395940][T12664]  ? __pfx_dump_stack_lvl+0x10/0x10
[  535.401174][T12664]  ? __pfx__printk+0x10/0x10
[  535.405801][T12664]  ? snprintf+0xda/0x120
[  535.410068][T12664]  should_fail_ex+0x3b0/0x4e0
[  535.414788][T12664]  _copy_to_user+0x2f/0xb0
[  535.419239][T12664]  simple_read_from_buffer+0xca/0x150
[  535.424656][T12664]  proc_fail_nth_read+0x1e9/0x250
[  535.429718][T12664]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  535.435292][T12664]  ? bpf_lsm_file_permission+0x9/0x10
[  535.440694][T12664]  ? rw_verify_area+0x520/0x6b0
[  535.445577][T12664]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  535.451169][T12664]  vfs_read+0x204/0xbc0
[  535.455352][T12664]  ? __pfx_lock_release+0x10/0x10
[  535.460414][T12664]  ? __pfx_vfs_read+0x10/0x10
[  535.465118][T12664]  ? rcu_is_watching+0x15/0xb0
[  535.469904][T12664]  ? __fget_files+0x29/0x470
[  535.474515][T12664]  ? __fget_files+0x3f6/0x470
[  535.479221][T12664]  ksys_read+0x1a0/0x2c0
[  535.483490][T12664]  ? do_quotactl+0x59c/0x870
[  535.488107][T12664]  ? __pfx_ksys_read+0x10/0x10
[  535.492908][T12664]  ? rcu_is_watching+0x15/0xb0
[  535.497697][T12664]  ? rcu_is_watching+0x15/0xb0
[  535.502486][T12664]  do_syscall_64+0xf3/0x230
[  535.507027][T12664]  ? clear_bhb_loop+0x35/0x90
[  535.511731][T12664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.517650][T12664] RIP: 0033:0x7f277d9746bc
[  535.522091][T12664] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  535.541727][T12664] RSP: 002b:00007f277e711040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  535.550358][T12664] RAX: ffffffffffffffda RBX: 00007f277db03f60 RCX: 00007f277d9746bc
[  535.558378][T12664] RDX: 000000000000000f RSI: 00007f277e7110b0 RDI: 0000000000000005
[  535.566384][T12664] RBP: 00007f277e7110a0 R08: 0000000000000000 R09: 0000000000000000
[  535.574383][T12664] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001
[  535.582385][T12664] R13: 000000000000000b R14: 00007f277db03f60 R15: 00007ffc1bb57b68
[  535.590395][T12664]  </TASK>
[  535.709741][T12671] loop2: detected capacity change from 0 to 32768
[  535.727976][T12671] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1801 (12671)
[  535.767407][T12671] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  535.783281][T12107] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  535.836379][T12671] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  535.863288][T12671] BTRFS info (device loop2): using free-space-tree
[  536.015971][   T29] audit: type=1800 audit(1721001042.951:2792): pid=12671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1801" name="bus" dev="loop2" ino=263 res=0 errno=0
[  536.200675][T12709] binder: 12707:12709 ioctl c00c620f 0 returned -14
[  536.248297][T12686] loop0: detected capacity change from 0 to 32768
[  536.485365][T12709] can: request_module (can-proto-0) failed.
[  536.536223][T11346] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  536.679844][T12723] FAULT_INJECTION: forcing a failure.
[  536.679844][T12723] name failslab, interval 1, probability 0, space 0, times 0
[  536.703701][T12723] CPU: 0 UID: 0 PID: 12723 Comm: syz.1.1808 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  536.713995][T12723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  536.724075][T12723] Call Trace:
[  536.727373][T12723]  <TASK>
[  536.730322][T12723]  dump_stack_lvl+0x241/0x360
[  536.731333][T12625] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  536.735019][T12723]  ? __pfx_dump_stack_lvl+0x10/0x10
[  536.747782][T12723]  ? __pfx__printk+0x10/0x10
[  536.752403][T12723]  ? __pfx___might_resched+0x10/0x10
[  536.757738][T12723]  ? find_mergeable_anon_vma+0x58d/0x870
[  536.763400][T12723]  should_fail_ex+0x3b0/0x4e0
[  536.768121][T12723]  ? __anon_vma_prepare+0x117/0x4a0
[  536.773348][T12723]  should_failslab+0xac/0x100
[  536.778042][T12723]  ? __anon_vma_prepare+0x117/0x4a0
[  536.783247][T12723]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  536.788630][T12723]  __anon_vma_prepare+0x117/0x4a0
[  536.793668][T12723]  handle_pte_fault+0x5788/0x6eb0
[  536.798713][T12723]  ? __pfx_handle_pte_fault+0x10/0x10
[  536.804090][T12723]  ? mmap_region+0x1a61/0x2090
[  536.808872][T12723]  ? rcu_is_watching+0x15/0xb0
[  536.813640][T12723]  ? lock_acquire+0xe3/0x550
[  536.818245][T12723]  ? __pfx_lock_acquire+0x10/0x10
[  536.823293][T12723]  handle_mm_fault+0xff1/0x19a0
[  536.828160][T12723]  ? __pfx_handle_mm_fault+0x10/0x10
[  536.833460][T12723]  ? lock_vma_under_rcu+0x592/0x6e0
[  536.838672][T12723]  ? rcu_is_watching+0x15/0xb0
[  536.843439][T12723]  exc_page_fault+0x459/0x8c0
[  536.848129][T12723]  asm_exc_page_fault+0x26/0x30
[  536.852984][T12723] RIP: 0033:0x7fa5e9c3b453
[  536.857406][T12723] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  536.877035][T12723] RSP: 002b:00007fa5e97dd4b0 EFLAGS: 00010202
[  536.883106][T12723] RAX: 0000000000000000 RBX: 00007fa5e97dd550 RCX: 00007fa5dfa00000
[  536.891080][T12723] RDX: 00007fa5e97dd6f0 RSI: 000000000000000b RDI: 00007fa5e97dd5f0
[  536.899051][T12723] RBP: 000000000000013c R08: 000000000000000a R09: 00000000000002a2
[  536.907017][T12723] R10: 000000000000031e R11: 00007fa5e97dd550 R12: 00007fa5e97dd550
[  536.914997][T12723] R13: 00007fa5e9df5f80 R14: 0000000000000058 R15: 00007fa5e97dd5f0
[  536.922986][T12723]  </TASK>
[  536.940814][T12723] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  537.161429][T12625] usb 1-1: Using ep0 maxpacket: 16
[  537.175407][T12625] usb 1-1: config 0 has an invalid interface number: 61 but max is 0
[  537.204576][T12625] usb 1-1: config 0 has no interface number 0
[  537.223592][T12625] usb 1-1: New USB device found, idVendor=102c, idProduct=6151, bcdDevice=2c.ae
[  537.241392][T12625] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.251186][T12625] usb 1-1: Product: syz
[  537.255375][T12625] usb 1-1: Manufacturer: syz
[  537.260126][T12625] usb 1-1: SerialNumber: syz
[  537.268984][T12625] usb 1-1: config 0 descriptor??
[  537.276746][T12625] gspca_main: etoms-2.14.0 probing 102c:6151
[  538.298525][ T2800] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  538.648885][    T9] usb 1-1: USB disconnect, device number 30
[  539.057894][T12732] loop2: detected capacity change from 0 to 32768
[  539.079980][T12732] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1810 (12732)
[  539.145506][T12732] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  539.157736][T12732] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  539.168979][T12732] BTRFS info (device loop2): using free-space-tree
[  539.206715][T12745] loop4: detected capacity change from 0 to 64
[  539.429846][T11346] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  539.769926][ T2800] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  539.885628][ T2800] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.028854][ T2800] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.146297][ T2800] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.209840][T12773] loop3: detected capacity change from 0 to 1024
[  540.488338][ T2800] bridge_slave_1: left allmulticast mode
[  540.490144][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  540.510143][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  540.520271][ T2800] bridge_slave_1: left promiscuous mode
[  540.570555][ T2800] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.662653][ T2800] bridge_slave_0: left allmulticast mode
[  540.668345][ T2800] bridge_slave_0: left promiscuous mode
[  540.705492][ T2800] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.893505][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  540.981809][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  540.990060][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  540.999974][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  541.015298][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  541.024107][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  541.466663][ T2800] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  541.481510][ T2853] hfsplus: b-tree write err: -5, ino 8
[  541.523179][ T2800] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  541.545775][ T2800] bond0 (unregistering): Released all slaves
[  541.886690][T12797] Bluetooth: MGMT ver 1.23
[  542.637990][T12791] loop3: detected capacity change from 0 to 32768
[  542.701069][T12782] chnl_net:caif_netlink_parms(): no params data found
[  542.769320][T12791] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  542.991628][ T2800] hsr_slave_0: left promiscuous mode
[  543.022110][ T2800] hsr_slave_1: left promiscuous mode
[  543.034591][ T2800] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  543.047472][T12811] loop4: detected capacity change from 0 to 32768
[  543.056969][ T2800] batman_adv: batadv0: Removing interface: batadv_slave_0
[  543.073488][ T2800] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  543.081448][   T54] Bluetooth: hci0: command tx timeout
[  543.088672][ T2800] batman_adv: batadv0: Removing interface: batadv_slave_1
[  543.110555][ T2800] veth1_macvtap: left promiscuous mode
[  543.116306][ T2800] veth0_macvtap: left promiscuous mode
[  543.122085][ T2800] veth1_vlan: left promiscuous mode
[  543.127456][ T2800] veth0_vlan: left promiscuous mode
[  543.186258][T12791] XFS (loop3): Ending clean mount
[  543.195473][T12791] XFS (loop3): Quotacheck needed: Please wait.
[  543.211328][T12791] XFS (loop3): Quotacheck: Done.
[  543.397625][ T8801] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  543.905578][ T2800] team0 (unregistering): Port device team_slave_1 removed
[  543.927420][ T2800] team0 (unregistering): Port device team_slave_0 removed
[  544.533536][T12782] bridge0: port 1(bridge_slave_0) entered blocking state
[  544.541019][T12838] loop4: detected capacity change from 0 to 1024
[  544.563893][T12782] bridge0: port 1(bridge_slave_0) entered disabled state
[  544.572060][T12782] bridge_slave_0: entered allmulticast mode
[  544.589878][T12782] bridge_slave_0: entered promiscuous mode
[  544.615323][T12782] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.624466][T12782] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.699776][T12782] bridge_slave_1: entered allmulticast mode
[  544.772329][T12782] bridge_slave_1: entered promiscuous mode
[  545.088214][T12782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  545.154476][T12782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  545.163890][   T54] Bluetooth: hci0: command tx timeout
[  545.259111][ T2800] IPVS: stop unused estimator thread 0...
[  545.283802][T12841] loop2: detected capacity change from 0 to 64
[  545.507519][T12782] team0: Port device team_slave_0 added
[  545.544130][T12782] team0: Port device team_slave_1 added
[  545.642796][ T2840] hfsplus: b-tree write err: -5, ino 8
[  545.707926][T12782] batman_adv: batadv0: Adding interface: batadv_slave_0
[  545.735872][T12782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  545.791237][T12782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  545.862740][T12782] batman_adv: batadv0: Adding interface: batadv_slave_1
[  545.865462][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  546.031785][T12782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  546.617846][T12782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  546.815536][T12782] hsr_slave_0: entered promiscuous mode
[  546.851754][T12782] hsr_slave_1: entered promiscuous mode
[  546.878208][T12782] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  546.887251][T12782] Cannot create hsr debugfs directory
[  547.020605][T12845] loop3: detected capacity change from 0 to 32768
[  547.241229][   T54] Bluetooth: hci0: command tx timeout
[  547.553684][T12782] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  547.566177][T12782] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  547.582694][T12782] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  547.608432][T12782] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  548.520046][ T1794] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  548.567400][T12883] loop2: detected capacity change from 0 to 64
[  548.614578][T12782] 8021q: adding VLAN 0 to HW filter on device bond0
[  548.617479][T12886] loop4: detected capacity change from 0 to 1024
[  548.691408][ T1794] usb 2-1: device descriptor read/64, error -71
[  548.743544][T12782] 8021q: adding VLAN 0 to HW filter on device team0
[  548.833253][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  548.838067][T12887] loop3: detected capacity change from 0 to 4096
[  548.840393][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  548.899338][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state
[  548.901333][T12887] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  548.906508][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  549.011217][ T1794] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  549.161372][ T1794] usb 2-1: device descriptor read/64, error -71
[  549.331234][   T54] Bluetooth: hci0: command tx timeout
[  549.386377][ T1794] usb usb2-port1: attempt power cycle
[  549.647856][T12782] 8021q: adding VLAN 0 to HW filter on device batadv0
[  549.705548][ T2800] hfsplus: b-tree write err: -5, ino 8
[  549.759798][T12782] veth0_vlan: entered promiscuous mode
[  549.800941][T12782] veth1_vlan: entered promiscuous mode
[  549.823164][ T1794] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  549.863824][ T1794] usb 2-1: device descriptor read/8, error -71
[  549.888169][T12782] veth0_macvtap: entered promiscuous mode
[  550.025810][T12782] veth1_macvtap: entered promiscuous mode
[  550.231375][ T1794] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  550.602047][T12900] loop3: detected capacity change from 0 to 8192
[  550.610100][T12900] REISERFS warning (device loop3): super-6515 reiserfs_parse_options: journaled quota format not specified.
[  550.660931][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.671626][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.683145][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.694046][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.704068][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.708412][T12889] loop2: detected capacity change from 0 to 32768
[  550.714670][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.714697][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.714714][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.753620][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.764525][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.776990][T12782] batman_adv: batadv0: Interface activated: batadv_slave_0
[  550.787572][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.798143][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.811404][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.822092][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.857737][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.869223][ T1794] usb 2-1: device descriptor read/8, error -71
[  550.876457][T12889] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1847 (12889)
[  550.888649][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.906487][T12889] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  550.916724][T12782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  550.916842][T12889] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  550.943438][T12889] BTRFS info (device loop2): using free-space-tree
[  550.947512][T12782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.993022][T12782] batman_adv: batadv0: Interface activated: batadv_slave_1
[  551.004254][ T1794] usb usb2-port1: unable to enumerate USB device
[  551.027936][T12782] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  551.052478][T12782] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  551.081029][T12782] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  551.090511][T12782] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  551.250619][T11346] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  551.267825][ T2887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  551.287194][ T2887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.330820][ T2887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  551.348616][ T2887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.526071][T12946] loop4: detected capacity change from 0 to 1024
[  551.835170][T12960] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1816'.
[  551.944763][T12960] geneve2: entered promiscuous mode
[  552.091341][ T1794] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  552.421240][ T1794] usb 2-1: device descriptor read/64, error -71
[  553.231573][ T1794] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  553.250058][T12971] loop2: detected capacity change from 0 to 1024
[  553.268140][ T2853] hfsplus: b-tree write err: -5, ino 8
[  553.292778][T12971] ext4: Unknown parameter 'fsuuid'
[  553.375744][T12956] syz.0.1816 (12956): drop_caches: 1
[  553.401460][ T1794] usb 2-1: device descriptor read/64, error -71
[  553.532487][ T1794] usb usb2-port1: attempt power cycle
[  553.543734][T12977] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1865'.
[  553.560896][T12980] Bluetooth: MGMT ver 1.23
[  553.566074][T12981] loop3: detected capacity change from 0 to 128
[  553.569434][T12980] Bluetooth: hci3: invalid length 0, exp 2 for type 7
[  553.587424][T12981] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002]
[  553.613985][T12981] System zones: 1-3, 19-19, 35-36
[  553.659669][T12981] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  553.764978][T12981] ext4 filesystem being mounted at /219/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  553.831094][T12981] EXT4-fs warning (device loop3): verify_group_input:156: Last group not full
[  553.897141][T12987] loop0: detected capacity change from 0 to 4096
[  553.906018][T12987] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  553.939221][T12987] FAULT_INJECTION: forcing a failure.
[  553.939221][T12987] name failslab, interval 1, probability 0, space 0, times 0
[  553.971513][ T1794] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  553.990805][T12987] CPU: 1 UID: 0 PID: 12987 Comm: syz.0.1869 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  554.001069][T12987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  554.011148][T12987] Call Trace:
[  554.014433][T12987]  <TASK>
[  554.017365][T12987]  dump_stack_lvl+0x241/0x360
[  554.022052][T12987]  ? __pfx_dump_stack_lvl+0x10/0x10
[  554.027280][T12987]  ? __pfx__printk+0x10/0x10
[  554.031887][T12987]  ? __pfx___might_resched+0x10/0x10
[  554.037302][T12987]  should_fail_ex+0x3b0/0x4e0
[  554.042037][T12987]  ? indx_read+0x274/0xc50
[  554.046490][T12987]  should_failslab+0xac/0x100
[  554.051197][T12987]  ? indx_read+0x274/0xc50
[  554.055644][T12987]  __kmalloc_noprof+0xd8/0x400
[  554.060443][T12987]  indx_read+0x274/0xc50
[  554.060689][T12992] loop4: detected capacity change from 0 to 64
[  554.064704][T12987]  ? fnd_clear+0x276/0x300
[  554.064736][T12987]  indx_find+0x47a/0xbf0
[  554.064768][T12987]  ? __pfx_indx_find+0x10/0x10
[  554.084344][T12987]  ? dir_search_u+0x16a/0x3a0
[  554.089053][T12987]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  554.094638][T12987]  dir_search_u+0x1b7/0x3a0
[  554.099173][T12987]  ? __pfx_dir_search_u+0x10/0x10
[  554.104231][T12987]  ? __pfx_ntfs_nls_to_utf16+0x10/0x10
[  554.109716][T12987]  ? ntfs_lookup+0x51/0x1f0
[  554.114250][T12987]  ? rcu_is_watching+0x15/0xb0
[  554.119035][T12987]  ? ntfs_lookup+0x51/0x1f0
[  554.123568][T12987]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  554.128987][T12987]  ? kmem_cache_alloc_noprof+0x185/0x2a0
[  554.134829][T12987]  ntfs_lookup+0x106/0x1f0
[  554.139307][T12987]  ? __pfx_ntfs_lookup+0x10/0x10
[  554.144291][T12987]  path_openat+0x11cc/0x3470
[  554.148932][T12987]  ? __pfx_path_openat+0x10/0x10
[  554.153939][T12987]  ? lock_release+0xbf/0xa30
[  554.158565][T12987]  do_filp_open+0x235/0x490
[  554.163104][T12987]  ? __pfx_do_filp_open+0x10/0x10
[  554.168175][T12987]  ? _raw_spin_unlock+0x28/0x50
[  554.173050][T12987]  ? alloc_fd+0x5a1/0x640
[  554.177406][T12987]  do_sys_openat2+0x13e/0x1d0
[  554.182112][T12987]  ? __pfx_do_sys_openat2+0x10/0x10
[  554.187339][T12987]  ? fput+0x193/0x210
[  554.191351][T12987]  __x64_sys_creat+0x123/0x170
[  554.196153][T12987]  ? __pfx___x64_sys_creat+0x10/0x10
[  554.201474][T12987]  ? rcu_is_watching+0x15/0xb0
[  554.206270][T12987]  ? rcu_is_watching+0x15/0xb0
[  554.211062][T12987]  do_syscall_64+0xf3/0x230
[  554.212143][T12975] loop2: detected capacity change from 0 to 32768
[  554.215589][T12987]  ? clear_bhb_loop+0x35/0x90
[  554.215625][T12987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.223423][T12975] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1864 (12975)
[  554.226695][T12987] RIP: 0033:0x7fdcf3975bd9
[  554.249846][T12987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.269474][T12987] RSP: 002b:00007fdcf4765048 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  554.277928][T12987] RAX: ffffffffffffffda RBX: 00007fdcf3b03f60 RCX: 00007fdcf3975bd9
[  554.286086][T12987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100
[  554.294060][T12987] RBP: 00007fdcf47650a0 R08: 0000000000000000 R09: 0000000000000000
[  554.302031][T12987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  554.310117][T12987] R13: 000000000000000b R14: 00007fdcf3b03f60 R15: 00007ffe9ad09f38
[  554.318096][T12987]  </TASK>
[  554.331887][ T8801] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  554.340325][T12975] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  554.352459][ T1794] usb 2-1: device descriptor read/8, error -71
[  554.358922][T12975] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  554.372958][T12975] BTRFS info (device loop2): using free-space-tree
[  554.497926][T13010] loop0: detected capacity change from 0 to 1024
[  554.570162][ T2853] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  554.591898][   T29] audit: type=1804 audit(1721001317.521:2793): pid=12975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1864" name="/newroot/79/file0/bus" dev="loop2" ino=263 res=1 errno=0
[  554.621404][ T1794] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  554.851312][ T1794] usb 2-1: device not accepting address 23, error -71
[  554.871918][ T1794] usb usb2-port1: unable to enumerate USB device
[  554.886014][T11346] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  556.006677][T13014] loop4: detected capacity change from 0 to 32768
[  556.024449][T13014] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1874 (13014)
[  556.045230][T13014] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  556.055854][T13014] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  556.068360][T13014] BTRFS info (device loop4): using free-space-tree
[  556.212500][T13054] loop2: detected capacity change from 0 to 16
[  556.341212][    T9] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  557.232313][T13054] erofs: (device loop2): mounted with root inode @ nid 36.
[  557.244519][   T54] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000]
[  557.258998][   T29] audit: type=1800 audit(1721001320.161:2794): pid=13014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1874" name="bus" dev="loop4" ino=263 res=0 errno=0
[  557.259746][T13053] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  557.296990][   T29] audit: type=1800 audit(1721001320.221:2795): pid=13053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1876" name="file3" dev="loop2" ino=89 res=0 errno=0
[  557.322576][   T29] audit: type=1804 audit(1721001320.261:2796): pid=13055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1874" name="/newroot/42/bus/bus" dev="loop4" ino=263 res=1 errno=0
[  557.348349][  T952] hfsplus: b-tree write err: -5, ino 8
[  557.448301][T13057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1881'.
[  557.470706][T12107] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  557.486488][    T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  557.511731][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.527725][    T9] usb 2-1: config 0 descriptor??
[  557.604252][T13057] loop0: detected capacity change from 0 to 4096
[  557.614345][T13057] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  557.626774][T13057] ntfs3: loop0: It is recommened to use chkdsk.
[  557.654610][T13057] ntfs3: loop0: Failed to load $BadClus (-22).
[  557.659398][T13063] input: syz0 as /devices/virtual/input/input14
[  557.687955][   T29] audit: type=1326 audit(1721001320.621:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.3.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7f975bd9 code=0x7ffc0000
[  557.815823][   T29] audit: type=1326 audit(1721001320.621:2798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.3.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7f975bd9 code=0x7ffc0000
[  557.871777][   T29] audit: type=1326 audit(1721001320.651:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.3.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fae7f975bd9 code=0x7ffc0000
[  558.078353][   T29] audit: type=1326 audit(1721001320.651:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.3.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7f975bd9 code=0x7ffc0000
[  558.231932][   T29] audit: type=1326 audit(1721001320.651:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.3.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fae7f975bd9 code=0x7ffc0000
[  558.508386][   T29] audit: type=1326 audit(1721001320.651:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.3.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7f975bd9 code=0x7ffc0000
[  558.624979][    T9] ath6kl: Failed to submit usb control message: -110
[  558.658500][    T9] ath6kl: unable to send the bmi data to the device: -110
[  558.669691][    T9] ath6kl: Unable to send get target info: -110
[  558.702736][    T9] ath6kl: Failed to init ath6kl core: -110
[  558.703701][T13091] loop3: detected capacity change from 0 to 64
[  558.714730][    T9] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110
[  558.752158][T13091] hfs: unable to parse mount options
[  558.788427][    T9] usb 2-1: USB disconnect, device number 24
[  558.809885][T13069] loop4: detected capacity change from 0 to 32768
[  558.826204][T13098] loop3: detected capacity change from 0 to 64
[  558.833399][T13098] hfs: unable to parse mount options
[  558.867441][T13069] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  558.893052][T13069] XFS (loop4): Ending clean mount
[  558.900687][T13109] loop0: detected capacity change from 0 to 2048
[  558.946941][T13109] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  559.100414][T12782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.186550][T13123] sctp: [Deprecated]: syz.2.1896 (pid 13123) Use of int in max_burst socket option.
[  559.186550][T13123] Use struct sctp_assoc_value instead
[  559.263541][T12107] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  559.286415][T13129] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  559.716935][T13140] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1903'.
[  559.736200][ T2870] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.841310][   T46] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  560.101299][   T46] usb 5-1: Using ep0 maxpacket: 8
[  560.181896][   T46] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  560.297956][ T2870] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.309900][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.323651][   T46] usb 5-1: config 0 descriptor??
[  560.393312][ T2870] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.487090][ T2870] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.659086][ T2870] bridge_slave_1: left allmulticast mode
[  560.668611][ T2870] bridge_slave_1: left promiscuous mode
[  560.676984][ T2870] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.707888][ T2870] bridge_slave_0: left allmulticast mode
[  560.716879][T11032] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  560.716977][ T2870] bridge_slave_0: left promiscuous mode
[  560.729958][ T2870] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.738064][T11032] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  560.747197][T11032] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  560.755602][T11032] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  560.765931][T11032] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  560.774433][T11032] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  560.929994][ T2870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  560.954615][ T2870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  560.974095][ T2870] bond0 (unregistering): Released all slaves
[  561.061600][ T2870] ��: left promiscuous mode
[  561.393729][ T2870] hsr_slave_0: left promiscuous mode
[  561.415381][ T2870] hsr_slave_1: left promiscuous mode
[  561.431597][ T2870] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  561.439066][ T2870] batman_adv: batadv0: Removing interface: batadv_slave_0
[  561.458078][ T2870] batman_adv: batadv0: Removing interface: vlan2
[  561.489016][ T2870] veth1_macvtap: left promiscuous mode
[  561.501278][ T2870] veth0_macvtap: left promiscuous mode
[  561.506993][ T2870] veth1_vlan: left promiscuous mode
[  561.521292][ T2870] veth0_vlan: left promiscuous mode
[  561.613744][T13179] loop0: detected capacity change from 0 to 512
[  561.653172][T13179] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  561.686400][T13179] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  561.727918][T13179] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #2: comm syz.0.1916: corrupted inode contents
[  561.739729][   T46] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  561.739767][   T46] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  561.739942][   T46] asix 5-1:0.0: probe with driver asix failed with error -71
[  561.742843][   T46] usb 5-1: USB disconnect, device number 18
[  561.788157][T13179] EXT4-fs error (device loop0): ext4_dirty_inode:6014: inode #2: comm syz.0.1916: mark_inode_dirty error
[  561.814407][T13179] EXT4-fs error (device loop0): ext4_do_update_inode:5154: inode #2: comm syz.0.1916: corrupted inode contents
[  561.827522][T13179] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.1916: mark_inode_dirty error
[  561.910609][ T2870] team0 (unregistering): Port device team_slave_1 removed
[  561.930203][T12782] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /15/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  561.965236][ T2870] team0 (unregistering): Port device team_slave_0 removed
[  561.973902][T12782] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /15/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  562.015492][T12782] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /15/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  562.039782][T12782] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /15/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  562.063272][T12782] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /15/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  562.084897][T12782] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /15/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  562.251697][T13176] pim6reg1: entered promiscuous mode
[  562.291241][T13176] pim6reg1: entered allmulticast mode
[  562.488118][T13159] chnl_net:caif_netlink_parms(): no params data found
[  562.633983][T13159] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.641933][T13159] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.649153][T13159] bridge_slave_0: entered allmulticast mode
[  562.656839][T13159] bridge_slave_0: entered promiscuous mode
[  562.665788][T13159] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.673641][T13159] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.680954][T13159] bridge_slave_1: entered allmulticast mode
[  562.688446][T13159] bridge_slave_1: entered promiscuous mode
[  562.711287][ T1794] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  562.762618][ T2870] IPVS: stop unused estimator thread 0...
[  562.810507][T13159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  562.843529][T11032] Bluetooth: hci5: command tx timeout
[  562.844371][T13159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  562.898704][ T1794] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  562.908760][ T1794] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  562.934413][ T1794] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  562.943880][ T1794] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.961184][ T1794] usb 5-1: Product: syz
[  562.970365][ T1794] usb 5-1: Manufacturer: syz
[  562.980177][T13159] team0: Port device team_slave_0 added
[  562.981280][ T1794] usb 5-1: SerialNumber: syz
[  563.002231][ T1794] usb 5-1: config 0 descriptor??
[  563.007822][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  563.014428][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  563.021096][T13186] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  563.024820][T13159] team0: Port device team_slave_1 added
[  563.047350][T13186] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  563.147716][T13159] batman_adv: batadv0: Adding interface: batadv_slave_0
[  563.169958][T13159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  563.231364][T13159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  563.264198][T13159] batman_adv: batadv0: Adding interface: batadv_slave_1
[  563.281217][T13159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  563.309229][T13186] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  563.331403][T13186] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  563.358228][T13159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  563.487210][T13159] hsr_slave_0: entered promiscuous mode
[  563.505138][T13159] hsr_slave_1: entered promiscuous mode
[  563.524960][T13159] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  563.541155][T13159] Cannot create hsr debugfs directory
[  563.743359][ T1794] Error reading MAC address
[  563.756576][ T1794] usb 5-1: USB disconnect, device number 19
[  564.622766][T11032] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  564.637918][T11032] Bluetooth: hci0: Injecting HCI hardware error event
[  564.665383][T11032] Bluetooth: hci0: hardware error 0x00
[  564.926830][ T5108] Bluetooth: hci5: command tx timeout
[  564.963007][T13159] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  564.995860][T13159] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  565.028281][T13159] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  565.059758][T13159] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  565.278167][T13159] 8021q: adding VLAN 0 to HW filter on device bond0
[  565.335454][T13159] 8021q: adding VLAN 0 to HW filter on device team0
[  565.370455][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.377670][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  565.415462][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.422693][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  565.828292][T13159] 8021q: adding VLAN 0 to HW filter on device batadv0
[  565.964440][T13159] veth0_vlan: entered promiscuous mode
[  566.085160][T13159] veth1_vlan: entered promiscuous mode
[  566.180483][T13159] veth0_macvtap: entered promiscuous mode
[  566.224462][T13159] veth1_macvtap: entered promiscuous mode
[  566.275228][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.300744][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.327836][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.348724][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.368815][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.391187][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.413729][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.436464][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.461171][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.481153][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.502365][T13159] batman_adv: batadv0: Interface activated: batadv_slave_0
[  566.531012][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.557056][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.586596][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.609856][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.632801][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.648066][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.660609][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.674431][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.685609][T13159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.699340][T13159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.711933][T13159] batman_adv: batadv0: Interface activated: batadv_slave_1
[  566.728423][T13159] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  566.738194][T13159] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  566.750076][T13159] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  566.785525][T13159] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  566.864479][T11032] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  567.012860][T11032] Bluetooth: hci5: command tx timeout
[  567.455619][T12782] EXT4-fs error: 9 callbacks suppressed
[  567.455642][T12782] EXT4-fs error (device loop0): ext4_lookup:1807: inode #19: comm syz-executor: 'file1' linked to parent dir
[  567.509498][T12782] EXT4-fs error (device loop0): ext4_lookup:1807: inode #19: comm syz-executor: 'file1' linked to parent dir
[  567.580985][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  567.618048][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  567.819022][ T2870] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  567.999563][T13252] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1935'.
[  568.200165][ T2870] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  568.465059][T12782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  568.507636][ T2887] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.587600][ T2887] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.638596][T13257] loop4: detected capacity change from 0 to 512
[  568.702803][ T2887] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.735381][T13257] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  568.767164][T13257] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  568.809042][ T2887] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  569.155167][T13264] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.1937: corrupted inode contents
[  569.168489][T11032] Bluetooth: hci5: command tx timeout
[  569.214578][T13264] EXT4-fs error (device loop4): ext4_dirty_inode:6014: inode #2: comm syz.4.1937: mark_inode_dirty error
[  569.230614][T13264] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.1937: corrupted inode contents
[  569.261291][T13264] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.1937: mark_inode_dirty error
[  569.562332][ T2887] bridge_slave_1: left allmulticast mode
[  569.607802][T12107] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  569.622311][ T2887] bridge_slave_1: left promiscuous mode
[  569.628183][ T2887] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.648480][T13249] loop2: detected capacity change from 0 to 40427
[  569.672987][ T2887] bridge_slave_0: left allmulticast mode
[  569.680139][ T2887] bridge_slave_0: left promiscuous mode
[  569.686205][ T2887] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.715532][T13249] F2FS-fs (loop2): invalid crc value
[  570.423544][T13249] F2FS-fs (loop2): Found nat_bits in checkpoint
[  570.733691][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  570.741209][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  570.748723][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  570.756979][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  570.765408][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  570.815205][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  570.942933][T13278] loop4: detected capacity change from 0 to 128
[  571.446179][ T2887] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  571.461290][ T5127] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  571.482585][ T2887] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  571.502541][ T2887] bond0 (unregistering): Released all slaves
[  571.672749][ T5127] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  571.728794][ T5127] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  571.746055][ T5127] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[  571.758406][ T5127] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  571.777650][ T5127] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  571.787082][ T5127] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  571.797205][ T5127] usb 2-1: SerialNumber: syz
[  571.957066][T13288] loop4: detected capacity change from 0 to 16
[  572.015419][T13288] erofs: (device loop4): mounted with root inode @ nid 36.
[  572.090748][ T2887] hsr_slave_0: left promiscuous mode
[  572.097000][ T5127] usb 2-1: 0:2 : does not exist
[  572.102082][ T5127] usb 2-1: unit 5 not found!
[  572.120880][ T5127] usb 2-1: USB disconnect, device number 25
[  572.142960][ T2887] hsr_slave_1: left promiscuous mode
[  572.157636][ T2887] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  572.167401][ T2887] batman_adv: batadv0: Removing interface: batadv_slave_0
[  572.180262][ T2887] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  572.190997][ T2887] batman_adv: batadv0: Removing interface: batadv_slave_1
[  572.239640][ T2887] veth1_macvtap: left promiscuous mode
[  572.258630][ T2887] veth0_macvtap: left promiscuous mode
[  572.267647][ T2887] veth1_vlan: left promiscuous mode
[  572.273405][ T2887] veth0_vlan: left promiscuous mode
[  572.787119][ T2887] team0 (unregistering): Port device team_slave_1 removed
[  572.841239][   T54] Bluetooth: hci0: command tx timeout
[  572.842471][ T2887] team0 (unregistering): Port device team_slave_0 removed
[  573.253776][T11032] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  573.261005][T11032] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  573.268427][T11032] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  573.277236][T11032] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  573.341446][T11032] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  573.348771][T11032] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  573.629411][T13274] chnl_net:caif_netlink_parms(): no params data found
[  573.777044][T13300] chnl_net:caif_netlink_parms(): no params data found
[  573.817617][T13305] loop2: detected capacity change from 0 to 4096
[  573.856901][T13305] NILFS (loop2): invalid segment: Checksum error in segment payload
[  573.896497][T13305] NILFS (loop2): trying rollback from an earlier position
[  573.971336][T13305] NILFS (loop2): recovery complete
[  574.007332][T13314] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  574.283141][T13300] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.301076][T13300] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.330780][T13300] bridge_slave_0: entered allmulticast mode
[  574.425323][ T5156] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  574.428796][T13300] bridge_slave_0: entered promiscuous mode
[  574.456315][T13274] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.471202][T13274] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.478591][T13274] bridge_slave_0: entered allmulticast mode
[  574.503208][T13274] bridge_slave_0: entered promiscuous mode
[  574.542431][T13300] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.560733][T13300] bridge0: port 2(bridge_slave_1) entered disabled state
[  574.590673][T13300] bridge_slave_1: entered allmulticast mode
[  574.616406][T13300] bridge_slave_1: entered promiscuous mode
[  574.631298][ T5156] usb 2-1: Using ep0 maxpacket: 8
[  574.646044][ T5156] usb 2-1: config 135 has an invalid interface number: 230 but max is 0
[  574.664858][ T5156] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  574.676313][ T5156] usb 2-1: config 135 has no interface number 0
[  574.690750][T13274] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.700565][T13274] bridge0: port 2(bridge_slave_1) entered disabled state
[  574.707730][ T5156] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  574.730554][T13274] bridge_slave_1: entered allmulticast mode
[  574.756302][ T5156] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  574.765842][T13274] bridge_slave_1: entered promiscuous mode
[  574.771960][ T5156] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.793097][ T5156] usb 2-1: Product: syz
[  574.810130][ T5156] usb 2-1: Manufacturer: syz
[  574.818451][ T5156] usb 2-1: SerialNumber: syz
[  574.837056][ T5156] usb 2-1: Found UVC 0.00 device syz (18ec:3288)
[  574.874442][ T5156] usb 2-1: No valid video chain found.
[  574.886690][T13274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  574.924578][T13330] loop4: detected capacity change from 0 to 512
[  574.931513][T11032] Bluetooth: hci0: command tx timeout
[  574.943817][T13300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  574.959411][T13300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  574.974070][T13274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  574.989315][T13330] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  575.007696][T13330] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  575.066112][ T5156] usb 2-1: USB disconnect, device number 26
[  575.099899][T13274] team0: Port device team_slave_0 added
[  575.300849][T13274] team0: Port device team_slave_1 added
[  575.321072][T13335] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.1953: corrupted inode contents
[  575.337598][T13335] EXT4-fs error (device loop4): ext4_dirty_inode:6014: inode #2: comm syz.4.1953: mark_inode_dirty error
[  575.351668][T13335] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.1953: corrupted inode contents
[  575.366179][T13335] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.1953: mark_inode_dirty error
[  575.408893][T13300] team0: Port device team_slave_0 added
[  575.415359][T11032] Bluetooth: hci7: command tx timeout
[  575.947828][T12107] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.981010][T13300] team0: Port device team_slave_1 added
[  576.026719][T13274] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.054673][T13274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.090245][T13337] loop4: detected capacity change from 0 to 1024
[  576.098099][T13274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.123470][T13274] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.130585][T13274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.199848][T13274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.363953][T13300] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.370933][T13300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.431180][T13300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.464497][T13300] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.483689][T13300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.544641][T13300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.607541][ T2853] hfsplus: b-tree write err: -5, ino 4
[  576.639585][T13274] hsr_slave_0: entered promiscuous mode
[  576.647812][T13274] hsr_slave_1: entered promiscuous mode
[  576.659317][T13274] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  576.667029][T13274] Cannot create hsr debugfs directory
[  577.002457][T11032] Bluetooth: hci0: command tx timeout
[  577.228276][T13347] tipc: Started in network mode
[  577.235068][T13347] tipc: Node identity 7, cluster identity 4711
[  577.245543][T13347] tipc: Node number set to 7
[  577.327154][T13300] hsr_slave_0: entered promiscuous mode
[  577.343068][T13300] hsr_slave_1: entered promiscuous mode
[  577.357124][T13300] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  577.372517][T13300] Cannot create hsr debugfs directory
[  577.491363][T11032] Bluetooth: hci7: command tx timeout
[  578.455238][T13366] loop4: detected capacity change from 0 to 2048
[  578.575806][T13366] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  578.608276][T13366] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  578.754675][   T29] kauditd_printk_skb: 17 callbacks suppressed
[  578.757929][   T29] audit: type=1800 audit(1721001341.691:2820): pid=13366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1963" name="file1" dev="loop4" ino=1346 res=0 errno=0
[  578.798449][T13368] loop2: detected capacity change from 0 to 128
[  578.837569][T13368] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  578.873717][T13368] ext4 filesystem being mounted at /108/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  579.081345][T11032] Bluetooth: hci0: command tx timeout
[  579.082416][T11346] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  579.329118][T13274] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  579.344430][T13274] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  579.358199][T13274] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  579.379309][T13274] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  579.386390][ T5156] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  579.499051][T13383] bridge_slave_0: left allmulticast mode
[  579.505369][T13383] bridge_slave_0: left promiscuous mode
[  579.511405][T13383] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.534817][T13383] bridge_slave_1: left allmulticast mode
[  579.542203][T13383] bridge_slave_1: left promiscuous mode
[  579.547999][T13383] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.562975][T11032] Bluetooth: hci7: command tx timeout
[  579.579315][T13383] bond0: (slave bond_slave_0): Releasing backup interface
[  579.588082][ T5156] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  579.603015][T13383] bond0: (slave bond_slave_1): Releasing backup interface
[  579.613471][ T5156] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.650015][ T5156] usb 5-1: config 0 descriptor??
[  579.660296][T13383] team0: Port device team_slave_0 removed
[  579.662976][ T5156] cp210x 5-1:0.0: cp210x converter detected
[  579.725367][T13383] team0: Port device team_slave_1 removed
[  579.764100][T13383] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  579.796358][T13383] batman_adv: batadv0: Removing interface: batadv_slave_0
[  579.842445][T13383] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  579.864063][T13383] batman_adv: batadv0: Removing interface: batadv_slave_1
[  580.044388][T13384] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.165165][T13384] team0: Port device bond0 added
[  580.536808][ T5156] usb 5-1: cp210x converter now attached to ttyUSB0
[  580.547124][ T5156] usb 5-1: USB disconnect, device number 20
[  580.562196][ T5156] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  580.583155][ T5156] cp210x 5-1:0.0: device disconnected
[  580.667456][T13300] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  580.717034][T13300] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  580.747582][T13300] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  580.759528][T13394] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.1971'.
[  580.787699][T13274] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.803447][T13300] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  580.870212][T13274] 8021q: adding VLAN 0 to HW filter on device team0
[  581.476252][ T1794] bridge0: port 1(bridge_slave_0) entered blocking state
[  581.483498][ T1794] bridge0: port 1(bridge_slave_0) entered forwarding state
[  581.565470][   T46] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  581.604260][ T1794] bridge0: port 2(bridge_slave_1) entered blocking state
[  581.611498][ T1794] bridge0: port 2(bridge_slave_1) entered forwarding state
[  581.641715][T11032] Bluetooth: hci7: command tx timeout
[  581.781590][   T46] usb 3-1: Using ep0 maxpacket: 32
[  581.796850][   T46] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=ba.e3
[  581.821798][   T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.837039][T13274] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  581.854876][   T46] usb 3-1: Product: syz
[  581.885193][   T46] usb 3-1: Manufacturer: syz
[  581.889845][   T46] usb 3-1: SerialNumber: syz
[  581.946519][   T46] usb 3-1: config 0 descriptor??
[  582.006806][T13300] 8021q: adding VLAN 0 to HW filter on device bond0
[  582.041108][T13300] 8021q: adding VLAN 0 to HW filter on device team0
[  582.096030][ T5127] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.103245][ T5127] bridge0: port 1(bridge_slave_0) entered forwarding state
[  582.192275][   T46] f81534a_ctrl 3-1:0.0: failed to set register 0x116: -5
[  582.206088][   T46] f81534a_ctrl 3-1:0.0: failed to enable ports: -5
[  582.214568][   T46] f81534a_ctrl 3-1:0.0: probe with driver f81534a_ctrl failed with error -5
[  582.234056][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.241240][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  582.243364][   T46] usb 3-1: USB disconnect, device number 24
[  582.351327][ T1794] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  582.393236][T13274] 8021q: adding VLAN 0 to HW filter on device batadv0
[  582.482964][T13274] veth0_vlan: entered promiscuous mode
[  582.509771][T13274] veth1_vlan: entered promiscuous mode
[  582.563431][ T1794] usb 2-1: config 0 has an invalid interface number: 4 but max is 0
[  582.580877][T13274] veth0_macvtap: entered promiscuous mode
[  582.595796][ T1794] usb 2-1: config 0 has no interface number 0
[  582.603476][ T1794] usb 2-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  582.626842][T13274] veth1_macvtap: entered promiscuous mode
[  582.636995][ T1794] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.666002][ T1794] usb 2-1: config 0 descriptor??
[  582.677506][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.698315][ T1794] usb 2-1: can't set first interface for hiFace device.
[  582.707606][ T1794] snd-usb-hiface 2-1:0.4: probe with driver snd-usb-hiface failed with error -5
[  582.730653][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.766278][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.789473][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.801305][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.812030][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.822535][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  582.836414][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.850162][T13274] batman_adv: batadv0: Interface activated: batadv_slave_0
[  582.875724][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.887288][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.904846][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  582.918320][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  582.940400][   T25] usb 2-1: USB disconnect, device number 27
[  582.957502][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.035217][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.045184][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  583.055834][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  583.067299][T13274] batman_adv: batadv0: Interface activated: batadv_slave_1
[  583.196093][T13431] Bluetooth: MGMT ver 1.23
[  583.465878][T13274] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  583.572712][T13274] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  583.581600][T13274] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  583.590333][T13274] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  583.630371][T13300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  583.797357][ T2800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  583.841658][ T2800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  583.902961][T13300] veth0_vlan: entered promiscuous mode
[  583.960218][T13435] bridge_slave_0: left allmulticast mode
[  583.977063][T13435] bridge_slave_0: left promiscuous mode
[  584.008000][T13435] bridge0: port 1(bridge_slave_0) entered disabled state
[  584.062859][T13435] bridge_slave_1: left allmulticast mode
[  584.068573][T13435] bridge_slave_1: left promiscuous mode
[  584.073965][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  584.116373][T13435] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.202555][ T1149] IPVS: starting estimator thread 0...
[  584.220557][T13435] bond0: (slave bond_slave_0): Releasing backup interface
[  584.301370][T13445] IPVS: using max 38 ests per chain, 91200 per kthread
[  584.360888][T13435] bond0: (slave bond_slave_1): Releasing backup interface
[  584.410908][T13435] team0: Port device team_slave_0 removed
[  584.459431][T13435] team0: Port device team_slave_1 removed
[  584.472059][T13435] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  584.511225][T13435] batman_adv: batadv0: Removing interface: batadv_slave_0
[  584.523030][T13435] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  584.532363][T13435] batman_adv: batadv0: Removing interface: batadv_slave_1
[  584.631856][T13438] 8021q: adding VLAN 0 to HW filter on device bond0
[  584.669454][T13438] team0: Port device bond0 added
[  584.748541][  T952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  584.748786][T13451] loop2: detected capacity change from 0 to 4096
[  584.765253][T13300] veth1_vlan: entered promiscuous mode
[  584.778720][  T952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  584.908407][T13300] veth0_macvtap: entered promiscuous mode
[  584.926132][T13452] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  584.964306][T13300] veth1_macvtap: entered promiscuous mode
[  585.112497][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.160959][T13460] IPVS: length: 8 != 2848020160
[  585.167405][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.176754][T13454] loop4: detected capacity change from 0 to 4096
[  585.191931][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.245025][T13454] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  585.254158][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.254203][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.254220][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.254238][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  585.254252][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.258260][T13300] batman_adv: batadv0: Interface activated: batadv_slave_0
[  585.389838][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  585.413253][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.473118][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  585.509019][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.537420][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  585.567093][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.588193][T13300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  585.601206][T13300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  585.617198][T13300] batman_adv: batadv0: Interface activated: batadv_slave_1
[  585.637445][T13469] program syz.1.1987 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  585.659613][T13300] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  585.830827][T13300] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  586.303302][T13300] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  586.333522][T13300] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  586.497716][ T2887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.535309][ T2887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.613050][ T2840] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.627301][ T2840] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.863551][   T46] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  587.082591][T13481] loop0: detected capacity change from 0 to 4096
[  587.249753][T13488] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1947'.
[  587.982895][   T46] usb 3-1: config 0 has an invalid interface number: 4 but max is 0
[  588.031170][   T46] usb 3-1: config 0 has no interface number 0
[  588.054898][   T46] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  588.125818][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.172568][   T46] usb 3-1: config 0 descriptor??
[  588.183286][T13496] program syz.1.1994 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  588.200170][   T46] usb 3-1: can't set first interface for hiFace device.
[  588.215405][   T46] snd-usb-hiface 3-1:0.4: probe with driver snd-usb-hiface failed with error -5
[  588.237455][   T29] audit: type=1326 audit(1721001351.161:2821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.276684][   T29] audit: type=1326 audit(1721001351.201:2822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.303399][   T29] audit: type=1326 audit(1721001351.211:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.332605][   T29] audit: type=1326 audit(1721001351.211:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.358345][   T29] audit: type=1326 audit(1721001351.211:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.425641][   T29] audit: type=1326 audit(1721001351.211:2826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.460012][T13502] loop4: detected capacity change from 0 to 512
[  588.462816][   T29] audit: type=1326 audit(1721001351.211:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.490920][   T46] usb 3-1: USB disconnect, device number 25
[  588.878461][   T29] audit: type=1326 audit(1721001351.211:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.931810][   T29] audit: type=1326 audit(1721001351.211:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  588.956075][   T29] audit: type=1326 audit(1721001351.211:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.3.1995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  589.011595][T13502] EXT4-fs (loop4): filesystem is read-only
[  589.021311][T13502] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  589.166089][T13502] EXT4-fs (loop4): filesystem is read-only
[  589.191240][T13502] EXT4-fs (loop4): orphan cleanup on readonly fs
[  589.202968][T13502] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1993: bg 0: block 64: padding at end of block bitmap is not set
[  589.241616][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  589.340593][T13502] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  589.384204][T13502] EXT4-fs (loop4): 1 orphan inode deleted
[  589.415796][T13502] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  591.458384][T13538] netlink: 'syz.2.2005': attribute type 10 has an invalid length.
[  591.480565][T13538] batman_adv: batadv0: Adding interface: team0
[  591.486781][T13538] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  591.513225][T13538] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  591.545599][T13536] loop0: detected capacity change from 0 to 2048
[  591.562050][T13536] udf: Unknown parameter 'adinic�#�9Kb'
[  591.657947][T13540] loop2: detected capacity change from 0 to 2048
[  591.734479][T13540] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  591.899326][T13540] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh
[  592.344788][T13545] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh
[  592.685327][T13547] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2008'.
[  593.269028][T13564] 8021q: adding VLAN 0 to HW filter on device bond0
[  593.319645][T13564] team0: Port device bond0 added
[  593.334429][T13536] loop0: detected capacity change from 0 to 32768
[  593.438939][T13536] ERROR: (device loop0): diAllocBit: iag inconsistent
[  593.438939][T13536] 
[  593.494282][T13536] ialloc: diAlloc returned -5!
[  593.668713][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  594.626072][T13581] 8021q: adding VLAN 0 to HW filter on device bond0
[  594.642349][T13581] team0: Port device bond0 added
[  595.030258][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  595.030272][   T29] audit: type=1326 audit(1721001357.961:2865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.105775][   T29] audit: type=1326 audit(1721001357.991:2866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.199425][   T29] audit: type=1326 audit(1721001358.001:2867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.309871][   T29] audit: type=1326 audit(1721001358.001:2868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.384004][   T29] audit: type=1326 audit(1721001358.001:2869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.459753][   T29] audit: type=1326 audit(1721001358.121:2870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.527234][   T29] audit: type=1326 audit(1721001358.121:2871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.605907][   T29] audit: type=1326 audit(1721001358.121:2872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.670567][   T29] audit: type=1326 audit(1721001358.131:2873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  595.875619][   T29] audit: type=1326 audit(1721001358.131:2874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13585 comm="syz.3.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53fd375bd9 code=0x7ffc0000
[  596.621368][ T5127] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  596.831322][ T5127] usb 2-1: Using ep0 maxpacket: 16
[  596.846754][ T5127] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  596.880914][ T5127] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  596.918514][ T5127] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.952282][ T5127] usb 2-1: config 0 descriptor??
[  597.471307][ T1794] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  597.773439][ T1794] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  597.791191][ T1794] usb 4-1: config 0 has no interface number 0
[  597.798423][ T1794] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  597.807918][ T1794] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.817938][ T1794] usb 4-1: config 0 descriptor??
[  597.826136][ T1794] usb 4-1: can't set first interface for hiFace device.
[  597.833284][ T1794] snd-usb-hiface 4-1:0.4: probe with driver snd-usb-hiface failed with error -5
[  597.895830][T13623] loop0: detected capacity change from 0 to 164
[  598.026701][T13623] Unable to read rock-ridge attributes
[  598.145007][T13619] loop2: detected capacity change from 0 to 40427
[  598.179661][ T1794] usb 4-1: USB disconnect, device number 26
[  598.206254][T13619] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  598.229931][T13619] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  598.390333][T13623] xt_hashlimit: invalid rate
[  598.589558][T13619] F2FS-fs (loop2): invalid crc value
[  598.706691][T13619] F2FS-fs (loop2): Found nat_bits in checkpoint
[  598.861447][T13619] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  598.876908][T13619] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  599.002388][T11346] syz-executor: attempt to access beyond end of device
[  599.002388][T11346] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  599.043961][T11346] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  599.343796][   T54] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  599.351455][   T54] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  599.358867][   T54] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  599.376152][   T54] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  599.391854][   T54] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  599.399150][   T54] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  599.532140][ T5127] usbhid 2-1:0.0: can't add hid device: -71
[  599.538290][ T5127] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  599.635559][ T5127] usb 2-1: USB disconnect, device number 28
[  599.769342][T13638] loop3: detected capacity change from 0 to 164
[  599.854349][T13637] ɶƣ0GC�!: entered promiscuous mode
[  599.868537][T13638] syz.3.2035: attempt to access beyond end of device
[  599.868537][T13638] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  599.964136][T13638] syz.3.2035: attempt to access beyond end of device
[  599.964136][T13638] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  599.994108][T13630] chnl_net:caif_netlink_parms(): no params data found
[  600.072215][   T29] kauditd_printk_skb: 17 callbacks suppressed
[  600.072236][   T29] audit: type=1326 audit(1721001362.941:2893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  600.152730][T13651] FAULT_INJECTION: forcing a failure.
[  600.152730][T13651] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  600.166997][T13652] iso9660: Corrupted directory entry in block 4 of inode 1792
[  600.191915][T13637] syz.3.2035: attempt to access beyond end of device
[  600.191915][T13637] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  600.651512][T13651] CPU: 1 UID: 0 PID: 13651 Comm: syz.2.2033 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  600.654986][   T29] audit: type=1326 audit(1721001363.081:2894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  600.661778][T13651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  600.661794][T13651] Call Trace:
[  600.661804][T13651]  <TASK>
[  600.661814][T13651]  dump_stack_lvl+0x241/0x360
[  600.661852][T13651]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.661882][T13651]  ? __pfx__printk+0x10/0x10
[  600.661916][T13651]  should_fail_ex+0x3b0/0x4e0
[  600.702932][T13637] syz.3.2035: attempt to access beyond end of device
[  600.702932][T13637] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  600.705231][T13651]  prepare_alloc_pages+0x1da/0x5d0
[  600.738179][T13651]  __alloc_pages_noprof+0x166/0x6c0
[  600.743400][T13651]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  600.749128][T13651]  ? rcu_is_watching+0x15/0xb0
[  600.753900][T13651]  ? __pfx_lock_release+0x10/0x10
[  600.758939][T13651]  alloc_pages_mpol_noprof+0x3e8/0x680
[  600.764404][T13651]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  600.770389][T13651]  ? rcu_is_watching+0x15/0xb0
[  600.775167][T13651]  vma_alloc_folio_noprof+0x12e/0x230
[  600.780569][T13651]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  600.786468][T13651]  ? __pfx_pte_offset_map_nolock+0x10/0x10
[  600.792282][T13651]  ? do_raw_spin_unlock+0x13c/0x8b0
[  600.797509][T13651]  folio_prealloc+0x31/0x170
[  600.802105][T13651]  handle_pte_fault+0x252d/0x6eb0
[  600.807138][T13651]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[  600.812867][T13651]  ? rcu_is_watching+0x15/0xb0
[  600.817628][T13651]  ? __pfx_handle_pte_fault+0x10/0x10
[  600.823006][T13651]  ? memcg_rstat_updated+0x7b/0x2f0
[  600.828214][T13651]  ? __pfx_lock_release+0x10/0x10
[  600.833247][T13651]  ? __count_memcg_events+0x190/0x2a0
[  600.838635][T13651]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  600.844977][T13651]  ? rcu_is_watching+0x15/0xb0
[  600.849740][T13651]  ? lock_acquire+0xe3/0x550
[  600.854340][T13651]  ? __pfx_lock_acquire+0x10/0x10
[  600.859376][T13651]  handle_mm_fault+0xff1/0x19a0
[  600.864242][T13651]  ? __pfx_handle_mm_fault+0x10/0x10
[  600.869550][T13651]  ? lock_vma_under_rcu+0x592/0x6e0
[  600.874772][T13651]  ? rcu_is_watching+0x15/0xb0
[  600.879536][T13651]  exc_page_fault+0x459/0x8c0
[  600.884222][T13651]  asm_exc_page_fault+0x26/0x30
[  600.889092][T13651] RIP: 0033:0x7fa3a7c3b453
[  600.893507][T13651] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  600.913117][T13651] RSP: 002b:00007fa3a8c124b0 EFLAGS: 00010206
[  600.919246][T13651] RAX: 0000000000010000 RBX: 00007fa3a8c12550 RCX: 00007fa39da00000
[  600.927344][T13651] RDX: 00007fa3a8c126f0 RSI: 0000000000000051 RDI: 00007fa3a8c125f0
[  600.935353][T13651] RBP: 0000000000000050 R08: 0000000000000009 R09: 000000000000019c
[  600.943333][T13651] R10: 00000000000001c0 R11: 00007fa3a8c12550 R12: 0000000000000001
[  600.951306][T13651] R13: 00007fa3a7df5f80 R14: 0000000000000009 R15: 00007fa3a8c125f0
[  600.959313][T13651]  </TASK>
[  600.971634][T13651] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  601.049245][T13637] syz.3.2035: attempt to access beyond end of device
[  601.049245][T13637] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  601.081570][   T29] audit: type=1326 audit(1721001363.081:2895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  601.096162][T13651] loop2: detected capacity change from 0 to 2048
[  601.154279][T13630] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.174265][   T29] audit: type=1326 audit(1721001363.081:2896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  601.208113][T13630] bridge0: port 1(bridge_slave_0) entered disabled state
[  601.232014][T13630] bridge_slave_0: entered allmulticast mode
[  601.238914][T13630] bridge_slave_0: entered promiscuous mode
[  601.270336][T13637] syz.3.2035: attempt to access beyond end of device
[  601.270336][T13637] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  601.286568][T13638] syz.3.2035: attempt to access beyond end of device
[  601.286568][T13638] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  601.294188][   T29] audit: type=1326 audit(1721001363.081:2897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  601.338564][T13651] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  601.356812][T13630] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.372145][T13630] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.405773][T13638] syz.3.2035: attempt to access beyond end of device
[  601.405773][T13638] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  601.441452][T13630] bridge_slave_1: entered allmulticast mode
[  601.448768][T13630] bridge_slave_1: entered promiscuous mode
[  601.476246][   T29] audit: type=1326 audit(1721001363.081:2898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  601.511228][   T54] Bluetooth: hci8: command tx timeout
[  601.532439][T13637] syz.3.2035: attempt to access beyond end of device
[  601.532439][T13637] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  601.659595][   T29] audit: type=1326 audit(1721001363.081:2899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  601.762939][T13630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.814861][   T29] audit: type=1800 audit(1721001362.921:2878): pid=13638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2035" name="file0" dev="loop3" ino=1862 res=0 errno=0
[  601.820342][T13630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  601.901306][   T29] audit: type=1326 audit(1721001363.911:2900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  602.014933][   T29] audit: type=1326 audit(1721001363.911:2901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13645 comm="syz.0.2038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89fa975bd9 code=0x7ffc0000
[  602.060232][T13630] team0: Port device team_slave_0 added
[  602.099996][T13630] team0: Port device team_slave_1 added
[  602.263982][T13630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  602.841516][T13630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.867646][T13630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  602.881676][T13630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  602.888693][T13630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.919853][T13630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  602.997760][T13630] hsr_slave_0: entered promiscuous mode
[  603.009081][T13630] hsr_slave_1: entered promiscuous mode
[  603.019943][T13630] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  603.033031][T13630] Cannot create hsr debugfs directory
[  603.481249][ T1794] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  603.501835][T13630] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.582070][   T54] Bluetooth: hci8: command tx timeout
[  603.718006][ T1794] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  603.733019][T13666] loop0: detected capacity change from 0 to 40427
[  603.754994][ T1794] usb 4-1: config 0 has no interface number 0
[  603.775285][T13630] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.783759][T13666] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  603.826700][ T1794] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  603.904746][T13666] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  603.946076][ T1794] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.140980][ T1794] usb 4-1: config 0 descriptor??
[  604.147698][T13666] F2FS-fs (loop0): invalid crc value
[  604.259341][T13630] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.277301][T13666] F2FS-fs (loop0): Found nat_bits in checkpoint
[  604.278287][ T1794] usb 4-1: can't set first interface for hiFace device.
[  604.329239][ T1794] snd-usb-hiface 4-1:0.4: probe with driver snd-usb-hiface failed with error -5
[  604.383982][T13630] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.456343][T13666] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  604.477925][T13666] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  604.563083][ T1794] usb 4-1: USB disconnect, device number 27
[  604.585128][T13274] syz-executor: attempt to access beyond end of device
[  604.585128][T13274] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  604.626300][T13274] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  604.648548][T13630] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  604.666790][T13630] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  604.694467][T13630] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  604.741222][T13630] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  604.808507][T13685] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2049'.
[  605.035454][T13630] 8021q: adding VLAN 0 to HW filter on device bond0
[  605.095711][T13630] 8021q: adding VLAN 0 to HW filter on device team0
[  605.155443][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[  605.162631][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  605.193822][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  605.201033][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  605.262994][    C0] eth0: bad gso: type: 1, size: 1408
[  605.271738][T13692] netlink: 'syz.2.2049': attribute type 21 has an invalid length.
[  605.288699][T13692] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2049'.
[  605.301311][T13692] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2049'.
[  605.553204][ T1794] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  605.641265][   T54] Bluetooth: hci8: command tx timeout
[  605.761328][ T1794] usb 3-1: Using ep0 maxpacket: 32
[  605.770678][ T1794] usb 3-1: descriptor type invalid, skip
[  605.799935][ T1794] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  605.847469][ T1794] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  605.865784][ T1794] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.886119][ T1794] usb 3-1: Product: syz
[  605.894594][ T1794] usb 3-1: Manufacturer: syz
[  605.906453][ T1794] usb 3-1: SerialNumber: syz
[  605.942961][ T1794] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  605.964176][T13630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  606.151267][   T46] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  606.331357][T13685] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2049'.
[  606.351792][   T46] usb 1-1: Using ep0 maxpacket: 32
[  606.397402][   T46] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  606.411588][   T46] usb 1-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xED, changing to 0x8D
[  606.444801][   T46] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  606.468346][T12641] usb 3-1: USB disconnect, device number 26
[  606.471197][   T46] usb 1-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  606.513184][   T46] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  606.527187][T13630] veth0_vlan: entered promiscuous mode
[  606.545355][   T46] usb 1-1: New USB device found, idVendor=1266, idProduct=1006, bcdDevice=bc.a8
[  606.569778][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.574064][T13630] veth1_vlan: entered promiscuous mode
[  606.597402][   T46] option 1-1:4.0: GSM modem (1-port) converter detected
[  606.706745][T13630] veth0_macvtap: entered promiscuous mode
[  606.723921][T13630] veth1_macvtap: entered promiscuous mode
[  606.737385][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  606.892988][   T46] usb 1-1: USB disconnect, device number 31
[  606.908154][   T46] option 1-1:4.0: device disconnected
[  607.402516][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.435491][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.453712][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.468399][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.488426][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.540640][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.571421][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.583797][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.660411][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.671190][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.685046][T13630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  607.697309][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.701288][T12641] IPVS: starting estimator thread 0...
[  607.708058][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.724098][   T54] Bluetooth: hci8: command tx timeout
[  607.730837][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.734692][    C0] eth0: bad gso: type: 1, size: 1408
[  607.741554][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.756738][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.768123][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.778237][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.830164][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.844822][T13630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.855541][T13630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.881544][T13725] IPVS: using max 35 ests per chain, 84000 per kthread
[  607.910922][T13630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  607.968473][T13730] team0: Port device bond0 removed
[  607.987985][T13730] bridge_slave_0: left allmulticast mode
[  608.027006][T13730] bridge_slave_0: left promiscuous mode
[  608.044185][T13730] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.073629][T13730] bridge_slave_1: left allmulticast mode
[  608.090587][T13730] bridge_slave_1: left promiscuous mode
[  608.116545][T13730] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.172105][T13730] bond0: (slave bond_slave_0): Releasing backup interface
[  608.208312][T13730] bond0: (slave bond_slave_1): Releasing backup interface
[  608.314765][T13730] team0: Port device team_slave_0 removed
[  608.364394][T13730] team0: Port device team_slave_1 removed
[  608.386864][T13730] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  608.412839][T13730] batman_adv: batadv0: Removing interface: batadv_slave_0
[  608.485606][T13730] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  608.521835][T13730] batman_adv: batadv0: Removing interface: batadv_slave_1
[  608.938270][T13630] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  608.956884][T13630] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  608.974524][T13630] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  608.993865][T13630] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  609.240352][T13748] loop0: detected capacity change from 0 to 512
[  609.246898][ T2840] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  609.246922][ T2840] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  609.307976][T13748] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000079f)
[  609.331420][T13748] FAT-fs (loop0): Filesystem has been set read-only
[  609.501659][ T2870] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  609.540044][ T2870] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  609.631797][T12641] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  609.835355][T12641] usb 1-1: Using ep0 maxpacket: 16
[  609.848307][T12641] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  609.875130][T13742] loop2: detected capacity change from 0 to 32768
[  609.887626][T12641] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  609.901405][ T1149] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  609.960037][T12641] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  609.980817][T12641] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.007482][T13742] find_entry called with index = 0
[  610.023442][T12641] usb 1-1: Product: syz
[  610.028087][T13742] read_mapping_page failed!
[  610.041711][T12641] usb 1-1: Manufacturer: 㬵Ē@麶ۇ뗾琞⺥
[  610.047836][T12641] usb 1-1: SerialNumber: syz
[  610.069610][T13742] ERROR: (device loop2): txCommit: 
[  610.069610][T13742] 
[  610.100616][T13742] ERROR: (device loop2): diFree: numfree > numinos
[  610.100616][T13742] 
[  610.119700][ T1149] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  610.161570][ T1149] usb 2-1: config 0 interface 0 has no altsetting 0
[  610.192973][ T1149] usb 2-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[  610.249787][ T1149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.305584][ T1149] usb 2-1: config 0 descriptor??
[  610.354650][ T1149] usb 2-1: selecting invalid altsetting 0
[  610.680703][T12641] cdc_ncm 1-1:1.0: bind() failure
[  610.709935][T12641] usb 1-1: USB disconnect, device number 32
[  611.011736][ T1149] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  611.202061][ T1149] usb 3-1: Using ep0 maxpacket: 32
[  611.249265][ T1149] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  611.277050][ T1149] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xED, changing to 0x8D
[  611.300798][ T1149] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  611.331165][ T1149] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  611.354516][ T1149] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  611.364805][T13769] loop0: detected capacity change from 0 to 2048
[  611.378504][ T1149] usb 3-1: New USB device found, idVendor=1266, idProduct=1006, bcdDevice=bc.a8
[  611.391186][ T1149] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.414345][ T1149] option 3-1:4.0: GSM modem (1-port) converter detected
[  611.623559][    T8] usb 3-1: USB disconnect, device number 27
[  611.644515][    T8] option 3-1:4.0: device disconnected
[  611.695122][T13780] bridge_slave_0: left allmulticast mode
[  611.725431][T13780] bridge_slave_0: left promiscuous mode
[  611.754825][T13780] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.786051][   T29] kauditd_printk_skb: 22 callbacks suppressed
[  611.786072][   T29] audit: type=1800 audit(1721001374.721:2924): pid=13785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2074" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  611.832767][   T54] Bluetooth: hci0: ACL packet for unknown connection handle 3072
[  611.846024][T13780] bridge_slave_1: left allmulticast mode
[  611.855761][T13780] bridge_slave_1: left promiscuous mode
[  611.861663][T13780] bridge0: port 2(bridge_slave_1) entered disabled state
[  611.900978][T13780] bond0: (slave bond_slave_0): Releasing backup interface
[  611.987317][T13780] bond0: (slave bond_slave_1): Releasing backup interface
[  612.297544][T13785] loop0: detected capacity change from 0 to 32768
[  612.298127][T13780] team0: Port device team_slave_0 removed
[  612.310476][T13785] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2074 (13785)
[  612.407749][   T46] usb 2-1: USB disconnect, device number 29
[  612.439210][T13785] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  612.446474][T13780] team0: Port device team_slave_1 removed
[  612.451372][T13785] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  612.476531][T13785] BTRFS info (device loop0): using free-space-tree
[  612.522221][T13780] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  612.602131][T13780] batman_adv: batadv0: Removing interface: batadv_slave_0
[  612.639761][T13780] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  612.698163][T13274] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  612.712306][T13780] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.223212][T13788] loop2: detected capacity change from 0 to 32768
[  613.250798][T13788] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2076 (13788)
[  613.294937][T13788] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  613.325431][T13788] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  613.353307][T13788] BTRFS info (device loop2): using free-space-tree
[  614.304113][T11346] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  614.784803][T13859] loop2: detected capacity change from 0 to 256
[  614.810515][T13859] vfat: Unknown parameter 'nnonumtail'
[  614.975288][T13843] loop0: detected capacity change from 0 to 32768
[  615.060449][T13861] FAULT_INJECTION: forcing a failure.
[  615.060449][T13861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  615.073935][T13861] CPU: 0 UID: 0 PID: 13861 Comm: syz.2.2091 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  615.084194][T13861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  615.094303][T13861] Call Trace:
[  615.097589][T13861]  <TASK>
[  615.100532][T13861]  dump_stack_lvl+0x241/0x360
[  615.105256][T13861]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.110478][T13861]  ? __pfx__printk+0x10/0x10
[  615.115096][T13861]  ? snprintf+0xda/0x120
[  615.119354][T13861]  should_fail_ex+0x3b0/0x4e0
[  615.124075][T13861]  _copy_to_user+0x2f/0xb0
[  615.128528][T13861]  simple_read_from_buffer+0xca/0x150
[  615.133956][T13861]  proc_fail_nth_read+0x1e9/0x250
[  615.139018][T13861]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  615.144589][T13861]  ? bpf_lsm_file_permission+0x9/0x10
[  615.149981][T13861]  ? rw_verify_area+0x520/0x6b0
[  615.154876][T13861]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  615.160482][T13861]  vfs_read+0x204/0xbc0
[  615.164678][T13861]  ? __pfx_lock_release+0x10/0x10
[  615.169735][T13861]  ? __pfx_vfs_read+0x10/0x10
[  615.174433][T13861]  ? __fget_files+0x29/0x470
[  615.179039][T13861]  ? __fget_files+0x3f6/0x470
[  615.183747][T13861]  ksys_read+0x1a0/0x2c0
[  615.188028][T13861]  ? __pfx_ksys_read+0x10/0x10
[  615.192822][T13861]  ? rcu_is_watching+0x15/0xb0
[  615.197610][T13861]  ? rcu_is_watching+0x15/0xb0
[  615.202399][T13861]  do_syscall_64+0xf3/0x230
[  615.206939][T13861]  ? clear_bhb_loop+0x35/0x90
[  615.211651][T13861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.217562][T13861] RIP: 0033:0x7fa3a7d746bc
[  615.221997][T13861] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  615.241638][T13861] RSP: 002b:00007fa3a8bd1040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  615.250089][T13861] RAX: ffffffffffffffda RBX: 00007fa3a7f04110 RCX: 00007fa3a7d746bc
[  615.258076][T13861] RDX: 000000000000000f RSI: 00007fa3a8bd10b0 RDI: 0000000000000008
[  615.266073][T13861] RBP: 00007fa3a8bd10a0 R08: 0000000000000000 R09: 0000000000000000
[  615.274071][T13861] R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000001
[  615.282051][T13861] R13: 000000000000006e R14: 00007fa3a7f04110 R15: 00007ffed3f839d8
[  615.290046][T13861]  </TASK>
[  615.515215][T13843] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2086 (13843)
[  615.585867][T13867] FAULT_INJECTION: forcing a failure.
[  615.585867][T13867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  615.635579][T13843] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  615.644097][T13867] CPU: 0 UID: 0 PID: 13867 Comm: syz.2.2094 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  615.655941][T13867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  615.666011][T13867] Call Trace:
[  615.669298][T13867]  <TASK>
[  615.672257][T13867]  dump_stack_lvl+0x241/0x360
[  615.676962][T13867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.682160][T13867]  ? __pfx__printk+0x10/0x10
[  615.686750][T13867]  ? snprintf+0xda/0x120
[  615.690981][T13867]  should_fail_ex+0x3b0/0x4e0
[  615.695669][T13867]  _copy_to_user+0x2f/0xb0
[  615.700085][T13867]  simple_read_from_buffer+0xca/0x150
[  615.705487][T13867]  proc_fail_nth_read+0x1e9/0x250
[  615.710521][T13867]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  615.716073][T13867]  ? bpf_lsm_file_permission+0x9/0x10
[  615.721441][T13867]  ? rw_verify_area+0x520/0x6b0
[  615.726290][T13867]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  615.731832][T13867]  vfs_read+0x204/0xbc0
[  615.736032][T13867]  ? __pfx_lock_release+0x10/0x10
[  615.741057][T13867]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  615.746614][T13867]  ? __pfx_vfs_read+0x10/0x10
[  615.751287][T13867]  ? __fget_files+0x29/0x470
[  615.755868][T13867]  ? __fget_files+0x3f6/0x470
[  615.760540][T13867]  ksys_read+0x1a0/0x2c0
[  615.764783][T13867]  ? __pfx_ksys_read+0x10/0x10
[  615.769546][T13867]  ? rcu_is_watching+0x15/0xb0
[  615.774309][T13867]  ? rcu_is_watching+0x15/0xb0
[  615.779068][T13867]  do_syscall_64+0xf3/0x230
[  615.783571][T13867]  ? clear_bhb_loop+0x35/0x90
[  615.788244][T13867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.794132][T13867] RIP: 0033:0x7fa3a7d746bc
[  615.798545][T13867] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  615.818153][T13867] RSP: 002b:00007fa3a8c13040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  615.826564][T13867] RAX: ffffffffffffffda RBX: 00007fa3a7f03f60 RCX: 00007fa3a7d746bc
[  615.834540][T13867] RDX: 000000000000000f RSI: 00007fa3a8c130b0 RDI: 0000000000000003
[  615.842511][T13867] RBP: 00007fa3a8c130a0 R08: 0000000000000000 R09: 0000000000000000
[  615.850480][T13867] R10: 0000000000000036 R11: 0000000000000246 R12: 0000000000000001
[  615.858450][T13867] R13: 000000000000000b R14: 00007fa3a7f03f60 R15: 00007ffed3f839d8
[  615.866432][T13867]  </TASK>
[  615.909380][T13843] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  615.930909][T13843] BTRFS info (device loop0): using free-space-tree
[  616.351890][T13274] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  616.403338][T13876] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2097'.
[  616.641834][T13902] loop3: detected capacity change from 0 to 512
[  616.957145][T13876] netlink: 'syz.2.2097': attribute type 21 has an invalid length.
[  616.979975][T13876] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2097'.
[  617.007129][T13876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2097'.
[  617.302086][ T5156] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  617.370452][T13920] team0: Port device bond0 removed
[  617.426401][T13920] bridge_slave_0: left allmulticast mode
[  617.471293][T13920] bridge_slave_0: left promiscuous mode
[  617.480525][T13920] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.534197][T13920] bridge_slave_1: left allmulticast mode
[  617.549535][T13920] bridge_slave_1: left promiscuous mode
[  617.575516][T13920] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.601150][T13920] bond0: (slave bond_slave_0): Releasing backup interface
[  617.625182][ T5156] usb 3-1: Using ep0 maxpacket: 32
[  617.634475][T13920] bond0: (slave bond_slave_1): Releasing backup interface
[  617.651504][ T5156] usb 3-1: descriptor type invalid, skip
[  617.658669][ T5156] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  617.683831][ T5156] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  617.716175][ T5156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.733267][T13920] team0: Port device team_slave_0 removed
[  617.763436][ T5156] usb 3-1: Product: syz
[  617.780522][ T5156] usb 3-1: Manufacturer: syz
[  617.804939][ T5156] usb 3-1: SerialNumber: syz
[  617.816528][T13920] team0: Port device team_slave_1 removed
[  617.840985][T13920] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  617.848554][T13920] batman_adv: batadv0: Removing interface: batadv_slave_0
[  617.857664][T13920] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  617.860934][ T5156] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  617.870166][T13920] batman_adv: batadv0: Removing interface: batadv_slave_1
[  617.909546][T13924] 8021q: adding VLAN 0 to HW filter on device bond0
[  617.932891][T13924] team0: Port device bond0 added
[  618.128739][T13876] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2097'.
[  618.236247][   T46] usb 3-1: USB disconnect, device number 28
[  618.273261][T13943] netlink: 'syz.1.2114': attribute type 64 has an invalid length.
[  618.276318][T13942] FAULT_INJECTION: forcing a failure.
[  618.276318][T13942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  618.291740][T13943] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[  618.336258][T13942] CPU: 0 UID: 0 PID: 13942 Comm: syz.3.2112 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  618.346557][T13942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  618.356634][T13942] Call Trace:
[  618.359933][T13942]  <TASK>
[  618.362881][T13942]  dump_stack_lvl+0x241/0x360
[  618.367591][T13942]  ? __pfx_dump_stack_lvl+0x10/0x10
[  618.372827][T13942]  ? __pfx__printk+0x10/0x10
[  618.377453][T13942]  ? __pfx_lock_release+0x10/0x10
[  618.382517][T13942]  should_fail_ex+0x3b0/0x4e0
[  618.387234][T13942]  _copy_from_user+0x2f/0xe0
[  618.391870][T13942]  snd_seq_ioctl+0x1bc/0x400
[  618.396483][T13942]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  618.401635][T13942]  ? bpf_lsm_file_ioctl+0x9/0x10
[  618.406592][T13942]  ? security_file_ioctl+0x87/0xb0
[  618.411717][T13942]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  618.416853][T13942]  __se_sys_ioctl+0xfc/0x170
[  618.421471][T13942]  do_syscall_64+0xf3/0x230
[  618.426005][T13942]  ? clear_bhb_loop+0x35/0x90
[  618.430711][T13942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.436625][T13942] RIP: 0033:0x7f53fd375bd9
[  618.441055][T13942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  618.460721][T13942] RSP: 002b:00007f53fe21d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  618.469160][T13942] RAX: ffffffffffffffda RBX: 00007f53fd503f60 RCX: 00007f53fd375bd9
[  618.477153][T13942] RDX: 0000000020000180 RSI: 00000000c08c5335 RDI: 0000000000000005
[  618.485150][T13942] RBP: 00007f53fe21d0a0 R08: 0000000000000000 R09: 0000000000000000
[  618.493182][T13942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  618.501182][T13942] R13: 000000000000000b R14: 00007f53fd503f60 R15: 00007ffdda395af8
[  618.509194][T13942]  </TASK>
[  618.661692][ T5127] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  618.852999][ T5127] usb 2-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e
[  618.874593][ T5127] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.895307][ T5127] usb 2-1: config 0 descriptor??
[  618.907567][ T5127] usb-storage 2-1:0.0: USB Mass Storage device detected
[  619.223626][T13957] team0: Port device bond0 removed
[  619.249362][T13957] batman_adv: batadv0: Removing interface: team0
[  619.611525][   T46] usb 2-1: USB disconnect, device number 30
[  619.709873][T13972] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  619.827840][T13948] loop3: detected capacity change from 0 to 32768
[  619.884189][T13948] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2116 (13948)
[  619.926093][T13978] bridge1: the hash_elasticity option has been deprecated and is always 16
[  619.946781][T13948] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  619.980933][T13948] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  620.035355][T13948] BTRFS info (device loop3): using free-space-tree
[  620.070619][T13981] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2127'.
[  620.390560][T14004] bridge_slave_0: left allmulticast mode
[  620.460076][T14004] bridge_slave_0: left promiscuous mode
[  620.491801][T14004] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.580180][T14004] bridge_slave_1: left allmulticast mode
[  620.583217][   T88] ==================================================================
[  620.593954][   T88] BUG: KASAN: null-ptr-deref in drop_buffers+0x6f/0x710
[  620.600930][   T88] Read of size 4 at addr 0000000000000060 by task kswapd0/88
[  620.608322][   T88] 
[  620.610685][   T88] CPU: 1 UID: 0 PID: 88 Comm: kswapd0 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  620.620428][   T88] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  620.621134][T14004] bridge_slave_1: left promiscuous mode
[  620.630487][   T88] Call Trace:
[  620.630499][   T88]  <TASK>
[  620.630509][   T88]  dump_stack_lvl+0x241/0x360
[  620.646954][   T88]  ? __pfx_dump_stack_lvl+0x10/0x10
[  620.652173][   T88]  ? __pfx__printk+0x10/0x10
[  620.656776][   T88]  ? _printk+0xd5/0x120
[  620.660945][   T88]  print_report+0xe8/0x550
[  620.665385][   T88]  ? __virt_addr_valid+0x58/0x530
[  620.670414][   T88]  ? drop_buffers+0x6f/0x710
[  620.675007][   T88]  kasan_report+0x143/0x180
[  620.679514][   T88]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  620.685856][   T88]  ? drop_buffers+0x6f/0x710
[  620.690464][   T88]  kasan_check_range+0x282/0x290
[  620.695422][   T88]  drop_buffers+0x6f/0x710
[  620.699850][   T88]  try_to_free_buffers+0x295/0x5f0
[  620.704984][   T88]  ? __pfx___might_resched+0x10/0x10
[  620.710285][   T88]  ? __count_memcg_events+0x190/0x2a0
[  620.715672][   T88]  ? __pfx_try_to_free_buffers+0x10/0x10
[  620.721307][   T88]  ? filemap_release_folio+0x2ba/0x4b0
[  620.726770][   T88]  shrink_folio_list+0x26c2/0x8c90
[  620.731902][   T88]  ? __pfx_shrink_folio_list+0x10/0x10
[  620.737374][   T88]  ? cgroup_rstat_updated+0x13b/0xc60
[  620.742751][   T88]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[  620.748488][   T88]  ? memcg_rstat_updated+0x7b/0x2f0
[  620.753694][   T88]  ? __mod_memcg_lruvec_state+0x2af/0x3b0
[  620.759438][   T88]  ? memcg_rstat_updated+0x154/0x2f0
[  620.764768][   T88]  ? rcu_is_watching+0x15/0xb0
[  620.769541][   T88]  evict_folios+0x5323/0x78c0
[  620.774262][   T88]  ? __pfx_evict_folios+0x10/0x10
[  620.779289][   T88]  ? lock_release+0xbf/0xa30
[  620.783975][   T88]  ? __pfx_lock_acquire+0x10/0x10
[  620.789012][   T88]  ? rcu_is_watching+0x15/0xb0
[  620.793793][   T88]  ? __pfx_lock_release+0x10/0x10
[  620.798854][   T88]  ? radix_tree_lookup+0x238/0x290
[  620.803973][   T88]  ? mem_cgroup_get_nr_swap_pages+0x28/0x110
[  620.809958][   T88]  ? get_swappiness+0x380/0x3e0
[  620.814817][   T88]  try_to_shrink_lruvec+0x9ab/0xbb0
[  620.820034][   T88]  ? __pfx_try_to_shrink_lruvec+0x10/0x10
[  620.825764][   T88]  ? page_counter_calculate_protection+0x18e/0x3e0
[  620.832274][   T88]  ? __pfx_lock_release+0x10/0x10
[  620.837313][   T88]  shrink_one+0x3cc/0x880
[  620.841655][   T88]  ? shrink_node+0x3727/0x4160
[  620.846431][   T88]  shrink_node+0x3979/0x4160
[  620.851036][   T88]  ? shrink_node+0x3727/0x4160
[  620.855816][   T88]  ? rcu_is_watching+0x15/0xb0
[  620.860589][   T88]  ? rcu_is_watching+0x15/0xb0
[  620.865352][   T88]  ? lock_acquire+0xe3/0x550
[  620.869954][   T88]  ? __pfx_lock_acquire+0x10/0x10
[  620.874996][   T88]  ? __pfx___might_resched+0x10/0x10
[  620.880288][   T88]  ? __pfx_shrink_node+0x10/0x10
[  620.885235][   T88]  ? psi_memstall_enter+0x280/0x320
[  620.890453][   T88]  ? __pfx_lock_release+0x10/0x10
[  620.895487][   T88]  ? __pfx_psi_memstall_enter+0x10/0x10
[  620.901047][   T88]  kswapd+0x17ce/0x3640
[  620.905230][   T88]  ? kswapd+0xbae/0x3640
[  620.909483][   T88]  ? __pfx_kswapd+0x10/0x10
[  620.913995][   T88]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  620.919994][   T88]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  620.926333][   T88]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  620.932668][   T88]  ? __pfx_autoremove_wake_function+0x10/0x10
[  620.938750][   T88]  ? __kthread_parkme+0x169/0x1d0
[  620.943780][   T88]  ? __pfx_kswapd+0x10/0x10
[  620.948292][   T88]  kthread+0x2f0/0x390
[  620.952361][   T88]  ? __pfx_kswapd+0x10/0x10
[  620.956867][   T88]  ? __pfx_kthread+0x10/0x10
[  620.961456][   T88]  ret_from_fork+0x4b/0x80
[  620.965879][   T88]  ? __pfx_kthread+0x10/0x10
[  620.970467][   T88]  ret_from_fork_asm+0x1a/0x30
[  620.975250][   T88]  </TASK>
[  620.978269][   T88] ==================================================================
[  621.015868][T14004] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.073262][T13300] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  621.090957][T13968] loop0: detected capacity change from 0 to 32768
[  621.117604][T13968] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2122 (13968)
[  621.129106][T14004] bond0: (slave bond_slave_0): Releasing backup interface
[  621.171832][T13968] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  621.195754][T13968] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  621.207136][   T88] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  621.214367][   T88] CPU: 1 UID: 0 PID: 88 Comm: kswapd0 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0
[  621.224097][   T88] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  621.234146][   T88] Call Trace:
[  621.237421][   T88]  <TASK>
[  621.240347][   T88]  dump_stack_lvl+0x241/0x360
[  621.245032][   T88]  ? __pfx_dump_stack_lvl+0x10/0x10
[  621.250235][   T88]  ? __pfx__printk+0x10/0x10
[  621.254834][   T88]  ? rcu_is_watching+0x15/0xb0
[  621.259636][   T88]  ? vscnprintf+0x5d/0x90
[  621.263990][   T88]  panic+0x349/0x870
[  621.267919][   T88]  ? check_panic_on_warn+0x21/0xb0
[  621.273053][   T88]  ? __pfx_panic+0x10/0x10
[  621.277502][   T88]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  621.283541][   T88]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  621.289872][   T88]  ? print_report+0xe8/0x550
[  621.294473][   T88]  check_panic_on_warn+0x86/0xb0
[  621.299423][   T88]  ? drop_buffers+0x6f/0x710
[  621.304015][   T88]  end_report+0x77/0x160
[  621.308266][   T88]  kasan_report+0x154/0x180
[  621.312779][   T88]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  621.319115][   T88]  ? drop_buffers+0x6f/0x710
[  621.323708][   T88]  kasan_check_range+0x282/0x290
[  621.328645][   T88]  drop_buffers+0x6f/0x710
[  621.333087][   T88]  try_to_free_buffers+0x295/0x5f0
[  621.338208][   T88]  ? __pfx___might_resched+0x10/0x10
[  621.343517][   T88]  ? __count_memcg_events+0x190/0x2a0
[  621.348900][   T88]  ? __pfx_try_to_free_buffers+0x10/0x10
[  621.354567][   T88]  ? filemap_release_folio+0x2ba/0x4b0
[  621.360036][   T88]  shrink_folio_list+0x26c2/0x8c90
[  621.365171][   T88]  ? __pfx_shrink_folio_list+0x10/0x10
[  621.370668][   T88]  ? cgroup_rstat_updated+0x13b/0xc60
[  621.376048][   T88]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[  621.381784][   T88]  ? memcg_rstat_updated+0x7b/0x2f0
[  621.386992][   T88]  ? __mod_memcg_lruvec_state+0x2af/0x3b0
[  621.392823][   T88]  ? memcg_rstat_updated+0x154/0x2f0
[  621.398143][   T88]  ? rcu_is_watching+0x15/0xb0
[  621.402926][   T88]  evict_folios+0x5323/0x78c0
[  621.407648][   T88]  ? __pfx_evict_folios+0x10/0x10
[  621.412685][   T88]  ? lock_release+0xbf/0xa30
[  621.417286][   T88]  ? __pfx_lock_acquire+0x10/0x10
[  621.422312][   T88]  ? rcu_is_watching+0x15/0xb0
[  621.427075][   T88]  ? __pfx_lock_release+0x10/0x10
[  621.432111][   T88]  ? radix_tree_lookup+0x238/0x290
[  621.437222][   T88]  ? mem_cgroup_get_nr_swap_pages+0x28/0x110
[  621.443208][   T88]  ? get_swappiness+0x380/0x3e0
[  621.448066][   T88]  try_to_shrink_lruvec+0x9ab/0xbb0
[  621.453287][   T88]  ? __pfx_try_to_shrink_lruvec+0x10/0x10
[  621.459015][   T88]  ? page_counter_calculate_protection+0x18e/0x3e0
[  621.465520][   T88]  ? __pfx_lock_release+0x10/0x10
[  621.470557][   T88]  shrink_one+0x3cc/0x880
[  621.474899][   T88]  ? shrink_node+0x3727/0x4160
[  621.479676][   T88]  shrink_node+0x3979/0x4160
[  621.484275][   T88]  ? shrink_node+0x3727/0x4160
[  621.489053][   T88]  ? rcu_is_watching+0x15/0xb0
[  621.493826][   T88]  ? rcu_is_watching+0x15/0xb0
[  621.498592][   T88]  ? lock_acquire+0xe3/0x550
[  621.503192][   T88]  ? __pfx_lock_acquire+0x10/0x10
[  621.508219][   T88]  ? __pfx___might_resched+0x10/0x10
[  621.513513][   T88]  ? __pfx_shrink_node+0x10/0x10
[  621.518461][   T88]  ? psi_memstall_enter+0x280/0x320
[  621.523657][   T88]  ? __pfx_lock_release+0x10/0x10
[  621.528684][   T88]  ? __pfx_psi_memstall_enter+0x10/0x10
[  621.534234][   T88]  kswapd+0x17ce/0x3640
[  621.538404][   T88]  ? kswapd+0xbae/0x3640
[  621.542658][   T88]  ? __pfx_kswapd+0x10/0x10
[  621.547173][   T88]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  621.553176][   T88]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  621.559518][   T88]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  621.565855][   T88]  ? __pfx_autoremove_wake_function+0x10/0x10
[  621.571934][   T88]  ? __kthread_parkme+0x169/0x1d0
[  621.576972][   T88]  ? __pfx_kswapd+0x10/0x10
[  621.581482][   T88]  kthread+0x2f0/0x390
[  621.585552][   T88]  ? __pfx_kswapd+0x10/0x10
[  621.590058][   T88]  ? __pfx_kthread+0x10/0x10
[  621.594647][   T88]  ret_from_fork+0x4b/0x80
[  621.599074][   T88]  ? __pfx_kthread+0x10/0x10
[  621.603666][   T88]  ret_from_fork_asm+0x1a/0x30
[  621.608477][   T88]  </TASK>
[  621.611880][   T88] Kernel Offset: disabled
[  621.616209][   T88] Rebooting in 86400 seconds..