last executing test programs:

2m2.354960384s ago: executing program 2 (id=3):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180))
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)

1m59.176593511s ago: executing program 2 (id=17):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fdf000/0x18000)=nil, 0x0, 0x0, 0x20, 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
madvise(&(0x7f0000130000/0xc00000)=nil, 0xc00000, 0x4)

1m57.250441297s ago: executing program 2 (id=24):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0xdddd0000, 0xe, 0xf0, 0x40, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x7}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0xca}, {0xeeee0000, 0xe6e50002, 0xb, 0x0, 0x2, 0x7, 0x4, 0x1, 0xc, 0x0, 0x6, 0x5}, {0x8000000, 0x3000, 0x8, 0xfc, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x0, 0x1}, {0x100000, 0x0, 0x9, 0x1, 0x3, 0x9, 0x47, 0x5, 0x5, 0x44, 0xe, 0x4b}, {0x2, 0xeeee8000, 0x0, 0x7, 0x3, 0x6f, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x6000, 0x1000, 0xf, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x0, 0xf8}, {0xffff1000, 0x8000000, 0xd, 0x5, 0x3, 0x3, 0xa, 0x9, 0x4, 0x6, 0x2, 0x7}, {0xeeee8000, 0x5}, {0x2, 0x209}, 0x40010000, 0x0, 0xf000, 0x300, 0x5, 0x0, 0xe6e70c00, [0xffffffffffffff47, 0x401, 0x5, 0xc5]})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x83e, 0x0, 0x80000000}]})

1m56.70695284s ago: executing program 2 (id=29):
socket$inet6_icmp(0xa, 0x2, 0x3a)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000f00)='./file0\x00', 0x800, &(0x7f0000000180), 0xff, 0x27e, &(0x7f0000000500)="$eJzs3T1oO2UcB/DfXZJ/34JWBRHFFxARLZS6CSLoolAQKSKCChURJ2mFanFrnFwcdFbp5FLEzeooLsVF6Fq1Q0UQsThYHHSIXC6RmCZaL82l/+TzgfTuubsnv0vJ97mH0lwCmFqLEfFYRFQiYikiahGRdB9wT/5YbDd35w7WI5rNZ35NWsfl7Vyn30JENCLi4YhqZ9/2/gsnvx89ef+7b9bu+3j/+bkSXlqld8PpyfFTZx89/c5nqw9tp+1t9fay+3Vcottv7LOxmkTcPIJiV0VSHfcZcBFrb336bRaSWyLi3lb+a5G2I/ve1rWvavHgh4P6vv/L4R1lnitw+ZrNWnYNbDSBqZO25sBJuhwR+XqaLi/nc/jvKvPpa5tbbyy9ulnZeKV71Chj+g6MSj3i+IkvZj5f6Mn/T5U8/8DkyvL/7Nre99n62bm/lAET6c58keV/6aWdB0L+YerIP0yG+QJ95B8mQr1gJ/mH613B7BbI/60/Hj5arBhwpVww/z+XeU5AOcz/YYLVOiuNvrvlH6bXhfPvX31h4nTy79IP06f7+g8ATJfmzLg/gQyMy7jHHwAAAAAAAAAAAAAAAAAA4LzduYP1ziMiKaXm1x9EnD4eEdXe+tH6YoO0tZxt/Zz/LckO+1uSd2u7Vqj+i3cPc/bD+2T0n76u9rRnuxs3/DDy+v/qm7tG87xv/7M58A6WOxsRjezglWr1/Psvab//irvpP/bXXh6ywP/Um+pHniuj6uDf4p97ZdQfbPUo4sts/FnpN/6kcVtr2X/8qXffYrmg1/8Y8gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAozV8BAAD///BWbAI=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0)
r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r1, 0x0)
write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x2000000000000001, 0x0, 0x0, {0xffffffffff7ffffe, 0x0, 0xffffffffbfffffff, 0x6, 0xffffffffffff592c, 0x6, 0x4, 0x6288f666, 0x0, 0xc000}}}, 0x78)
r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000040)={0x80, 0x2000, 0x0, 0x10000})

1m56.364072348s ago: executing program 2 (id=31):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002bbd700004000000000000000000000000000000000000016401010200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000002000000000000000002000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000002008000000000000000001000000000000004400050000110000000000000000000000000000000000003c00000002000000e00000010000000000000000000000000600000004"], 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r1, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)

1m55.895940266s ago: executing program 2 (id=34):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0)
close(0x3)

1m55.653651825s ago: executing program 32 (id=34):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0)
close(0x3)

1m50.772728789s ago: executing program 0 (id=56):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r1, 0x0, &(0x7f00000001c0)="cd", 0x1, 0x3})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000000280)="8a", 0x1, 0x2})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r1, 0x0, &(0x7f0000000000)='7', 0x1, 0x6})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x4, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x13})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r1, 0xc2, 0xffffffff})

1m50.576902945s ago: executing program 0 (id=57):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
lseek(r0, 0x0, 0x1)

1m50.437199556s ago: executing program 0 (id=58):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
read$eventfd(r0, &(0x7f0000000040), 0x8)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendfile(r2, r2, 0x0, 0x7)
read$FUSE(r1, &(0x7f0000006100)={0x2020}, 0x7)
read$FUSE(r0, &(0x7f0000000380)={0x2020}, 0x2020)

1m50.286567358s ago: executing program 0 (id=59):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@orlov}, {@noauto_da_alloc}, {@inlinecrypt}, {@dioread_lock}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc002, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x6b2, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x10000000000]})
write$binfmt_script(r0, &(0x7f0000001b40)={'#! ', './file1'}, 0xb)

1m49.734148113s ago: executing program 0 (id=60):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x4000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@dfltgid}], [], 0x6b}})
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020)

1m48.803805058s ago: executing program 0 (id=62):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x7, &(0x7f0000000180)=@framed={{}, [@ringbuf_query]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x2000000, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
close_range(r0, 0xffffffffffffffff, 0x0)

1m48.149410161s ago: executing program 33 (id=62):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x7, &(0x7f0000000180)=@framed={{}, [@ringbuf_query]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x2000000, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f00000001c0)={0x0, 0x0, 0x9})
close_range(r0, 0xffffffffffffffff, 0x0)

1m33.757958153s ago: executing program 1 (id=99):
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
setuid(0xee01)
utimensat(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)

1m33.355363875s ago: executing program 1 (id=103):
r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r0, &(0x7f00000076c0)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
setresgid(0x0, 0x0, r1)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x4000, &(0x7f0000002300)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
listxattr(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

1m32.962089457s ago: executing program 1 (id=105):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timerfd_gettime(0xffffffffffffffff, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)

1m29.793902702s ago: executing program 1 (id=111):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x300, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@nobh}, {@dioread_nolock}, {@test_dummy_encryption}, {@nodelalloc}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x3, 0xba6, &(0x7f0000000c00)="$eJzs3M1rXFUUAPDzXj7bRicVEeumEZEWxGlaSbFFsJWKGxeCboWGdFJCph8kkZo0i4n+A6KuBTeCWpQu7LobBbdutG4tLoQisVEQ0cibjyQ2M0naTvJq8vvBzbt3zpvcc/KYeffCTALYsQayH2nEvog4nUQU6o+nEdFd7fVGVGrnLczPjvwxPzuSxOLi678mkUTE7fnZkcbvSurHPfVBb0R891ISj7y7et7J6Znx4XK5NFEfH5o6d/HQ5PTMs2Pnhs+WzpbOHz76/NCRoaODx4baVuufP5249vuTr/xc+euzv6/89sEnSZyIvnpsZR3tMhADS3+TlTojYrjdk+Wko17PyjqTznWelG5yUgAAtJSuWMM9FoXoiOXFWyG+/j7X5AAAAIC2WOyIWAQAAAC2ucT+HwAAALa5xucAbs/PjjRavp9I2Fq3TkZEf63+hXqrRTqjUj32RldE7L6dxMqvtSa1p923gYi4+eOxL7MWm/Q95LVU5iLi8WbXP6nW31/9Fvfq+tOIGGzD/AN3jP9P9Z9ow/x51w/AznT9ZO1Gtvr+ly6tf6LJ/a+zyb3rXuR9/2us/xZWrf+W6+9osf57bYNzXP70o0utYln9L1x7+YtGy+bPjvdV1F24NRfxRGez+pOl+pMW9Z/e4ByFfy6VWsXyrn/x44gD0bz+hmTt/090aHSsXBqs/Ww6x9y3Q5+3mj/v+rPrv7tF/etd/4sbnOPNU6eutoqtX3/6S3fyRrXXXX/k7eGpqYnDEd3Jq6sfP7J2Lo1zGr8jq//gU2u//pvVn70nVOp/h2wvMFc/ZuN37pjzxSuXv1qr/mzvl+f1P3OP1/+9Dc7x9DfvH2wVW7n/zVo2/82kthcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIY0IvoiSYtL/TQtFiP2RMSjsTstX5icemb0wlvnz2SxiP7oSkfHyqXBiCjUxkk2PlztL4+P3DF+LiL2RsSHhV3VcXHkQvlM3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwZE9E9EWSFiMijYiFQpoWi3lnBQAAALRdf94JAAAAAJvO/h8AAAC2P/t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANtne/ddvJBFROb6r2jLd9VhXrpkBmy3NOwEgNx15JwDkpjPvBIDc3OUe33IBtqFknXhvy0hP23MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MF1YN/1G0lEVI7vqrZMdz3W1fQZ+7cwO2AzpXknAOSmY61g59blAWw9L3HYuZrv8YGdJFkn3rt8TuW/kZ5NywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAB09ftSVpMSLSaj9Ni8WIhyKiP7qS0bFyaTAiHo6IHwpdPdm4J++kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLvJ6Znx4XK5NKGjo5NvJ3kw0qh18n5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD5PTM+PD5XJpYjLvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC8TU7PjA+Xy6WJDXSu3s3JKzp51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DQAA//+LYA3r")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1edc01, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
mount$9p_tcp(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x286e066, 0x0)
read$FUSE(r0, &(0x7f0000000f00)={0x2020}, 0x2020)

1m28.246258947s ago: executing program 1 (id=117):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/177, 0xb1, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg(r0, &(0x7f0000000540)={0x1, {&(0x7f00000005c0)=""/84, 0x54, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f00000039c0)={0x2, 0x0, {&(0x7f0000000680)=""/184, 0xfffffefd, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000100)={0x2, 0x0, {&(0x7f0000000080)=""/42, 0x2a, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f00000004c0)={0x2, 0x0, {&(0x7f0000000400)=""/185, 0xb9, 0x0, 0x1, 0x2}}, 0x75)
write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000e40)=""/187, 0xbb, 0x0, 0x2, 0x3}}, 0x48)

1m27.483539569s ago: executing program 1 (id=121):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x2084811, 0x0, 0xfc, 0x0, &(0x7f0000000240))
chdir(&(0x7f00000003c0)='./bus\x00')
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='./bus\x00', 0x2b1245d, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x1cb)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r0, 0x3, 0x0)
getdents64(r0, 0x0, 0x22)

1m26.642425787s ago: executing program 34 (id=121):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x2084811, 0x0, 0xfc, 0x0, &(0x7f0000000240))
chdir(&(0x7f00000003c0)='./bus\x00')
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='./bus\x00', 0x2b1245d, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x1cb)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r0, 0x3, 0x0)
getdents64(r0, 0x0, 0x22)

10.40131433s ago: executing program 5 (id=308):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000bbdffc))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x142)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000080)={{}, {0x1, 0x5}, [], {0x20, 0x3}, [], {0x10, 0x7}, {0x20, 0x4}}, 0x24, 0x3)
setsockopt(r0, 0x10, 0x3c01, &(0x7f0000000000)="dc06b4909c9578f0734b1ae6054055b9ef99dc689395bde31d007b725450804a2789b1424b675fc0d9347d2274593d227f51377ff99692ca58c64141898911f52b6d", 0x42)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r0, 0x0, r3, 0x0, 0xf2a, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

9.104326535s ago: executing program 3 (id=312):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x2000000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10)
close(r2)

9.03597728s ago: executing program 5 (id=313):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x101, &(0x7f0000000080)=ANY=[@ANYRES16=r0], &(0x7f0000000340)={0x0, 0x1, [0x2e9, 0x567, 0x865, 0x9f0]})
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x8000}, 0x0, &(0x7f0000000240)={0x3ff, 0x7, 0xffffffffffffff1b, 0x9, 0x6, 0xf, 0x80000008}, 0x0, 0x0)

8.149328432s ago: executing program 3 (id=314):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xe099, 0x0, 0x1, 0xb5}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000040)=0xfffffff9, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9})
close(r1)

8.061864349s ago: executing program 4 (id=315):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0x2004})
epoll_wait(r4, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002)

7.732393286s ago: executing program 5 (id=317):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x0, 0x33}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x1, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

6.602490317s ago: executing program 6 (id=318):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_read_part_table(0x630, &(0x7f0000000000)="$eJzs3DFoXVUYB/D/Td+7770W0ipOXVJ3sdjZ1ICkj0qnSrcuVUFCxSFOFUtepEszZHBwdilClloXDR0c1CKOTqGDWnEVpKhUkR657933kigiaDoIv9+Qe853z/m+8+XejLnhf20u3aQaD3vpJDn50p9WrGe6IP1mfZLSbe9d2Fo+c7aUUqpmzcV08+Sn87eSdNot/VmaUsrabHI6N947fPt6Nepu3W2Kfr5xqAkPJscYJE8dqfvjNHsypJR9B+sd5O+Bf+fm4p2qula3s/qnh0vJBz8un98+t/HOrRfa8FryRdI8/7eb92K6+s1cPnGpMx42T/mNvXl/bhPuRnYf9yCdfWcYXVsdbi4truxMA8eHWx+/+uyvJ26nnMqXdWdueqOqM59Z5tHB9H+0efs3ryyu7AyvDmY3nnj38c+y0E7ul5JjTcnHMv7TWTiAygAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAo3F+8kGQ03k5WdYa+NLp/fPrdRJ3n+lX4bOrl316H2ejmX7jXXtawm332U7t5FVfNjHJlLd2kS+3ahPD0edKb1e4PJ4Mriys7wt8PJvWceHh9OdqX3yandcmuzzNt5rh09KBPjyfrfNdmWKEdLjv2l/6qTrA43x/Wvfl91Jg1/WI1mx5xL8lovL0+aKQ/qdu/vu20AAAAAAAAAAAAAAAAAAADAf7J85uzr99vxxX6SH96aa8alN/kv906qXJ+tXsrXvWRwOrnRTzVaSnL3xV/qr+Y3vmk/HTBKL6MkR95fv9BuqvcVnH0ioEqpH3V3/JM/AgAA//96rHlv")
r2 = dup(r1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c0000000200000000000000020000040800"], 0x0, 0x56}, 0x28)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000640)={0x0, 0xd000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x3, 0x7fff0000}]})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.218013498s ago: executing program 3 (id=319):
socket$inet6(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xd0}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x41}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9, 0x20}, {}, {}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.979986007s ago: executing program 3 (id=320):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="0087ff12ad12bcf708ae4f82008000022f9bb177583ef92a54b8b214b1"], 0x125)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000040000000001, 0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.678805752s ago: executing program 6 (id=321):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$bt_sco(0xffffffffffffffff, 0x0, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x12)
r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x2881)
ioctl$VIDIOC_QUERYMENU(r2, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x100f})
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8080c61)

3.784191734s ago: executing program 3 (id=322):
gettid()
timer_create(0xb, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0)
recvfrom(r2, &(0x7f0000000280)=""/90, 0xfffffffffffffe4a, 0x530, 0x0, 0x0)

3.783466964s ago: executing program 5 (id=330):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kfree\x00'}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000200)}, 0x8000}], 0x1, 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x49, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.650952925s ago: executing program 4 (id=323):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d19388", 0x49}], 0x1, 0x0, 0x0, 0x1f000801}, 0x4000000)

3.46148255s ago: executing program 6 (id=324):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000500)="6e80000000000100000000000000000000000c81", 0x14}], 0x1, 0x9)
r2 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setresuid(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x3, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x8000, 0x0)

3.425238863s ago: executing program 4 (id=325):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x23f}, &(0x7f00000000c0)=0x8)

3.09176147s ago: executing program 6 (id=326):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffd58, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
sched_setscheduler(0x0, 0x2, 0x0)

2.287187875s ago: executing program 4 (id=327):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x3)
pause()
fcntl$setsig(r1, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8)
dup2(r1, r2)
fcntl$setown(r1, 0x8, r0)
tkill(r0, 0x13)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

1.560291774s ago: executing program 3 (id=328):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

1.459486062s ago: executing program 5 (id=329):
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x4e23, @empty}}, 0x0, 0x0, 0x8, 0x0, "a386bcb957f6ee650a88e81a5cb3b0852da5b6b13aa9aed3e923ad05392be7124f3883a973ec229f5fab90b052c3572c8e868f4f1ff8e2f4bff94f46103f6fb8ed729eed0700000000000000de127097"}, 0xd8)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)=@ipv4_newroute={0x1c, 0x18, 0x0, 0x70bd2c, 0x25dfdbfd, {0x2, 0x0, 0x14, 0x26, 0xfc, 0x3, 0xfd, 0xbd9b57c46a7f8446, 0x200}}, 0x1c}, 0x1, 0x0, 0x0, 0x8081}, 0x20040000)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f00000001c0)=0x1fff)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x3, 0xffffffff, 0x8, 0xdeb9, 0x8, 0x5, 0x6, 0xfffffffffffffff2, 0x5, 0x6736, 0x2, 0x5, 0x7, 0xfffffffffffffff9, 0xa7, 0xa9], 0xdddd0000, 0x82200})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000740)={"808653769f50df58624295cc7aeae1914d55ba337e30f9a12499193c721e5882fd645f9bb2e2cf88f1c084f6a82522cec7592c4114e068ac3f651dc519c1dc1e763bb8e987153e52c192c5e8652809b057e483fa3281dc50559a0867e1a66e314026cfe30b84c3a1d0bf3db7a748162421014d3fcac3c4cb7e6a22e3938e05c03693bd4a88b47311dd93bede2a46065704f63fd88dacc60ec3004705fe45c8dd154025e7ba8e0e8ebd0e9036ccf370829c44b18e0b759644657724838f714cdffc3937dbf27e0b34eb6d21a0a453b8f9b469e8a61de2c33888e5413a5f884be17c8d210994dedefd3ed29099fb61c4e943a7f2d2af4a47e64d63af12b3b054007d645d4b3e55b34cb894bd58b1d21a45bf9418a78b60c7b5341b9107bf4b0d37fe622a36cd305f2fa2f566786d636838eaf8658e432510170ce247ecc5102e890fb9a6faf4671421b1173995c262bfe6d45c5a0eda06109f0f049a6a1114764b85e7339ffbb22e84b623a686dd5287f23bc09007ba19f515e0b7e649ab8a6474859328a09a561f5ebcd6f9e8f38b7d12d0df01bf147852ed5b090e7baa56720d9ba22f71704704c322650e05a5a9f3351793adbb4f746992f879d990598344ead42b812e9599a20d51bad7ff93bf6104330897a7a34c10f95f60b934b2a864f6936cac5b5a73b628adadebea5ae5906e18c8927eab35e53fa6f016984e376e223363376dbc510810807b69e13e2946f6f8835a97efc8e6d8f78446203eae0bcd3e7f63c88499dc0829c3df2b9900225c7f3074c1fcab2170d8d45e18679d10cdc394ae214960c1655b5f61fcb55dcabe240eab6d7f55d879ed12288be37c89406c28d2f95eb95e72e2a4d11554f2a5c3a03f1bb1d0f554531ecf5f19a435d484569a5c42ea89a1e7d664ad8f6ece582bcdb2d53c8002035fc4d99c12aacfaaf34e88c989d553ca138020f273a4b407c9f11f9c61f34d985a5e2acdf0ab14db335be776b84013153951363180d96fa765eb226b4bf25a652077749e6a8e987f9898f152205b175eee8c1e3fe47ab8ff68edd3453a0721817a29f4b3ea3022c3a5af3daf4d0cb9c4a34e3627e38bbeba0a67e5f142e252956d87a4fff8528b09432f2f5f4c15fbfdd2451925ea73f7a8bf37262580ab47d265ed6bfe3fb3e4e19feaa13a089fdba86043686d59792b865375b5665d6b91470ec80b7115ac095e4822815aeac232a1900daa6bd95efec249d485cf5e5a266e938d74ab9060622aa426cb76e9e22f24f6498448cc7c0c6ebf7dbc289f68faa0aeca1d51739f9d5868e573adc9a49523b476fe6f5e746ab57e50a996a38fe5f3d9181a8a03881aff8cb124bf981421d24e7d04b0aa43330616f4ebee30d23629f6f1387fdc0b3de32df913c205a211b921f7715c91f60bab4f7799b16798ae04baf89b9ae93becc59b"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.347663911s ago: executing program 6 (id=331):
r0 = openat(0xffffffffffffff9c, 0x0, 0x601c2, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x1, 0x5, 0x10})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000180)="a271f237d441d97b27ae344cef778cb8bb4015bd607c816dd111602436c938c9c286f5b292", 0x25}, {0x0}, {0x0}], 0x3, 0x5412, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
fdatasync(r1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ftruncate(r1, 0x5)

779.364307ms ago: executing program 5 (id=332):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = io_uring_setup(0x6e1e, &(0x7f0000000100)={0x0, 0x23d4, 0x800, 0xfffffffc, 0x87})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r2 = eventfd2(0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000000)=r2, 0x1)
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000001580)={0x3, 0x0, 0x0, &(0x7f00000014c0)=[{0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], &(0x7f0000001540)=[0x0, 0x0, 0x4]}, 0x20)
read$eventfd(r2, &(0x7f0000000040), 0x8)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}, {0x0}, {0x0}], 0x0, 0x3}, 0x20)

561.033854ms ago: executing program 4 (id=333):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0))
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r3}, 0x1e)
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]})

264.470738ms ago: executing program 6 (id=334):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x551642, 0x2f53a08607baf2e7)
mknodat$loop(r0, &(0x7f0000000000)='./file1\x00', 0x4, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000003580), 0x80000, 0x0)
read(r3, &(0x7f00000035c0)=""/200, 0xc8)
connect$can_bcm(r2, &(0x7f0000001200), 0x10)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000180)={0x0, 0x9, 0x8})
close(r2)
linkat(r0, &(0x7f0000000200)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000080)={0x6, 0x7, 'syz1\x00'}, &(0x7f00000000c0)=0x28)

0s ago: executing program 4 (id=335):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019640)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x6, 0xfa00, {0x1, &(0x7f0000000000), 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.102' (ED25519) to the list of known hosts.
[   81.229421][ T5776] cgroup: Unknown subsys name 'net'
[   81.369463][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.075607][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.863222][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.882237][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.883193][ T5794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.897067][ T5793] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.900927][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.904928][ T5793] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.920122][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.921231][ T5793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.935141][ T5793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   84.938933][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.942660][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.949732][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.959306][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.965751][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.972004][ T5793] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.980527][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   84.985825][ T5793] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.994650][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.007810][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   85.010369][ T5793] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.017138][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   85.022863][ T5793] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   85.029483][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   85.042164][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.568837][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   85.626446][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   85.768877][ T5786] chnl_net:caif_netlink_parms(): no params data found
[   85.834410][ T5785] chnl_net:caif_netlink_parms(): no params data found
[   85.874761][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.882123][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.889499][ T5787] bridge_slave_0: entered allmulticast mode
[   85.897534][ T5787] bridge_slave_0: entered promiscuous mode
[   85.952018][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.959209][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.966959][ T5787] bridge_slave_1: entered allmulticast mode
[   85.974573][ T5787] bridge_slave_1: entered promiscuous mode
[   86.037744][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.044968][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.052381][ T5788] bridge_slave_0: entered allmulticast mode
[   86.059532][ T5788] bridge_slave_0: entered promiscuous mode
[   86.067655][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.075045][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.082353][ T5788] bridge_slave_1: entered allmulticast mode
[   86.089341][ T5788] bridge_slave_1: entered promiscuous mode
[   86.126194][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.133586][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.141528][ T5786] bridge_slave_0: entered allmulticast mode
[   86.148499][ T5786] bridge_slave_0: entered promiscuous mode
[   86.194288][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.201837][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.209217][ T5786] bridge_slave_1: entered allmulticast mode
[   86.217124][ T5786] bridge_slave_1: entered promiscuous mode
[   86.227374][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.240835][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.253933][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.267020][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.339243][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.346653][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.354428][ T5785] bridge_slave_0: entered allmulticast mode
[   86.362776][ T5785] bridge_slave_0: entered promiscuous mode
[   86.373217][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.386696][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.418796][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.426218][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.433539][ T5785] bridge_slave_1: entered allmulticast mode
[   86.441228][ T5785] bridge_slave_1: entered promiscuous mode
[   86.486953][ T5787] team0: Port device team_slave_0 added
[   86.496047][ T5788] team0: Port device team_slave_0 added
[   86.504980][ T5788] team0: Port device team_slave_1 added
[   86.532646][ T5786] team0: Port device team_slave_0 added
[   86.541276][ T5787] team0: Port device team_slave_1 added
[   86.548792][ T5786] team0: Port device team_slave_1 added
[   86.569483][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.633674][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.641678][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.668647][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.683981][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.709522][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.716685][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.742803][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.755960][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.763035][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.790287][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.815889][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.823084][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.850790][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.893564][ T5785] team0: Port device team_slave_0 added
[   86.901497][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.908489][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.935563][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.948812][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.955862][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.982010][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.016358][ T5785] team0: Port device team_slave_1 added
[   87.076166][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.083736][ T5796] Bluetooth: hci2: command tx timeout
[   87.089507][ T5796] Bluetooth: hci1: command tx timeout
[   87.100753][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.132397][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.151069][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.158064][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.184279][ T5796] Bluetooth: hci3: command tx timeout
[   87.190067][ T5796] Bluetooth: hci0: command tx timeout
[   87.196832][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.218570][ T5786] hsr_slave_0: entered promiscuous mode
[   87.225588][ T5786] hsr_slave_1: entered promiscuous mode
[   87.276360][ T5788] hsr_slave_0: entered promiscuous mode
[   87.294967][ T5788] hsr_slave_1: entered promiscuous mode
[   87.308550][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.317780][ T5788] Cannot create hsr debugfs directory
[   87.366072][ T5787] hsr_slave_0: entered promiscuous mode
[   87.373450][ T5787] hsr_slave_1: entered promiscuous mode
[   87.384638][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.392362][ T5787] Cannot create hsr debugfs directory
[   87.486886][ T5785] hsr_slave_0: entered promiscuous mode
[   87.499046][ T5785] hsr_slave_1: entered promiscuous mode
[   87.506539][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.519146][ T5785] Cannot create hsr debugfs directory
[   88.010974][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   88.025487][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   88.036738][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   88.048974][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   88.111980][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.145330][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.156421][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.186414][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.259431][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.275492][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.302303][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.314082][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.385078][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   88.397370][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   88.431470][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   88.443481][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   88.552958][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.569742][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.633082][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   88.657583][ T5786] 8021q: adding VLAN 0 to HW filter on device team0
[   88.669446][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.676947][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.698037][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.705251][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.725363][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.732586][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.759340][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.782948][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.790213][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.826734][ T5785] 8021q: adding VLAN 0 to HW filter on device team0
[   88.866594][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.876385][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.883627][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.926969][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.934217][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.997302][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   89.023083][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.030359][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.063687][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.070926][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.171683][ T5796] Bluetooth: hci1: command tx timeout
[   89.177304][ T5791] Bluetooth: hci2: command tx timeout
[   89.241256][ T5791] Bluetooth: hci0: command tx timeout
[   89.242515][ T5796] Bluetooth: hci3: command tx timeout
[   89.524586][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.545103][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.687470][ T5788] veth0_vlan: entered promiscuous mode
[   89.714248][ T5786] veth0_vlan: entered promiscuous mode
[   89.723393][ T5788] veth1_vlan: entered promiscuous mode
[   89.743518][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.759599][ T5786] veth1_vlan: entered promiscuous mode
[   89.777820][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.813976][ T5788] veth0_macvtap: entered promiscuous mode
[   89.838314][ T5788] veth1_macvtap: entered promiscuous mode
[   89.865684][ T5786] veth0_macvtap: entered promiscuous mode
[   89.885740][ T5786] veth1_macvtap: entered promiscuous mode
[   89.938286][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.966100][ T5785] veth0_vlan: entered promiscuous mode
[   89.981557][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.993604][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.005944][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.023249][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.043745][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.055075][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.067211][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.080474][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.089488][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.099775][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.109169][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.127433][ T5785] veth1_vlan: entered promiscuous mode
[   90.143311][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.152300][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.162327][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.171566][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.233092][ T5787] veth0_vlan: entered promiscuous mode
[   90.304836][ T5785] veth0_macvtap: entered promiscuous mode
[   90.329504][ T5785] veth1_macvtap: entered promiscuous mode
[   90.342451][ T5787] veth1_vlan: entered promiscuous mode
[   90.400752][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.408829][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.419952][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.427869][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.474116][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.477606][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.482678][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.501145][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.511268][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.522085][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.533707][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.551363][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.562668][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.572751][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.583578][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.595754][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.637660][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.648276][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.657890][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.665403][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.674854][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.685260][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.702672][ T5787] veth0_macvtap: entered promiscuous mode
[   90.726225][ T5787] veth1_macvtap: entered promiscuous mode
[   90.834517][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.845927][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.856876][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.867952][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.878211][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.891965][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.911160][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.973040][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.990686][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.005022][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.025010][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.044542][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.060803][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.087464][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.150976][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.159747][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.172772][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.192820][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.230629][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.240783][ T5796] Bluetooth: hci2: command tx timeout
[   91.240822][ T5791] Bluetooth: hci1: command tx timeout
[   91.256154][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.326423][ T5791] Bluetooth: hci3: command tx timeout
[   91.326471][ T5796] Bluetooth: hci0: command tx timeout
[   91.339432][ T2941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.350136][ T2941] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.481898][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.505384][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.595239][ T2941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.619731][ T2941] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.107395][ T5900] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   92.206215][  T786] cfg80211: failed to load regulatory.db
[   92.933734][ T5912] syz.3.10[5912]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   92.964479][ T5912] loop3: detected capacity change from 0 to 512
[   92.977141][ T5912] EXT4-fs: Ignoring removed i_version option
[   93.035413][ T5912] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   93.069349][ T5912] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   93.135065][ T5912] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   93.177363][ T5912] EXT4-fs (loop3): 1 truncate cleaned up
[   93.185870][ T5912] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.321206][ T5791] Bluetooth: hci2: command tx timeout
[   93.326722][ T5796] Bluetooth: hci1: command tx timeout
[   93.379685][ T5912] EXT4-fs warning (device loop3): ext4_xattr_inode_get:559: inode #18: comm syz.3.10: EA inode hash validation failed
[   93.400665][ T5791] Bluetooth: hci3: command tx timeout
[   93.407198][ T5796] Bluetooth: hci0: command tx timeout
[   93.424989][ T5920] kvm: pic: non byte write
[   93.570864][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.924191][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.932504][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.943587][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.953821][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.964044][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.972743][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.987175][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   93.998873][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   94.012661][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   94.050819][ T5934] netlink: 'syz.3.16': attribute type 3 has an invalid length.
[   95.559031][ T5937] syz.2.17 (5937) used greatest stack depth: 20360 bytes left
[   95.575526][ T5954] loop0: detected capacity change from 0 to 512
[   95.745047][ T5954] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.770916][ T5954] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   96.186454][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.504989][ T5978] loop2: detected capacity change from 0 to 128
[   96.545064][ T5978] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   96.561065][ T5978] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.657839][ T5978] =======================================================
[   96.657839][ T5978] WARNING: The mand mount option has been deprecated and
[   96.657839][ T5978]          and is ignored by this kernel. Remove the mand
[   96.657839][ T5978]          option from the mount to silence this warning.
[   96.657839][ T5978] =======================================================
[   96.709495][ T5978] EXT4-fs error (device loop2): ext4_ind_map_blocks:604: inode #12: comm syz.2.29: Can't allocate blocks for non-extent mapped inodes with bigalloc
[   96.787851][ T5985] loop1: detected capacity change from 0 to 64
[   96.811963][ T5985] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing
[   96.812940][ T5786] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid
[   96.839695][ T5786] EXT4-fs error (device loop2): ext4_lookup:1858: inode #11: comm syz-executor: iget: checksum invalid
[   97.168900][ T5786] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   97.308682][   T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.476820][   T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.584104][   T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.677222][   T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.356498][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.383042][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.398754][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.416323][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.426311][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   98.434193][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.561714][ T6010] loop6: detected capacity change from 0 to 1
[   98.574788][ T6010]  loop6: [POWERTEC] p1 p2 p3 p4 p5
[   98.646214][ T6010] loop6: p1 start 2602905181 is beyond EOD, truncated
[   98.655624][ T6010] loop6: p2 start 1745589262 is beyond EOD, truncated
[   98.685827][ T6010] loop6: p3 start 325178268 is beyond EOD, truncated
[   98.705036][ T6010] loop6: p4 start 2326339850 is beyond EOD, truncated
[   98.713388][ T6010] loop6: p5 start 2562259694 is beyond EOD, truncated
[   99.082738][ T6020] netlink: 20 bytes leftover after parsing attributes in process `syz.1.43'.
[   99.093898][ T6017] serio: Serial port ttyS3
[   99.754814][ T6001] chnl_net:caif_netlink_parms(): no params data found
[  100.336130][ T6001] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.373760][ T6001] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.387449][ T6001] bridge_slave_0: entered allmulticast mode
[  100.408246][ T6001] bridge_slave_0: entered promiscuous mode
[  100.507387][ T6001] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.523881][ T6001] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.531739][ T5791] Bluetooth: hci0: command tx timeout
[  100.567620][ T6001] bridge_slave_1: entered allmulticast mode
[  100.578131][ T6001] bridge_slave_1: entered promiscuous mode
[  100.624771][    T9] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  100.745580][   T59] hsr_slave_0: left promiscuous mode
[  100.780704][   T59] hsr_slave_1: left promiscuous mode
[  100.781653][ T6068] loop1: detected capacity change from 0 to 2048
[  100.810222][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.832247][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  100.860910][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.874925][ T6069] fido_id[6069]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  100.896698][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  100.936741][   T59] bridge_slave_1: left allmulticast mode
[  100.950068][   T59] bridge_slave_1: left promiscuous mode
[  100.981253][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.052981][   T59] bridge_slave_0: left allmulticast mode
[  101.058707][   T59] bridge_slave_0: left promiscuous mode
[  101.073303][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.095628][ T6053] loop3: detected capacity change from 0 to 32768
[  101.149546][   T59] veth1_macvtap: left promiscuous mode
[  101.178014][   T59] veth0_macvtap: left promiscuous mode
[  101.194299][   T59] veth1_vlan: left promiscuous mode
[  101.203536][   T59] veth0_vlan: left promiscuous mode
[  101.220587][ T6053] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  101.366010][ T6053] XFS (loop3): Ending clean mount
[  101.437553][ T6053] XFS (loop3): Quotacheck needed: Please wait.
[  101.559201][ T6053] XFS (loop3): Quotacheck: Done.
[  101.909486][ T5788] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  102.333789][ T6085] loop1: detected capacity change from 0 to 128
[  102.445575][ T6085] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  102.473804][ T6085] ext4 filesystem being mounted at /15/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  102.605802][ T5791] Bluetooth: hci0: command tx timeout
[  102.972989][ T6102] loop0: detected capacity change from 0 to 1024
[  102.996592][ T6102] EXT4-fs: Ignoring removed orlov option
[  103.024835][ T6102] EXT4-fs: inline encryption not supported
[  103.058672][ T6102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.158489][   T59] team0 (unregistering): Port device team_slave_1 removed
[  103.166645][   T28] audit: type=1800 audit(1755247169.413:2): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.59" name="file1" dev="loop0" ino=15 res=0 errno=0
[  103.242395][   T59] team0 (unregistering): Port device team_slave_0 removed
[  103.260103][ T6102] loop0: detected capacity change from 1024 to 3
[  103.269541][ T6102] Dev loop0: unable to read RDB block 3
[  103.287357][ T6105] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Out of memory
[  103.287964][ T6102]  loop0: unable to read partition table
[  103.312542][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  103.324258][ T6102] loop0: partition table beyond EOD, truncated
[  103.325476][ T6105] EXT4-fs (loop0): Remounting filesystem read-only
[  103.344805][ T6102] loop_reread_partitions: partition scan of loop0 (ï5ŸA;¹8R÷Ö¤®mÝûÑÎ])Âî^\©) failed (rc=-5)
[  103.386618][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  103.472548][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.513091][ T6103] kmmpd-loop0: attempt to access beyond end of device
[  103.513091][ T6103] loop0: rw=14337, sector=128, nr_sectors = 2 limit=3
[  103.533543][ T6103] Buffer I/O error on dev loop0, logical block 64, lost sync page write
[  103.919553][   T59] bond0 (unregistering): Released all slaves
[  103.999353][ T6001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.143804][ T6001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.189542][ T6107] loop3: detected capacity change from 0 to 1024
[  104.211685][ T6107] EXT4-fs: Ignoring removed nobh option
[  104.231297][ T6107] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  104.306156][ T6107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.342577][ T6001] team0: Port device team_slave_0 added
[  104.392484][ T6001] team0: Port device team_slave_1 added
[  104.637482][ T6001] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.669046][ T6001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.680064][ T5791] Bluetooth: hci0: command tx timeout
[  104.734724][ T6001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.768546][ T6001] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.795696][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.809945][ T6001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.885883][ T6001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.193214][ T6001] hsr_slave_0: entered promiscuous mode
[  105.225911][ T6001] hsr_slave_1: entered promiscuous mode
[  105.434239][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.581106][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.731166][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.761170][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  105.773004][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  105.795042][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  105.804882][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  105.820545][ T5796] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  105.828125][ T5796] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  105.909591][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.105669][ T6125] loop3: detected capacity change from 0 to 40427
[  106.187491][ T6125] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  106.199278][ T6125] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  106.224063][ T6125] F2FS-fs (loop3): invalid crc value
[  106.228471][ T6001] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  106.266146][ T6001] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  106.283376][ T6125] F2FS-fs (loop3): Found nat_bits in checkpoint
[  106.467627][ T6001] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  106.496543][ T6125] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  106.504556][ T6125] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  106.529799][ T6001] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  106.570600][ T5787] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  106.761646][ T5791] Bluetooth: hci0: command tx timeout
[  107.184535][ T6129] chnl_net:caif_netlink_parms(): no params data found
[  107.831225][ T6129] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.838510][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.850558][ T6129] bridge_slave_0: entered allmulticast mode
[  107.868310][ T6129] bridge_slave_0: entered promiscuous mode
[  107.888554][ T5791] Bluetooth: hci1: command tx timeout
[  107.916106][ T6177] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'.
[  108.058708][ T6001] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.085238][ T6129] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.103604][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.130400][ T6129] bridge_slave_1: entered allmulticast mode
[  108.148173][ T6129] bridge_slave_1: entered promiscuous mode
[  108.423031][ T6129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.481241][ T6184] loop3: detected capacity change from 0 to 40427
[  108.486343][ T6129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.497741][ T6184] F2FS-fs (loop3): invalid crc value
[  108.523010][ T6184] F2FS-fs (loop3): Found nat_bits in checkpoint
[  108.575544][ T6184] F2FS-fs (loop3): Start checkpoint disabled!
[  108.590289][ T6184] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  108.663221][ T6184] syz.3.66: attempt to access beyond end of device
[  108.663221][ T6184] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  108.822046][ T6129] team0: Port device team_slave_0 added
[  108.858683][ T6129] team0: Port device team_slave_1 added
[  108.905360][ T6001] 8021q: adding VLAN 0 to HW filter on device team0
[  108.926646][ T2932] kworker/u4:8: attempt to access beyond end of device
[  108.926646][ T2932] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  108.945825][ T2932] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  108.963592][ T2932] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  109.017318][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.024544][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.186705][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.193955][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.235652][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.262242][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.303533][ T6129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.318208][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.328439][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.355534][ T6129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.442634][   T59] hsr_slave_0: left promiscuous mode
[  109.493393][   T59] hsr_slave_1: left promiscuous mode
[  109.506010][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.513742][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.523480][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  109.531403][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  109.539465][   T59] bridge_slave_1: left allmulticast mode
[  109.545602][   T59] bridge_slave_1: left promiscuous mode
[  109.551527][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.563020][   T59] bridge_slave_0: left allmulticast mode
[  109.569819][   T59] bridge_slave_0: left promiscuous mode
[  109.576868][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.621201][   T59] veth1_macvtap: left promiscuous mode
[  109.633915][   T59] veth0_macvtap: left promiscuous mode
[  109.639748][   T59] veth1_vlan: left promiscuous mode
[  109.647242][   T59] veth0_vlan: left promiscuous mode
[  109.970255][ T5791] Bluetooth: hci1: command tx timeout
[  110.846109][ T6213] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  111.001929][ T6217] syz.1.77 uses obsolete (PF_INET,SOCK_PACKET)
[  111.267011][   T59] team0 (unregistering): Port device team_slave_1 removed
[  111.316072][   T59] team0 (unregistering): Port device team_slave_0 removed
[  111.362848][    T9] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  111.375201][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.421864][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.582259][    T9] usb 4-1: config 0 has no interfaces?
[  111.595004][    T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  111.604632][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.641676][    T9] usb 4-1: config 0 descriptor??
[  111.963911][   T59] bond0 (unregistering): Released all slaves
[  112.040384][ T5791] Bluetooth: hci1: command tx timeout
[  112.092111][ T6129] hsr_slave_0: entered promiscuous mode
[  112.098706][ T6129] hsr_slave_1: entered promiscuous mode
[  112.105743][ T6129] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  112.115333][ T6129] Cannot create hsr debugfs directory
[  112.812865][ T6129] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  112.854471][ T6129] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  112.872275][ T6129] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  112.897217][ T6129] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  113.208230][ T6001] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.245889][ T6129] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.307257][ T6129] 8021q: adding VLAN 0 to HW filter on device team0
[  113.332014][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.339334][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.377894][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.385311][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.003669][ T6001] veth0_vlan: entered promiscuous mode
[  114.076946][ T6001] veth1_vlan: entered promiscuous mode
[  114.090830][   T54] usb 4-1: USB disconnect, device number 2
[  114.120478][ T5791] Bluetooth: hci1: command tx timeout
[  114.138119][ T6129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.186393][ T6280] loop3: detected capacity change from 0 to 512
[  114.252423][ T6280] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.84: casefold flag without casefold feature
[  114.289195][ T6001] veth0_macvtap: entered promiscuous mode
[  114.302549][ T6001] veth1_macvtap: entered promiscuous mode
[  114.320114][ T6280] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.84: couldn't read orphan inode 15 (err -117)
[  114.339223][ T6280] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.397831][ T6001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.446638][ T6001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.489901][ T6001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.521831][ T6001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.522142][ T6280] syz.3.84 (pid 6280) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  114.554609][ T6001] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.631630][ T6001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.663690][ T6001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.702210][ T6001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.734027][ T6001] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.770844][ T6001] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.822728][ T6001] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.846551][ T6001] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.855718][ T6001] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.865157][ T6001] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.877159][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.230775][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.245306][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.364557][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.420209][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.468856][ T6129] veth0_vlan: entered promiscuous mode
[  115.579109][ T6129] veth1_vlan: entered promiscuous mode
[  115.730936][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.739702][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.748383][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.757984][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  116.270441][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  116.378891][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  116.686366][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  116.831859][ T6129] veth0_macvtap: entered promiscuous mode
[  116.856491][ T6129] veth1_macvtap: entered promiscuous mode
[  116.910269][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  116.920287][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  116.950305][ T6129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.009067][ T6129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.020912][ T6129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.031590][ T6129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.043028][ T6129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.053899][ T6129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.066435][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.085105][ T6129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  117.116884][ T6129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.133046][ T6129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  117.153967][ T6129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.209949][ T6129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  117.230292][ T6129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.255722][ T6329] loop3: detected capacity change from 0 to 4096
[  117.262442][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.304543][ T6129] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.315257][ T6329] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  117.338799][ T6129] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.368479][ T6329] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.391186][ T6129] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.420166][ T6129] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.558010][ T6338] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.90: Invalid block bitmap block 1185837914 in block_group 0
[  117.643805][ T6340] loop1: detected capacity change from 0 to 512
[  117.667215][ T6338] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.90: Invalid block bitmap block 1185837914 in block_group 0
[  117.684736][ T6340] EXT4-fs: Ignoring removed i_version option
[  117.715220][ T6340] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  117.731728][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.750556][ T6338] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.90: Invalid block bitmap block 1185837914 in block_group 0
[  117.765747][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.815222][ T6338] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.90: Invalid block bitmap block 1185837914 in block_group 0
[  117.848411][ T6340] EXT4-fs (loop1): 1 truncate cleaned up
[  117.861504][ T6340] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.896605][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.926678][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.108967][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.198714][ T6322] loop4: detected capacity change from 0 to 32768
[  118.222822][ T6322] XFS: noikeep mount option is deprecated.
[  118.347174][ T6322] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  118.464219][ T6359] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  118.590359][ T6322] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  118.696868][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.726208][ T6322] XFS (loop4): Starting recovery (logdev: internal)
[  118.748549][ T6362] loop5: detected capacity change from 0 to 512
[  118.777323][ T6362] EXT4-fs: Ignoring removed i_version option
[  118.816627][ T6322] XFS (loop4): Ending recovery (logdev: internal)
[  118.837777][ T6362] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  118.982301][ T6362] EXT4-fs (loop5): 1 truncate cleaned up
[  118.989340][ T6362] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.293705][ T6362] EXT4-fs error (device loop5): __ext4_get_inode_loc:4483: comm syz.5.95: Invalid inode table block 2692665787 in block_group 0
[  119.323807][ T6375] loop3: detected capacity change from 0 to 764
[  119.337036][ T6362] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  119.369239][ T6375] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  119.379784][ T6362] EXT4-fs error (device loop5): __ext4_unlink:3328: inode #2: comm syz.5.95: mark_inode_dirty error
[  119.507270][ T6001] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  119.570021][ T6283] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:478: comm ext4lazyinit: Invalid block bitmap block 3052271099 in block_group 0
[  119.656392][ T6283] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:478: comm ext4lazyinit: Invalid block bitmap block 3052271099 in block_group 0
[  119.742436][ T6129] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.462286][ T5834] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  120.693912][ T5834] usb 4-1: Using ep0 maxpacket: 32
[  120.717995][ T5834] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  120.771945][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  120.790117][ T5834] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  120.888605][ T5834] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  120.938780][ T5834] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  120.981265][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.014895][ T5834] usb 4-1: Product: syz
[  121.026624][ T5834] usb 4-1: Manufacturer: syz
[  121.062443][ T5834] usb 4-1: SerialNumber: syz
[  121.350660][ T5834] usb 4-1: 0:2 : does not exist
[  121.484445][ T5834] usb 4-1: USB disconnect, device number 3
[  121.637592][ T5803] udevd[5803]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  121.695350][ T5880] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  121.950001][ T5880] usb 6-1: Using ep0 maxpacket: 16
[  121.976431][ T5880] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  121.990182][ T5880] usb 6-1: config 0 has no interface number 0
[  122.051686][ T5880] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  122.078111][ T5880] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.139928][ T5880] usb 6-1: Product: syz
[  122.144175][ T5880] usb 6-1: Manufacturer: syz
[  122.188236][ T5880] usb 6-1: SerialNumber: syz
[  122.237122][ T5880] usb 6-1: config 0 descriptor??
[  122.301630][ T5880] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  123.592019][ T6450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.112'.
[  123.675032][ T6447] loop1: detected capacity change from 0 to 4096
[  123.711438][ T6447] EXT4-fs: Ignoring removed nobh option
[  123.985688][ T6447] EXT4-fs (loop1): Test dummy encryption mode enabled
[  124.012809][ T6447] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.171274][ T5880] gspca_spca1528: reg_r err -71
[  124.206351][ T5880] spca1528: probe of 6-1:0.1 failed with error -71
[  124.234889][ T5880] usb 6-1: USB disconnect, device number 2
[  124.703056][ T6472] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  125.501820][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.716919][   T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.907608][ T6488] loop5: detected capacity change from 0 to 128
[  125.964587][ T6488] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  125.995292][ T6488] ext4 filesystem being mounted at /5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  126.063057][   T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.226482][   T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.424224][ T6129] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  126.466201][   T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.750421][ T6502] warning: `syz.4.125' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  127.552426][ T6517] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns
[  127.728432][ T5796] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  127.739659][ T5796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  127.751696][ T5796] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  127.765232][ T5796] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  127.813691][ T5796] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  127.824036][ T5796] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  128.180282][ T5879] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  128.319982][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  128.360296][ T5879] usb 4-1: Using ep0 maxpacket: 16
[  128.379468][ T5879] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  128.388616][ T6523] chnl_net:caif_netlink_parms(): no params data found
[  128.395578][ T5879] usb 4-1: config 0 has no interface number 0
[  128.404552][ T5879] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  128.416493][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.425639][ T5879] usb 4-1: Product: syz
[  128.429946][ T5879] usb 4-1: Manufacturer: syz
[  128.434587][ T5879] usb 4-1: SerialNumber: syz
[  128.451428][ T5879] usb 4-1: config 0 descriptor??
[  128.463149][ T5879] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  128.535775][    T9] usb 6-1: Using ep0 maxpacket: 32
[  128.539176][ T6538] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  128.561782][    T9] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  128.577111][    T9] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  128.600780][    T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  128.610140][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  128.620005][    T9] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  128.631769][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  128.645002][    T9] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  128.654428][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.676371][    T9] usb 6-1: config 0 descriptor??
[  128.952054][    T9] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  129.022074][ T6523] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.034370][    T9] usb 6-1: USB disconnect, device number 3
[  129.046716][ T6523] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.057819][    T9] usblp0: removed
[  129.069511][ T6523] bridge_slave_0: entered allmulticast mode
[  129.086165][ T6523] bridge_slave_0: entered promiscuous mode
[  129.198926][ T6523] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.209574][ T6523] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.217908][ T6523] bridge_slave_1: entered allmulticast mode
[  129.240928][ T6523] bridge_slave_1: entered promiscuous mode
[  129.293951][   T11] hsr_slave_0: left promiscuous mode
[  129.309643][   T11] hsr_slave_1: left promiscuous mode
[  129.323543][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.340211][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.358831][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.380326][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.400944][   T11] bridge_slave_1: left allmulticast mode
[  129.406728][   T11] bridge_slave_1: left promiscuous mode
[  129.440860][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.463032][   T11] bridge_slave_0: left allmulticast mode
[  129.468815][   T11] bridge_slave_0: left promiscuous mode
[  129.492477][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.574317][   T11] veth1_macvtap: left promiscuous mode
[  129.584488][   T11] veth0_macvtap: left promiscuous mode
[  129.592654][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  129.601695][   T11] veth1_vlan: left promiscuous mode
[  129.607118][   T11] veth0_vlan: left promiscuous mode
[  129.780126][    T9] usb 6-1: Using ep0 maxpacket: 32
[  129.794244][    T9] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  129.809744][    T9] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  129.827929][    T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  129.838105][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  129.850556][    T9] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  129.869306][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  129.893317][    T9] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  129.903996][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.908732][ T5791] Bluetooth: hci3: command tx timeout
[  129.931052][    T9] usb 6-1: config 0 descriptor??
[  130.168897][ T6530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.194111][    T9] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  130.194758][ T6530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.318935][ T5879] gspca_spca1528: reg_r err -71
[  130.337732][ T5879] spca1528: probe of 4-1:0.1 failed with error -71
[  130.348458][ T5879] usb 4-1: USB disconnect, device number 4
[  130.384366][    C1] usblp0: nonzero read bulk status received: -71
[  130.385320][ T5848] usb 6-1: USB disconnect, device number 4
[  130.394633][ T6530] usblp0: error -71 reading from printer
[  130.429269][ T5848] usblp0: removed
[  130.544123][   T11] team0 (unregistering): Port device team_slave_1 removed
[  130.592473][   T11] team0 (unregistering): Port device team_slave_0 removed
[  130.642653][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  130.693185][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.174904][ T6572] loop5: detected capacity change from 0 to 512
[  131.475909][ T6578] loop4: detected capacity change from 0 to 512
[  131.501845][ T6578] EXT4-fs: Ignoring removed i_version option
[  131.532093][ T6578] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  131.573493][ T6578] EXT4-fs (loop4): 1 truncate cleaned up
[  131.622928][ T6578] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.969925][ T5791] Bluetooth: hci3: command tx timeout
[  132.008313][   T11] bond0 (unregistering): Released all slaves
[  132.156771][ T6001] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.298876][ T6523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.366413][ T6523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.532968][ T6523] team0: Port device team_slave_0 added
[  132.567247][ T6523] team0: Port device team_slave_1 added
[  132.607225][ T6587] validate_nla: 44 callbacks suppressed
[  132.607245][ T6587] netlink: 'syz.3.139': attribute type 12 has an invalid length.
[  132.736632][ T6523] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.750464][ T6523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.798153][ T6523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.878814][ T6523] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.909035][ T6523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.941629][ T6523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  133.174195][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  133.181893][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  133.738705][ T6523] hsr_slave_0: entered promiscuous mode
[  133.810380][ T6523] hsr_slave_1: entered promiscuous mode
[  133.850446][ T6523] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  133.875652][ T6523] Cannot create hsr debugfs directory
[  134.050576][ T5791] Bluetooth: hci3: command tx timeout
[  134.465616][ T6523] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  134.489994][ T6523] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  134.515344][ T6523] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  134.548902][ T6523] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  134.580009][  T786] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  134.784226][  T786] usb 5-1: Using ep0 maxpacket: 16
[  134.825934][  T786] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  134.841449][  T786] usb 5-1: config 0 has no interface number 0
[  134.873503][  T786] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  134.893347][ T6523] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.905510][  T786] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.926125][  T786] usb 5-1: Product: syz
[  134.941807][  T786] usb 5-1: Manufacturer: syz
[  134.953979][  T786] usb 5-1: SerialNumber: syz
[  134.963328][ T6523] 8021q: adding VLAN 0 to HW filter on device team0
[  134.985133][  T786] usb 5-1: config 0 descriptor??
[  135.008238][  T786] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  135.030594][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.037825][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.073395][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.080668][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.315177][ T6523] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  135.866465][ T6629] loop5: detected capacity change from 0 to 32768
[  135.878623][ T6629] XFS: noikeep mount option is deprecated.
[  135.978383][ T6629] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  136.090379][ T5880] kernel write not supported for file /stat (pid: 5880 comm: kworker/1:6)
[  136.120545][ T5791] Bluetooth: hci3: command tx timeout
[  136.370987][ T6629] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  136.446316][ T6629] XFS (loop5): Starting recovery (logdev: internal)
[  136.476713][ T6523] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.542236][ T6629] XFS (loop5): Ending recovery (logdev: internal)
[  136.901313][  T786] gspca_spca1528: reg_r err -71
[  136.907294][  T786] spca1528: probe of 5-1:0.1 failed with error -71
[  136.935133][  T786] usb 5-1: USB disconnect, device number 2
[  136.993836][ T6129] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  137.150341][ T6667] mmap: syz.3.149 (6667) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  137.396294][ T6523] veth0_vlan: entered promiscuous mode
[  137.453340][ T6523] veth1_vlan: entered promiscuous mode
[  137.558394][ T6523] veth0_macvtap: entered promiscuous mode
[  137.616152][ T6523] veth1_macvtap: entered promiscuous mode
[  137.664815][ T6675] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  137.724008][ T6675] syzkaller0: entered promiscuous mode
[  137.729697][ T6675] syzkaller0: entered allmulticast mode
[  137.746189][ T6523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.768738][ T6523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.809411][ T6523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.831172][ T6523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.850099][ T6523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.866004][ T6523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.910922][ T6523] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.822562][ T6713] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  139.933926][ T6710] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  139.944379][ T6710] kvm: requested 13409 ns i8254 timer period limited to 200000 ns
[  139.955310][ T6710] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  139.966988][ T6710] kvm: requested 41904 ns i8254 timer period limited to 200000 ns
[  139.981496][ T6710] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  140.011213][ T6710] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  140.030252][ T6710] kvm: requested 170133 ns i8254 timer period limited to 200000 ns
[  140.039067][ T6710] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  140.056145][ T6710] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[  141.655217][ T6726] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  141.999725][ T6733] loop3: detected capacity change from 0 to 2048
[  142.069058][ T6733]  loop3: p1 < > p4
[  142.094613][ T6733] loop3: p4 size 8388608 extends beyond EOD, truncated
[  142.823581][ T6737] loop4: detected capacity change from 0 to 32768
[  142.974743][ T6737] JBD2: Ignoring recovery information on journal
[  143.126467][ T6737] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  143.489141][ T6523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.502120][ T6523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.513932][ T6523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.518303][ T6737] (syz.4.166,6737,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[  143.525726][ T6523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.544712][ T6523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.555670][ T6523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.568185][ T6523] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.658248][ T6523] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.677809][ T6523] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.687070][ T6001] ocfs2: Unmounting device (7,4) on (node local)
[  143.700047][ T6523] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.709465][ T6523] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.006457][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.042267][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.142168][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.173041][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.339664][   T28] audit: type=1326 audit(1755247210.593:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  144.599240][   T28] audit: type=1326 audit(1755247210.623:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  144.975639][   T28] audit: type=1326 audit(1755247210.623:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  145.227114][   T28] audit: type=1326 audit(1755247210.623:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  145.363155][   T28] audit: type=1326 audit(1755247210.643:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  145.652958][   T28] audit: type=1326 audit(1755247210.643:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  145.944238][   T28] audit: type=1326 audit(1755247210.643:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  145.987024][ T6768] loop4: detected capacity change from 0 to 32768
[  146.207806][   T28] audit: type=1326 audit(1755247210.653:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  146.436886][   T28] audit: type=1326 audit(1755247210.653:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  146.701812][   T28] audit: type=1326 audit(1755247210.653:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6764 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  146.803844][ T6766] read_mapping_page failed!
[  146.941260][ T6766] diRead: read_metapage failed
[  146.949618][ T6766] jfs_lookup: iget failed on inum 32
[  147.252167][ T6768] read_mapping_page failed!
[  147.280051][ T5834] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  147.290555][ T6768] ERROR: (device loop4): txCommit: 
[  147.290555][ T6768] 
[  147.520597][ T5834] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  147.551314][ T5834] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  147.575240][ T5834] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  147.616530][ T5834] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  147.655453][ T5834] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  147.690100][ T5834] usb 7-1: Product: syz
[  147.708238][ T5834] usb 7-1: Manufacturer: syz
[  148.018076][ T6800] process 'syz.3.177' launched './file0/file0' with NULL argv: empty string added
[  148.625869][ T6808] binder_alloc: 6807: pid 6807 spamming oneway? 1 buffers allocated for a total size of 4096
[  148.950693][ T6812] bridge_slave_0: left allmulticast mode
[  148.956411][ T6812] bridge_slave_0: left promiscuous mode
[  149.038792][ T6812] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.216936][ T6812] bridge_slave_1: left allmulticast mode
[  149.277053][ T6812] bridge_slave_1: left promiscuous mode
[  149.330171][ T6812] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.613983][ T6812] bond0: (slave bond_slave_0): Releasing backup interface
[  149.685703][ T6827] loop3: detected capacity change from 0 to 2048
[  149.798245][ T6812] bond0: (slave bond_slave_1): Releasing backup interface
[  149.897022][ T6827] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  150.036708][ T6812] team0: Port device team_slave_0 removed
[  150.074442][ T6833] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  150.167782][ T6833] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 270 with error 28
[  150.213608][ T6812] team0: Port device team_slave_1 removed
[  150.250636][ T6812] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.258126][ T6812] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.276801][ T6833] EXT4-fs (loop3): This should not happen!! Data will be lost
[  150.276801][ T6833] 
[  150.349667][ T6812] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.375816][ T6833] EXT4-fs (loop3): Total free blocks count 0
[  150.386789][ T6812] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.409088][ T6833] EXT4-fs (loop3): Free/Dirty block details
[  150.433967][ T6833] EXT4-fs (loop3): free_blocks=2415919104
[  150.521665][ T6833] EXT4-fs (loop3): dirty_blocks=272
[  150.526973][ T6833] EXT4-fs (loop3): Block reservation details
[  150.585443][ T6833] EXT4-fs (loop3): i_reserved_data_blocks=17
[  150.850820][    T8] usb 7-1: USB disconnect, device number 2
[  151.064909][   T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  152.130098][ T5880] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  152.140675][ T6859] loop3: detected capacity change from 0 to 512
[  152.171295][ T6859] EXT4-fs: Ignoring removed oldalloc option
[  152.235014][ T6859] EXT4-fs (loop3): 1 truncate cleaned up
[  152.284466][ T6859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.389423][ T5880] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  152.431413][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  152.464547][ T5880] usb 6-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  152.503985][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.544906][ T5880] usb 6-1: config 0 descriptor??
[  152.551443][ T6859] EXT4-fs (loop3): pa ffff888078671000: logic 2048, phys. 37, len 216
[  152.560493][ T6859] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5377: group 0, free 216, pa_free 215
[  152.598850][ T6859] EXT4-fs (loop3): Remounting filesystem read-only
[  152.666391][ T6858] EXT4-fs (loop3): pa ffff8880787fa2b8: logic 131587, phys. 39, len 214
[  152.722912][ T6874] kvm: emulating exchange as write
[  152.776828][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.940517][ T6873] kvm: pic: single mode not supported
[  152.992503][ T6879] syz.3.191[6879] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  153.018106][ T6879] syz.3.191[6879] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  153.032975][ T5880] logitech 0003:046D:C29C.0002: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.5-1/input0
[  153.081267][ T6879] netlink: 96 bytes leftover after parsing attributes in process `syz.3.191'.
[  153.403712][ T6853] binder: 6852:6853 ioctl 4018620d 0 returned -22
[  153.431388][ T5880] logitech 0003:046D:C29C.0002: no inputs found
[  153.606846][ T5880] usb 6-1: USB disconnect, device number 5
[  156.681938][   T28] kauditd_printk_skb: 22 callbacks suppressed
[  156.681985][   T28] audit: type=1326 audit(1755247222.943:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  156.909032][   T28] audit: type=1326 audit(1755247222.973:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  157.147685][   T28] audit: type=1326 audit(1755247222.973:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  157.425182][   T28] audit: type=1326 audit(1755247222.983:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  157.660753][   T28] audit: type=1326 audit(1755247222.993:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  157.913396][   T28] audit: type=1326 audit(1755247222.993:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  158.099068][   T28] audit: type=1326 audit(1755247222.993:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  158.289067][ T6940] loop4: detected capacity change from 0 to 32768
[  158.299552][   T28] audit: type=1326 audit(1755247222.993:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  158.499373][   T28] audit: type=1326 audit(1755247222.993:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  158.720305][   T28] audit: type=1326 audit(1755247222.993:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6935 comm="syz.4.203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f1cc4b8ebe9 code=0x7ffc0000
[  159.067520][ T6939] read_mapping_page failed!
[  159.256239][ T6939] diRead: read_metapage failed
[  159.299166][ T6939] jfs_lookup: iget failed on inum 32
[  159.510657][ T6940] read_mapping_page failed!
[  159.515252][ T6940] ERROR: (device loop4): txCommit: 
[  159.515252][ T6940] 
[  162.666960][ T6975] syzkaller0: entered promiscuous mode
[  162.674460][ T6975] syzkaller0: entered allmulticast mode
[  162.681751][ T5174] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  162.872745][ T5174] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  162.899988][ T5174] usb 7-1: config 0 interface 0 has no altsetting 0
[  162.907071][ T5174] usb 7-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  162.920838][ T5174] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.941905][ T5174] usb 7-1: config 0 descriptor??
[  164.011499][ T5174] logitech 0003:046D:C29C.0003: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.6-1/input0
[  164.406200][ T6969] binder: 6968:6969 ioctl 4018620d 0 returned -22
[  164.438185][ T5174] logitech 0003:046D:C29C.0003: no inputs found
[  164.533569][ T5174] usb 7-1: USB disconnect, device number 3
[  164.679147][ T6994] fido_id[6994]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  169.921844][ T7037] sch_tbf: burst 4395 is lower than device lo mtu (65550) !
[  170.993171][ T7050] loop4: detected capacity change from 0 to 8192
[  171.087744][ T7061] binder: 7060:7061 unknown command 0
[  171.094297][ T7061] binder: 7060:7061 ioctl c0306201 200000000080 returned -22
[  174.151934][ T7109] loop4: detected capacity change from 0 to 1024
[  174.219941][ T5880] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  174.433053][ T5880] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  174.463556][ T5880] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  174.491826][ T5880] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[  174.522089][ T5880] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  174.533806][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  174.552997][ T5880] usb 4-1: Product: syz
[  174.569726][ T5880] usb 4-1: Manufacturer: syz
[  175.692011][ T6001] hfsplus: node 4:3 still has 1 user(s)!
[  176.101882][ T7136] wg2: entered promiscuous mode
[  176.107826][ T7136] wg2: entered allmulticast mode
[  177.787455][   T28] kauditd_printk_skb: 23 callbacks suppressed
[  177.787470][   T28] audit: type=1326 audit(1755247244.043:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7155 comm="syz.6.252" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe079f8ebe9 code=0x0
[  178.441776][ T7165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  178.894530][  T786] usb 4-1: USB disconnect, device number 5
[  178.970181][ T7173] binder_alloc: 7172: pid 7172 spamming oneway? 2 buffers allocated for a total size of 5120
[  179.001666][ T7173] binder_alloc: 7172: pid 7172 spamming oneway? 3 buffers allocated for a total size of 5128
[  179.628447][ T7180] loop3: detected capacity change from 0 to 32768
[  180.219835][    C0] sched: RT throttling activated
[  184.200290][   T54] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  184.413597][   T54] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  184.548749][   T54] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  184.580032][   T54] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  184.601305][   T54] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  184.616392][   T54] usb 4-1: SerialNumber: syz
[  184.914488][   T54] usb 4-1: 0:2 : does not exist
[  184.946472][   T54] usb 4-1: unit 255 not found!
[  184.994579][   T54] usb 4-1: USB disconnect, device number 6
[  187.283669][ T7281] loop3: detected capacity change from 0 to 256
[  189.306188][ T7293] netlink: 'syz.5.278': attribute type 10 has an invalid length.
[  189.350897][ T7293] macvlan0: entered promiscuous mode
[  189.413150][ T7293] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  189.855396][ T7288] loop6: detected capacity change from 0 to 32768
[  189.929564][ T7288] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 scanned by syz.6.277 (7288)
[  190.064924][ T7288] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  190.086757][ T7300] loop3: detected capacity change from 0 to 256
[  190.102613][ T7288] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  190.134055][ T7288] BTRFS info (device loop6): using free space tree
[  190.180447][ T5804] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  190.587059][ T7293] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  190.908838][ T7293] bond0 (unregistering): Released all slaves
[  190.936839][ T7288] BTRFS info (device loop6): enabling ssd optimizations
[  190.948251][ T7288] BTRFS info (device loop6): auto enabling async discard
[  191.447440][   T28] audit: type=1800 audit(1755247257.703:69): pid=7327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.277" name="file1" dev="loop6" ino=263 res=0 errno=0
[  191.512060][   T28] audit: type=1800 audit(1755247257.773:70): pid=7288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.277" name="bus" dev="loop6" ino=264 res=0 errno=0
[  191.604148][   T28] audit: type=1804 audit(1755247257.863:71): pid=7325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.277" name="/newroot/25/file0/file1" dev="loop6" ino=263 res=1 errno=0
[  191.641636][   T27] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  191.863131][   T27] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.899959][   T27] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  191.942315][   T27] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  191.970091][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  191.987398][   T27] usb 5-1: SerialNumber: syz
[  192.271598][   T27] usb 5-1: 0:2 : does not exist
[  192.342643][   T27] usb 5-1: USB disconnect, device number 3
[  192.385805][ T6523] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  192.592930][ T5803] udevd[5803]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  192.764285][ T7345] tipc: Started in network mode
[  192.824281][ T7345] tipc: Node identity 5aff002781b, cluster identity 4711
[  192.831907][ T7345] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  192.868339][ T7345] syzkaller0: entered promiscuous mode
[  192.913861][ T7345] syzkaller0: entered allmulticast mode
[  192.994950][ T7345] tipc: Resetting bearer <eth:syzkaller0>
[  193.042002][ T7344] tipc: Resetting bearer <eth:syzkaller0>
[  193.172255][ T7344] tipc: Disabling bearer <eth:syzkaller0>
[  193.531802][ T7356] loop4: detected capacity change from 0 to 2048
[  194.632259][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  194.638647][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  195.969328][ T7383] loop3: detected capacity change from 0 to 128
[  196.289051][ T7390] loop6: detected capacity change from 0 to 764
[  196.321579][ T7383] syz.3.295: attempt to access beyond end of device
[  196.321579][ T7383] loop3: rw=2049, sector=145, nr_sectors = 224 limit=128
[  196.350301][ T7390] rock: directory entry would overflow storage
[  196.358732][ T7390] rock: sig=0x4654, size=5, remaining=4
[  197.276954][ T7397] loop4: detected capacity change from 0 to 512
[  197.300657][ T7397] EXT4-fs: Ignoring removed orlov option
[  197.330897][ T7401] loop5: detected capacity change from 0 to 1024
[  197.360091][ T7397] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  197.416768][ T7401] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.562470][ T7397] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  197.694529][ T7397] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2244: inode #15: comm syz.4.298: corrupted in-inode xattr: e_value size too large
[  197.723966][ T7397] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.298: couldn't read orphan inode 15 (err -117)
[  197.752019][ T7397] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.051499][ T6129] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.282386][ T6001] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.432947][ T7423] loop3: detected capacity change from 0 to 128
[  199.508962][ T7423] EXT4-fs (loop3): Test dummy encryption mode enabled
[  199.631635][ T7423] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  199.692494][ T7423] ext4 filesystem being mounted at /95/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  199.779927][ T7430] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  199.806250][ T7430] CIFS mount error: No usable UNC path provided in device string!
[  199.806250][ T7430] 
[  199.816745][ T7430] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  202.724851][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  206.847721][ T7525] loop6: detected capacity change from 0 to 2048
[  207.043229][ T7525]  loop6: p1 < > p3
[  207.103666][ T7525] loop6: p3 size 134217728 extends beyond EOD, truncated
[  209.836330][ T7601] kvm: pic: non byte write
[  209.876735][ T7601] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  212.022328][ T7628] loop6: detected capacity change from 0 to 128
[  212.043224][ T5796] Bluetooth: hci2: command 0x0406 tx timeout
[  212.359100][ T7628] syz.6.331: attempt to access beyond end of device
[  212.359100][ T7628] loop6: rw=2049, sector=145, nr_sectors = 384 limit=128
[  212.481340][ T7628] syz.6.331: attempt to access beyond end of device
[  212.481340][ T7628] loop6: rw=524288, sector=145, nr_sectors = 224 limit=128
[  212.514853][ T7628] syz.6.331: attempt to access beyond end of device
[  212.514853][ T7628] loop6: rw=0, sector=145, nr_sectors = 8 limit=128
[  389.169922][    C0] ------------[ cut here ]------------
[  389.176854][    C0] WARNING: CPU: 0 PID: 7639 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460
[  389.187384][    C0] Modules linked in:
[  389.191294][    C0] CPU: 0 PID: 7639 Comm: syz.5.332 Not tainted 6.6.101-syzkaller #0
[  389.199267][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  389.209325][    C0] RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460
[  389.215673][    C0] Code: ff ff ff 48 c7 c7 a0 c4 ee 96 be 04 00 00 00 e8 2a a8 6c 00 48 89 df b8 01 00 00 00 87 05 4c 8f 7e 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 00 54 d3 8c 74 47 48 c7 c0 9c b9 4a 8e 48 c1 e8 03
[  389.235301][    C0] RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
[  389.241370][    C0] RAX: 0000000000000000 RBX: ffffffff8cd35400 RCX: ffffffff81703546
[  389.249343][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35400
[  389.257313][    C0] RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
[  389.265281][    C0] R10: dffffc0000000000 R11: fffffbfff2ddd894 R12: 0000000000002904
[  389.273255][    C0] R13: 1ffff110171c7a6a R14: 0000000000000a02 R15: dffffc0000000000
[  389.281228][    C0] FS:  00007f86023ac6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  389.290158][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  389.296743][    C0] CR2: 0000000000000000 CR3: 000000002339d000 CR4: 00000000003506f0
[  389.304717][    C0] Call Trace:
[  389.308018][    C0]  <IRQ>
[  389.310876][    C0]  rcu_core+0x612/0x1720
[  389.315143][    C0]  ? lock_chain_count+0x20/0x20
[  389.320018][    C0]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  389.325418][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  389.330632][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  389.335851][    C0]  ? rcu_cpu_kthread_park+0x90/0x90
[  389.341054][    C0]  ? __run_timers+0x781/0x7d0
[  389.345771][    C0]  ? __run_timers+0x74e/0x7d0
[  389.350469][    C0]  ? detach_timer+0x2b0/0x2b0
[  389.355248][    C0]  ? detach_timer+0x2b0/0x2b0
[  389.359960][    C0]  ? lock_chain_count+0x20/0x20
[  389.364848][    C0]  handle_softirqs+0x280/0x820
[  389.369631][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  389.374406][    C0]  ? do_softirq+0x180/0x180
[  389.378919][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  389.384132][    C0]  __irq_exit_rcu+0xc7/0x190
[  389.388732][    C0]  ? irq_exit_rcu+0x20/0x20
[  389.393253][    C0]  irq_exit_rcu+0x9/0x20
[  389.397507][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  389.403149][    C0]  </IRQ>
[  389.406080][    C0]  <TASK>
[  389.409019][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  389.415026][    C0] RIP: 0010:raw_spin_rq_unlock_irq+0x13/0x90
[  389.421016][    C0] Code: 0f 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 02 52 0f 09 66 90 41 57 41 56 53 eb 11 e8 54 fa 18 09 e8 0f 33 2e 00 fb 5b <41> 5e 41 5f c3 f3 0f 1e fa 49 be 00 00 00 00 00 fc ff df 49 89 ff
[  389.440623][    C0] RSP: 0018:ffffc900037e78e8 EFLAGS: 00000282
[  389.446710][    C0] RAX: ea4e529520ecb100 RBX: ffff8880b8e3d188 RCX: ea4e529520ecb100
[  389.454689][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaaba40 RDI: ffffffff8afc6780
[  389.462835][    C0] RBP: ffffc900037e7ae8 R08: ffffffff8e4a84ef R09: 1ffffffff1c9509d
[  389.470804][    C0] R10: dffffc0000000000 R11: fffffbfff1c9509e R12: dffffc0000000000
[  389.478778][    C0] R13: ffff8880b8e3c440 R14: dffffc0000000000 R15: ffff8880b8e3d188
[  389.486768][    C0]  __schedule+0x171e/0x44d0
[  389.491294][    C0]  ? asan.module_dtor+0x20/0x20
[  389.496153][    C0]  ? futex_wait_queue+0x9d/0x1b0
[  389.501133][    C0]  ? plist_add+0x3d8/0x490
[  389.505561][    C0]  schedule+0xbd/0x170
[  389.509636][    C0]  ? futex_wait_queue+0x27/0x1b0
[  389.514575][    C0]  futex_wait_queue+0x138/0x1b0
[  389.519428][    C0]  futex_wait+0x19f/0x530
[  389.523763][    C0]  ? futex_wait_setup+0x260/0x260
[  389.528808][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  389.533849][    C0]  ? __ia32_sys_rt_sigreturn+0x6a3/0x7b0
[  389.539525][    C0]  do_futex+0x2ff/0x3e0
[  389.543680][    C0]  ? x64_setup_rt_frame+0xcd0/0xcd0
[  389.548887][    C0]  ? __ia32_sys_get_robust_list+0x90/0x90
[  389.554650][    C0]  __se_sys_futex+0x36f/0x3f0
[  389.559370][    C0]  ? __x64_sys_futex+0xf0/0xf0
[  389.564142][    C0]  ? __x64_sys_futex+0x21/0xf0
[  389.568935][    C0]  do_syscall_64+0x55/0xb0
[  389.573353][    C0]  ? clear_bhb_loop+0x40/0x90
[  389.578028][    C0]  ? clear_bhb_loop+0x40/0x90
[  389.582708][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  389.588608][    C0] RIP: 0033:0x7f860158ebe9
[  389.593059][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.612690][    C0] RSP: 002b:00007f86023ac0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  389.621190][    C0] RAX: ffffffffffffffda RBX: 00007f86017b5fa8 RCX: 00007f860158ebe9
[  389.629183][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f86017b5fa8
[  389.637159][    C0] RBP: 00007f86017b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  389.645132][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  389.653106][    C0] R13: 00007f86017b6038 R14: 00007fffb0060230 R15: 00007fffb0060318
[  389.661096][    C0]  </TASK>
[  389.664158][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  389.671434][    C0] CPU: 0 PID: 7639 Comm: syz.5.332 Not tainted 6.6.101-syzkaller #0
[  389.679412][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  389.689470][    C0] Call Trace:
[  389.692752][    C0]  <IRQ>
[  389.695597][    C0]  dump_stack_lvl+0x16c/0x230
[  389.700282][    C0]  ? show_regs_print_info+0x20/0x20
[  389.705502][    C0]  ? load_image+0x3b0/0x3b0
[  389.710456][    C0]  panic+0x2c0/0x710
[  389.714364][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  389.718882][    C0]  __warn+0x2e0/0x470
[  389.722866][    C0]  ? rcu_check_gp_start_stall+0x2dc/0x460
[  389.728680][    C0]  ? rcu_check_gp_start_stall+0x2dc/0x460
[  389.734406][    C0]  report_bug+0x2be/0x4f0
[  389.738742][    C0]  ? rcu_check_gp_start_stall+0x2dc/0x460
[  389.744466][    C0]  ? rcu_check_gp_start_stall+0x2dc/0x460
[  389.750209][    C0]  ? rcu_check_gp_start_stall+0x2de/0x460
[  389.755930][    C0]  handle_bug+0xcf/0x120
[  389.760173][    C0]  exc_invalid_op+0x1a/0x50
[  389.764688][    C0]  asm_exc_invalid_op+0x1a/0x20
[  389.769549][    C0] RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460
[  389.775888][    C0] Code: ff ff ff 48 c7 c7 a0 c4 ee 96 be 04 00 00 00 e8 2a a8 6c 00 48 89 df b8 01 00 00 00 87 05 4c 8f 7e 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 00 54 d3 8c 74 47 48 c7 c0 9c b9 4a 8e 48 c1 e8 03
[  389.795501][    C0] RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
[  389.801566][    C0] RAX: 0000000000000000 RBX: ffffffff8cd35400 RCX: ffffffff81703546
[  389.809560][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35400
[  389.817532][    C0] RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
[  389.825497][    C0] R10: dffffc0000000000 R11: fffffbfff2ddd894 R12: 0000000000002904
[  389.833474][    C0] R13: 1ffff110171c7a6a R14: 0000000000000a02 R15: dffffc0000000000
[  389.841467][    C0]  ? rcu_check_gp_start_stall+0x2c6/0x460
[  389.847202][    C0]  ? rcu_check_gp_start_stall+0x2c6/0x460
[  389.852931][    C0]  rcu_core+0x612/0x1720
[  389.857211][    C0]  ? lock_chain_count+0x20/0x20
[  389.862088][    C0]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  389.867481][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  389.872718][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  389.877944][    C0]  ? rcu_cpu_kthread_park+0x90/0x90
[  389.883166][    C0]  ? __run_timers+0x781/0x7d0
[  389.887856][    C0]  ? __run_timers+0x74e/0x7d0
[  389.892548][    C0]  ? detach_timer+0x2b0/0x2b0
[  389.897235][    C0]  ? detach_timer+0x2b0/0x2b0
[  389.901919][    C0]  ? lock_chain_count+0x20/0x20
[  389.906794][    C0]  handle_softirqs+0x280/0x820
[  389.911565][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  389.916331][    C0]  ? do_softirq+0x180/0x180
[  389.920840][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  389.926061][    C0]  __irq_exit_rcu+0xc7/0x190
[  389.930691][    C0]  ? irq_exit_rcu+0x20/0x20
[  389.935201][    C0]  irq_exit_rcu+0x9/0x20
[  389.939442][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  389.945110][    C0]  </IRQ>
[  389.948043][    C0]  <TASK>
[  389.950978][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  389.956973][    C0] RIP: 0010:raw_spin_rq_unlock_irq+0x13/0x90
[  389.962959][    C0] Code: 0f 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 02 52 0f 09 66 90 41 57 41 56 53 eb 11 e8 54 fa 18 09 e8 0f 33 2e 00 fb 5b <41> 5e 41 5f c3 f3 0f 1e fa 49 be 00 00 00 00 00 fc ff df 49 89 ff
[  389.982576][    C0] RSP: 0018:ffffc900037e78e8 EFLAGS: 00000282
[  389.988661][    C0] RAX: ea4e529520ecb100 RBX: ffff8880b8e3d188 RCX: ea4e529520ecb100
[  389.996642][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaaba40 RDI: ffffffff8afc6780
[  390.004614][    C0] RBP: ffffc900037e7ae8 R08: ffffffff8e4a84ef R09: 1ffffffff1c9509d
[  390.012586][    C0] R10: dffffc0000000000 R11: fffffbfff1c9509e R12: dffffc0000000000
[  390.020558][    C0] R13: ffff8880b8e3c440 R14: dffffc0000000000 R15: ffff8880b8e3d188
[  390.028545][    C0]  __schedule+0x171e/0x44d0
[  390.033075][    C0]  ? asan.module_dtor+0x20/0x20
[  390.038040][    C0]  ? futex_wait_queue+0x9d/0x1b0
[  390.042978][    C0]  ? plist_add+0x3d8/0x490
[  390.047410][    C0]  schedule+0xbd/0x170
[  390.051482][    C0]  ? futex_wait_queue+0x27/0x1b0
[  390.056416][    C0]  futex_wait_queue+0x138/0x1b0
[  390.061266][    C0]  futex_wait+0x19f/0x530
[  390.065598][    C0]  ? futex_wait_setup+0x260/0x260
[  390.070821][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  390.075898][    C0]  ? __ia32_sys_rt_sigreturn+0x6a3/0x7b0
[  390.081561][    C0]  do_futex+0x2ff/0x3e0
[  390.085730][    C0]  ? x64_setup_rt_frame+0xcd0/0xcd0
[  390.090940][    C0]  ? __ia32_sys_get_robust_list+0x90/0x90
[  390.096670][    C0]  __se_sys_futex+0x36f/0x3f0
[  390.101439][    C0]  ? __x64_sys_futex+0xf0/0xf0
[  390.106221][    C0]  ? __x64_sys_futex+0x21/0xf0
[  390.111010][    C0]  do_syscall_64+0x55/0xb0
[  390.115464][    C0]  ? clear_bhb_loop+0x40/0x90
[  390.120154][    C0]  ? clear_bhb_loop+0x40/0x90
[  390.124841][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  390.130750][    C0] RIP: 0033:0x7f860158ebe9
[  390.135267][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.154962][    C0] RSP: 002b:00007f86023ac0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  390.163377][    C0] RAX: ffffffffffffffda RBX: 00007f86017b5fa8 RCX: 00007f860158ebe9
[  390.171346][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f86017b5fa8
[  390.179317][    C0] RBP: 00007f86017b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  390.187289][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  390.195278][    C0] R13: 00007f86017b6038 R14: 00007fffb0060230 R15: 00007fffb0060318
[  390.203277][    C0]  </TASK>
[  391.326338][    C0] Shutting down cpus with NMI
[  391.331455][    C0] Kernel Offset: disabled
[  391.336391][    C0] Rebooting in 86400 seconds..