last executing test programs:

6m15.977425662s ago: executing program 2 (id=3):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa02, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x8, 0x2800, 0x6, 0x2, 0xba2, 0x5, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0x42, 0x4, 0x370, 0xffffffff, 0x188, 0xc8, 0xc8, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'bridge0\x00', 'wg1\x00'}, 0x287, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x168, 0x1a8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0xde, 0x0, 'syz1\x00'}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0)
socket(0x2, 0x3, 0xff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040001}, 0x3000c81c)

6m15.867386082s ago: executing program 2 (id=15):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x41, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SMI(r2, 0xaeb7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6m15.518844019s ago: executing program 2 (id=20):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x2048c5, &(0x7f00000008c0)={[{@utf8}, {}, {@shortname_winnt}, {@shortname_mixed}, {@shortname_lower}, {@uni_xlateno}, {@shortname_win95}, {@shortname_win95}, {@uni_xlate}, {@uni_xlateno}, {@numtail}, {@utf8}, {@shortname_winnt}]}, 0x0, 0x2b2, &(0x7f0000000580)="$eJzs3cFr03wcx/HP2nXtOrb2MB54Hnjwh170Erb6FxTZQCwocxX1IGQu1dLYjqZWKuJ28+rfMTx6UlD/gV28eRcvQxC87CBW1iZbtmVY57Zu6/sFJb/+vvkmvzZJ+SaQdP32y0eVkmeV7IZiKaOYtKINKbvZ8g3501inPaKwFV0a+/7p/5t37l7LFwozc8bM5ucv54wxE+fePXn26vyHxtit1xNvk1rL3lv/lvu89s/av+s/54Ol1yTbLNRqDXvBdcxi2atYxtxwHdtzTLnqOfWG2Yon/BxjVxfH00t1x/OMXW2ZitMyjZpp1FvGfmCXq8ayLDOe1qCJ7x8aGo7sLq7Ozdn5oxsRjtloVGe9nreTkcHi6nEMCgAAnCz9qv8flj1T9ky1Fqrvt+t/Kaj/YwrHS25taam1b/0vDXT9/+eo/wfBZv2f9o/fnaj/AQAAAAAAAAAAAAAAAAAAAAA4DTba7Uy73c4E0+CVlJSSFLzv9zhxNA6+/ffeTYLTJ3TjXkpyXzSLzWJ32o3nSyrLlaOphPSjsz/4uu3Zq4WZKdOR1Xt32c9fbhbjSgb5gWx0/nQ334Tzl5VQOrz+nDKajM7PReQ3iyO6eKGd9NfsyFJGH++rJleLnf16O//5tDFXrhd25Y925gMAAAAA4CywzJY95++duGWCCz274t3O7esDyvzm+sCu8+th/Rf9UEoAAAAAAHDIvNbTiu26Tn0AGsH/HxzKAo/rq0vsG0r1upxhSX7Pm5OyLXppxCQdND3+d1v5q6QdPZNn4kj58rh7BPQycz9/lQAAAAAchaDoH+r3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGC9PjwsmP8gzx4LrS7en08JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnAy/AgAA//909hNE")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333c06, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x310f848, 0x0)
read$FUSE(r0, &(0x7f0000003180)={0x2020}, 0x2020)

6m15.045919002s ago: executing program 2 (id=23):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)

6m14.48626966s ago: executing program 2 (id=26):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000e40)={0x0, 0x5, 0x20, 0x3, 0x8000000000000000}, &(0x7f0000000e80)=0x18)

6m14.309935838s ago: executing program 32 (id=26):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000e40)={0x0, 0x5, 0x20, 0x3, 0x8000000000000000}, &(0x7f0000000e80)=0x18)

5m12.569372736s ago: executing program 4 (id=496):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800852, &(0x7f0000000100)={[{@nossd_spread}, {@compress_force_algo={'compress-force', 0x3d, 'zstd'}}, {@nossd_spread}, {@discard_sync}, {@clear_cache}, {@space_cache_v1}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x143841, 0x114)
pwrite64(r0, &(0x7f0000000c80)="f560ffa43b3e4691c54c17f0e578da614c475de39db04803d29ced63de5950045324a86047aa1a1c505eab9c3112b6079afb7c668fd651cd158fcdded0413fe13d74316a875c5963d6bce5478f419a014d2601e8d14fe2e5304fdf24649cf0185e874d99f081164979580a3cfdfb3e432558d8f2b7ca5f992b4b8be29dfafb46465e200d8e5f3644eda64afdbd95294014090c16df4477fc0227c197719b80fe2c95b7255284aa9d0ddebe3cfe4c8df04801d74f26362d0758b3cc1a4e2a6b44ed74fb7fd634ac74b067ba16940518acccf26ea9317f1831b1bbf10c110c936b596d81ba53be47795e3d1a5219a5081047ee14aa121c5a9dbe46f5b797007a55957ee4d1f0a64fdac1d014529af3d67f1bde92064959b56631e40232b63e948122f57ca48eb4ecbf06601a4c3ea39ff6440ef5438e9d0f3bc16004f73dced8ff9d22beeac80bbb9f3fa675eb993ce2e47d50a50d03530ccb346a95987b72f33e6a6782b8b4e1f9d6b63edd1670ffe1abc11576125f9a4ccd6c33d08369a091cda5aa022a1632ddd9129c23a1e9aee985d747306849c503d19b9e84d99efb2dc2923145410e32dfdea28c5bc2902bf3359dd4298dee57c4d309417eb506148741a3d6b4126668199e336b6c16c0460f7c9515b4f485cc87246b3729ea585cc8b8b29acc16a9d2da2d0457842b7f9a748ff8917880daa05c9dd5ea868fed809cb4c3dd0ec7aaf747bfefaa355dc73b2df0b355af19b9f6e836cd860f210b3497ebf06f03b83011d6445c0ad6a04ca0805df62e1230a9df90a66d40423589bbffbeb860b706dc033e714c69103be007c3ca90ff1ab5497a708fe490c247de3e18d7447cf5e14b4ae4d2174c5a7a1055d33f85c74b1f68fde4cb72a4a1bb70c00334d06a76bdbd79b79d2c17d0019620a72bc82111910168fff369df7bf4e2289027fa08b2b8c5a229da8e80e5141a39fc7be8941a1690f0170f2e81b1c05f804451bdea6e1a0f04a13e2c137e7cb14458ad9a7bc86bdcc60144eabf4d0910bb8d56dab6224353bc1075cbb635e780819ddcc1beb0ab5b20cedd54c6eef6c60099a124b0b7cb04853e697c932685db7b71e4b69b2d35fdd8fe9f73bcc58488327f1a64ae", 0x322, 0x3)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x0, 0x0, 0x8fffb)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2}}, 0x20)

5m10.035663744s ago: executing program 4 (id=524):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x6, 0x10, &(0x7f0000000e40)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000300000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfed7, &(0x7f00000002c0)=ANY=[], 0x0)

5m8.408647298s ago: executing program 4 (id=533):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x439, 0x10000000, 0x0, {0x0, 0x0, 0x0, r3, 0x69801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x2}}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000e40)=[{{&(0x7f0000000080)={0x2, 0x4e1f, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @dev={0xac, 0x14, 0x14, 0x15}, @remote}}}], 0x20}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4000800)

5m7.801776067s ago: executing program 4 (id=540):
syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10000, &(0x7f0000000580)=ANY=[@ANYBLOB='utf8,dmask=00000000000000000000006,uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c696f636861727365743d69736f383835392d31352c666d61736b3d30303030303030303030303030303030303030303030312c6e616d65636173653d312c696f636861727365743d6b6f69382d752c6e616d65636173653d312c756d61736b3d30303030303030303030303030303030303030303136352c6572726f72733d636f6e74696e75652c00034830087604244061ee0c39541b221006317ff5591e8c1d034ca366ae51a329"], 0x1, 0x1535, &(0x7f0000001380)="$eJzs3AucjdX6OPDnWWu9Y0jaTXIZ1lrPy04uiyTJJUkuSZIkSW4JSZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJCG5Jev/mZi/OnX+55xfnfz+Z57v57M/s55Z+1nvs+aZvfe739l802VojUY1qzYgIvhD8OKXBACIBYCBAHANAAQAUDaubFzGfHaJCX/sIOzP9VDyla6AXUnc/6yN+5+1cf+zNu5/1sb9z9q4/1kb9z9r4/4zlpVtnp7/Wr5l3Rtf/8/K+PX/v0h6ybFfrC15fVeAmH81hfv//z/8A7nc//9awb9yJ+5/1sb9z6pir3QB7H8BfvxnBdn+4Qz3P2vj/jOWlf3yWnAsXPnr0X/1DSL/yb+B+F4Xf8pXfp//cP+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxthf4Iy/TAFA5vhK18UYY4wxxhhjjLE/j892pStgjDHGGGOMMcbYfx6CAAkKAoiBbBAL2SEHCICYzPlrIQ6ug9xwPeSBvJAP8kM8FICCoMGABYIQCkFhiMINUARuhKJQDIpDCXBQEkrBTVAaboYycAuUhVuhHNwG5aECVIRKcDtUhjugCtwJVeEuqAbVoQbUhLuhFtwDteFeqAP3QV24H+rBA1AfHoQG8BA0hIehETwCjeFRaAJNoRk0hxb/o/wXoAe8CD2hFyRAb+gDL0Ff6Af9YQAMhJdhELwCg+FVSIQhMBReg2HwOgyHN2AEjIRR8CaMhrdgDIyFcTAekmACTIS3YRK8A5NhCkyFaZAM02EGvAszYRbMhvdgDrwPc2EezIcFkAIfwEJYBKnwISyGjyANlsBSWAbLYQWshFWwGtbAWlgH62EDbIRNsBm2wFbYBtthB+yEj2EXfAK7YQ/shU9hH3z2b+af/rv8rggIKFCgQoUxGIOxGIs5MAfmxJyYC3NhBCMYh3GYG3NjHsyD+TAfxmM8FsSCaNAgIWEhLIRRjGIRLIJFsSgWx+Lo0GEpLIWl8WYsg2WwLJbFclgOy2MFrICVsBJWxspYBatgVayK1bAa1sAaeDfejb2xNtbGOlgH62LdzMtT2AAbYENsiI2wETbGxtgEm2AzbIYtsAW2xJbYClthG2yDbbEttsN22B7bYwfsgB2xI3bCTtgZO2MX7IJdsRt2S38hG+CL+CL2wmqiN/bBPtgXE7P1xwE4AF/GQfgKvoKvYiIOwaH4Gr6Gr+NwPIUjLozEUTgKK4u3cAyORRLjMQmTcCJOxEk4CSfjFJyC0zAZp+MMnIEzcRbOwvdwDr6P7+M8nIcLMAVTcCEuwlRMxcV4GtNwCS7FZbgcV+ByXIWrcRWuxXW4FjfgBtyEm3ALbsFtuA134A78GBUAfoJ7cA8m4j7ch/txPx7AA3gQD2I6puMhPISH8TAewSN4FI/iMTyOJ/A4nsSTeApP4xk8g+fwHJ7H5+K/avhxsTWJIDIooUSMiBGxIlbkEDlETpFT5BK5RERERJyIE7lFbpFH5BH5RD4RL+JFQVFQGGEEiTDjmUJERVQUEUVEUVFUFBfFhRNOlBKlRGlRWpQRZURZcasoJ24T5UUF0dpVEpVEZdHGVRF3iqqiqqgmqosaoqaoKWqJWqK2qC3qiDqirqgr6okHRH3RG/vjQyKjM43EEGwshmIT0VTIS89QLcVwbCVaizbiCTESR2A70dK1F0+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo5XqKXmIy9hZ9xDTsK/qJ/mKAmInVxXs4J3sN8apIFEPEUPGaWICvi+HiKjFCjBSjxJtitHhLjBFjxTgxXiSJCWKieFtMEu+IyWKKmCqmiWQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJFfCAWikUiVXwoFouPRJpYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lOxT3wm9ovPxQHxhTgovhTp4itxSHwtDotvxBHxrTgqvhPHxHFxQnwvToofxClxWpwRZ8U58aM4L34SF4QXIFEKKaWSgYyR2WSszC5zyKtkThlkPv/LOHmdzC2vl3lkXplP5pfxsoAsKLU00kqSoSwkC8uovEEWkTfKorKYLC5LSCdLylLyJlla3izLyFtkWXmrLCdvk+VlBVlRVpK3y8ryDgmRi8eoJqvLGrKmvFsmwD2ytrxX1pH3ybryfllPPiDrywdlA/mQbCgflo3kI7KxfFQ2kU1lM9lctpCPyZbycdlKtpZt5BOyrXxStpNPyfbyadlB+ku/Is/KzvI52UU+L7vKbrK7/ElekF72lL0k9AbZR74k+8p+sr8cIAfKl+Ug+YocLF+ViXKIHCpfk8Pk63K4fEOOkCPlKPmmHC3fkmPkWDlOjpdJcoKcKN+Wk+Q7crKcIqfKaTJZTpf9L600W8p/mv/27+QP/vnom+RmuUVuldvkdrlD7pQfy11yl9wtd8u9cq/cJ/fJ/XK/PCAPyIPyoEyX6fKQPCQPy8PyiDwij8qj8pg8Ls/K7+VJ+YM8JU/L0/KsPCfPyfOXfgagUAkllVKBilHZVKzKrnKoq1ROdbXKpa5REXWtilPXqdzqepVH5VX5VH4Vrwqogkoro6wiFapCqrCKqhvw0i+MKq5KKKdKqlLqpn8nXxVRN6qiqtiv8jPrS/gH9bVQLVRL1VK1Uq1UG9VGtVVtVTvVTrVX7VUH1UF1VB1VJ9VJdVadVRfVRXVVXVV31V31UD1UT9VTJagE1Ue9pPqqfqq/GqAGqpdFxh4Gq8EqUSWqoWqoGqaGqeFquBqhRqhRapQarUarMWqMGqfGqSSVpCaqiWqSmqQmq8lqqpqqklWymqFmqJlqppqtZqs5ao6aq+aq+Wq+SlEpaqFaqFJVqlqsFqs0tUQtUcvUMrVCrVCr1Cq1Rq1R69Q6tUFtUGlqs9qstqqtarvarnaqnWqX2qV2q91qr9qr9ql9ar/arw6oA+qgOqjSVbo6pA6pw+qwOqKOqKPqqDqmjqkT6oQ6qU6qU+qUOqPOqHPqnDqvzqsL6kLGaV8gAhGoQAUxQUwQG8QGOYIcQc4gZ5AryBVEgkgQF8QFuYPrgzxB3iBfkD+IDwoEBQMdmMAG4lLTo8ENQZHgxqBoUCwoHpQIXFAyKBXcFJQObg7KBLcEZYNbg3LBbUH5oEJQMagU3B5UDu4IqgR3BlWDu4JqQfWgRlAzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf3gwaBB8FDQMHg4aBQ8EjQOHg2aBE2DZkHzoMWfur73p/I+7nrqXjpB99Z99Eu6r+6n++sBeqB+WQ/Sr+jB+lWdqIfoofo1PUy/rofrN/QIPVKP0m/q0fotPUaP1eP0eJ2kJ+iJ+m09Sb+jJ+speqqeppP1dD1Dv6tn6ll6tn5Pz9Hv67l6np6vF+gU/YFeqBfpVP2hXqw/0ml6iV6ql+nleoVeqVfp1XqNXqvX6fV6g96oN+nNeoveqrfp7XqH3qk/1rv0J3q33qP36k/1Pv2Z3q8/1wf0F/qg/lKn66/0If21Pqy/0Uf0t/qo/k4f08d1Gf29Pql/0Kf0aX1Gn9Xn9I/6vP5JX9A+4+Q+4+XdKKNMjIkxsSbW5DA5TE6T0+QyuUzEREyciTO5TW6Tx+Qx+Uw+E2/iTUFT0GQgQ6aQKWSiJmqKmCKmqClqipvixhlnSplSprQpbcqYMqasKWvKmXKmvClvKpqK5nZzu7nD3GHuNHeau8xdprqpbmqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqZZqaFaWFampamlWll2pg2pq1pa9qZdqa9aW86mA6mo+loOplOprPpbLqYLqar6Wq6m+6mh+lhepqeJsEkmD6mj+lr+pr+pr8ZaAaaQWaQGWwGm0STaIaaoWaYGWaGm+FmhBlpRmWcqJq3zBgz1owz402SSTITzUQzyUwyk81kM9VMNckm2cwwM8xMM9PMNrPNHDPHzDVzzXwz36SYFLPQLDSpJtUsNotNmkkzS81Ss9wsNyvNSrParDZrzVqzHtabjWaj2Ww2m61mq9lutpudZqfZZXaZ3Wa32Wv2mn1mn9lv9psD5oA5aA6adJNuDplD5rA5bI6YI+aoOWqOmWPmhDlhTpqT5pQ5Zc6YM+acyXvp9dKbWJvd5rBX2Zz2apvLXmP/Ps5n89t4W8AWtNrmsXl/FRtrbVFbzBa3JayzJW0pe9Nv4vK2gq1oK9nbbWV7h63ym7iWvcfWtvfaOvY+W9Pe/au4rr3f1rOP2PqIALapbWib20b2EdvYPmqb2Ka2mW1u29onbTv7lG1vn7Yd7DO/iRfaRXa1XWPX2nV2t91jz9iz9rD9xp6zP9qetpcdaF+2g+wrdrB91SbaIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk220+0M+66daWf9Jk6xH9g5NtXOtfPsfLvg5zijplT7oV1sP7JpNoCldpldblfYlXbV/611md1gN9pNdpf9xG612+x2u8PuzDwRtnvsXvup3Wc/s4fs1/aA/cIetEdsuv3q5zhjf0fst/ao/c4es8ftCfu9PWl/UJnZGXv/3v5kL1hvgZCAJCkKKIayUSxlpxx0FeWkqykXXUMRupbi6DrKTddTHspL+Sg/xVMBKkiaDFkiCqkQFaYo3UCZ5RWnEuSoJJWim6g03Uxl6BYqS7dSObqNylMFqkiV6HaqTHdQFbqTqtJdVI2qUw2qSXdTLbqHatO9VIfuo7p0P9WjB6g+PUgN6CFqSA9TI3qEGtOj1ISaUjNqTi3oMWpJj1Mrak1t6AlqS09SO3qK2tPT1IGeoY70N+pEz1Jneo660PPUlbpRd3qBetCL1JN6UQL1pj70EvWlftSfBtBAepkG0Ss0mF6lRBpCQ+k1Gkav03B6g0bQSBpFb9JoeovG0FgaR+MpiSbQRHqbJtE7NJmm0FSaRsk0nWbQuzSTZtFseo/m0Ps0l+bRfFpAKfQBLaRFlEof0mL6iNJoCS2lZbScVtBKWkWraQ2tpXW0njbQRtpEm2kLbaVttJ120E76mHbRJ7Sb9tBe+pT20We0nz6nA/QFHaQvKZ2+okP0NR2mb+gIfet70Xd0jI7TCfqeTtIPdIpO0xk6S+foRzpPP9EF8gQhhiKUoQqDMCbMFsaG2cMc4VVhzvDqMFd4TRgJrw3jwuvC3OH1YZ4wb5gvzB/GhwXCgqEOTWhDCsOwUFg4jIY3hEXCG8OiYbGweFgidGHJsFR4U1g6vDksE94Slg1vDcuFt4XlwwrhI/dVCm8PK4d3hFXCO8Oq4V1htbB6WCOsGd4d1grvCWuH94Z1wvvCMuH9Yb3wgbB++GDYIHwobBg+HDYKHwkbh4+GTcKmYbOwedgifCxsGT4etgpbh23Cq8K24ZNhu/CpsH34dNghfObn+fsXZc4/8Zv5hLB32Cd8KXwp9P5eOT+6IJoS/SC6MLoomhr9MLo4+lE0LbokujS6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kep9zWzg0AknnXKBi3HZXKzL7nK4q1xOd7XL5a5xEXeti3PXudzuepfH5XX5XH4X7wq4gk4746wjF7pCrrCLuhtcEXejK+qKueKuhHOupCvlmrsWroVr6R53rVxr18Y94Z5wT7on3VPuKfe06+CecR3d31wn96zr7J5zz7nnXVfXzXV3L7gebkKui4/JBNfH9XF9XV/X3/V3A91AN8gNcoPdYJfoEt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NckktyE91EN8lNcpPdZDfVTXXJLtnNcDPcTDfTVZ518Shz3Vw33813KS7FLXQZ54ypbrFb7NJcmlvqlrrlbrlb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+l2ul1ul9vtr7m4qNvn9rv97oA74A66L126+8odcl+7w+4bd8R9646679wxd9ydcN+7k+4Hd8qddmfcWXfO/ejOu5/cBeddUmRCZGLk7cikyDuRyZEpkamRaZHkyPTIjMi7kZmRWZHZkfcicyLvR+ZG5kXmRxZEUiIfRBZGFkVSIx9GFkc+iqRFlkSWRpZFlkdWRLwvsDX0hXxhH/U3+CL+Rl/UF/PFfQnvfElfyt/kS1+sO837W305f5sv7yv4iv5R38Q39c18c9/CP+Zb+sd9K9/at/FP+Lb+Sd/OP+Xb+6d9B/+M7+j/5jv5Z31n/5zv4p/3XX03392/4Hv4F31P38sn+N6+j3/J9/X9fH8/wA/0L/tB/hU/2L/qE/0QP9S/5of51/1w/4Yf4Uf6UTFv+tGZb5FhvE/yE/xE/7af5N/xk/0UP9VP88l+up/h3/Uz/Sw/27/n5/j3/Vw/z8/3C3yK/8Av9It8qv/QL/Yf+TS/JPOisV/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/ntfoff6T/2u/wnfrff4/f6T/0+/5nf7z/3B/wX/qD/0qf7r/wh/7U/7L/xR/y3/qj/zh/zx/0J/70/6X/wp/xpf8af9ef8j/68/8lf4H+zxhhjjDH2L5lweSh+PXPxcn7v38kRv7hzHwC4elv+9F/OZ5xRrs9zcdxPxMdmfH26V5eHMm/VqiUkJFy6b5qEoPA8gMy/BGX4+aMHl+Il0AaehPbQGkr/bv39RLdz9E/Wj94KkOMXORkFZcaX1/8cABN+s99+4rEnRi0sF56J+3+sPw+gaOHLOdnhcrwE2vx8faU1lPkH9edt+U/qz/5FEkCrX+TkhMvx5fpLwePwDLT/1T0ZY4wxxhhjjLGL+omKnTLff2Z+4vP33p/Hq8s52eBy/M/enzPGGGOMMcYYY+zKe7Zb96cea9++dad/f1Dlf5T1Lw8aw39qZR787sB7gMzvKAD4gwsCZAzkX7mLLX/JsRIvPXT+fmr5WR/A/45W/hmDK/zExBhjjDHGGPvTXT7p//X31ZUqiDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYy4L+iv9O7ErvkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/k8AAAD///P/+v8=")
creat(&(0x7f0000000200)='./bus\x00', 0x268)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
preadv2(r0, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0, 0x0)

5m7.339295133s ago: executing program 4 (id=545):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000340)="ea00000000320066baa000ed66b839010f00d8b9800000c00f3235008000000f30c4c1f85a078fe94890de0f09243dc4c1fc11df66baf80cb8dc9fef81ef66bafc0ced", 0x43}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5m7.009891173s ago: executing program 4 (id=548):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})

5m6.763821938s ago: executing program 33 (id=548):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})

5m4.059914755s ago: executing program 5 (id=563):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x4e22, 0x2, 0xffff, 0x0, 0xa, 0x0, 0x20, 0x87}, {0x0, 0x8, 0x0, 0x0, 0x9ac, 0xfffffc, 0x4000000000000000, 0xfffffffffffffffb}, {0x0, 0x2, 0x200000000000000, 0xe1}, 0x800}}, 0xb8}}, 0x2c000010)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)

5m3.936017853s ago: executing program 5 (id=564):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000a80)=0x1, 0x4)
r1 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x2000000, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, 0x0, 0x0, 0x3}}, 0xe8)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x10000000000041}, 0xc)
connect$inet6(r1, &(0x7f00000000c0), 0x1c)

5m3.790779766s ago: executing program 5 (id=565):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000200)="be", 0x1}], 0x1, 0x0, 0x0, 0x4080}, 0x8000)
r2 = accept(r1, 0x0, 0x0)
sendmsg$inet6(r2, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x814)

5m3.710550491s ago: executing program 5 (id=566):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000680)={[{@errors_continue}, {@delalloc}, {@data_err_ignore}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@data_err_ignore}, {@nojournal_checksum}]}, 0x1, 0x4ef, &(0x7f0000000180)="$eJzs3M9vFdUeAPDv3PbSAo9HH49HAg+1gMbGxBYKCgs3mJi40MSIC1k2bSGVCxjahZBGLonBNYl7w9K408StLo0r/wBcuDAxJETZAG68Zu6dub29P3p7S2nT3s8nGThn5sycc2bmzD0zpzMB9K3R9J8k4l8RcS8i9taiyxOM1v57/HBx+snDxekoVyrn/kiq6R6l8Uy+3u4sMlaIKHyWNG7wbh6Yv37j0lSpNHstytX4xMLljyfmr994de7y1MXZi7NXJs+cOXXyxOnXJ19rLvJw10olrbPSej069OnVwwffPn/n3enB5o011qOjfK0/y12TRr5vO3ipcXvbwJ6GcNJar5sbWhhWbTg7DYtp+18sHT1fm520a0PA9lKpVCpDnReXK81utcwBtqwkNrsEwObIf+jT+998qs0pbkT3Y9M9OFu7AXr0cLFyM2L6cb3+g1HI0hSb7m9TK/SZejIaER+W//oynWKl5xC/rlOGAEDf++Fs1g1Moqn/V4gDDen+nY2hjETEfyJiX0T8NyL2R8T/IpalXSaJqKyQ//7mGfX8v81GEQr311q31Uj7f29kY1v5lOWbJxkZyGJ7IvIO8+zxbJ+MRXHowlxp9kSH7e/okn9j/y+d0vzzvmBWjvuDTZ3NmamFqbXVttWDWxGHBpvrnwymBy4fxkki4mBEHOphuyMN4blXvjpcjzTdVnSvf1Wl7XDEOoyfVe5GvFw7/uVYdvyXckwaxycLLeOTE8NRmj0+kZ4Fx9vm8dPPt9/rlH/X+n/3W/Mqb53+/tzTVrsuPf67Gs7/yMdvl+o/kkQk9fHa+YjKQG953P7l8+p2R4+1Llvr+b8j+aAaztvXJ1MLC9dOROxI3mmdP7m0bh7P06f1HzvWvv3vy9ZJ98T/IyI9iZ+LiOcjBvKyH4mIoxHRpmp1P7754kedlq3y/H9m0vrPtL3+LTv+S+P1qwzkK6dzBi4dufekw8Ujq//elY//qWpoLOLv6Hj9S5ZdIlZb0qfegQAAALAFFKL6t/+F8Xq4UBgfrz0D2h+7CqWr8wsvRMSVmdo7AiNRLFyYK83mD+RGopjkzz9HGuKTTfGT2XPjLwZ2VuPj01dLM5tdeehzu6ttPmlp/6nfe3zOC2xB2+g9NKBH3dr/gTsbVBBgw/n9h/7V0P47fdmi7C9lYHvy+w/9q137vxlfr/jugmsGbH0VbRn62srtv/v3NoGtazDer4errz37+Cf0Df1/6Eu9vtffW6Ay1H7RcLT5YsDwsynGzjZ5bUog7Vmt4waLEbG6xDvXkkXeBez8hYdCbxscitZFA7HSWkn77zhERLnjWule6VqeiwfW/eTPv4my3qfNN0vttLjKw/20Aff7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAtvJPAAAA//8tL8+m")
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x101000, 0x24)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1010000, &(0x7f0000000340)=ANY=[@ANYBLOB="696f636861727365743d69736f383835392d372c757466383d312c696f636861727365743d63703835372c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c7379735f696d6d757461626c652c73686f72746e616d653d6c6f7765722c696f636861727365743d61736369692c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c757466383d312c71756965742c756e695f786c6174653d312c756e695f786c6174653d3100000000000000026d653d6d697865642c72736469722c756e695f786c6174653d302c757466383d302c00"], 0x1, 0x379, &(0x7f0000000880)="$eJzs3U1oI1UcAPB/OmnSLmh7EwUhehO0bPemF1ukC4u9qAQ/DmJwuypJFVostodN60HxKHjUkzcFPXgQjyII4s2DV1cQP/Cge1vZxSfJ5GOapN2u2ErZ3w+avL73/u//JjMk02Hy+sJSNC9Ox6WrV3+OmZlSlJceW4prpZiPLPp2Y1xlQh0AcDpcSyn+TLnRtpnJIaUTmBYAcIy6n/8vRUQt5vOaN78+rH/y6Q8Ap17v7//Zw/occB0g4rVjmRIAcMzGrv/fv6+50v0p938tF+4KAABOq6eefe7x5dWIJ2u1mYj1t7fqW/V4ZNi+fCleiVasxdmYixsR+YlC56HUfTx/YXXlbK1Wa8cv81GPiKleYD0/U1jOuvHVWIy5mO/F9842UkrZ+c9WVxZrXRGx2+7mj/XSVn06zvTy/3Am1oYnHv1Buk8RF1ZXztV6A9TX+/HtiL3hjQqd+S/EXHz34mCYlPp3MK6uXF7sT3oYv1WvxsXBqzB+BeTQCyYAAAAAAAAAAAAAAAAAAAAAAHATC7WB+cH6OanznK+Us7Awob27Pk4e31sfaC9fHyhVU6T0xxsP1d/JYt/6QKPr82xZSBAAAAAAAAAAAAAAAAAAAAAGNrcr0Wi11jY2t3eaxUJ7Y3N7KiI6Na9+88lXszHe5yaFcp6iGjFIUeul3Wk2UtbvnLKI8fCsk7xf89HngxkX+1QHWzFxGtWDm1qtO+776f1hzb1Zf+S/h32ymLyBWWEaj46MvH5nPqVbeaEGhXPFmup49isppULNW8Xwy8+PDxiliPKt77id5lQc3Cd1CtfTy3f3X/3Glyn3wINzT19578Pfmo1WJ3N092BlY/NGajZK/c5HyN4bLnV3wfDYKEVeKBWPhPJhA+7tr2lk3//+zD3vfntw9igPa1Kx6fXO8TzSOcs359PRcSp5oTPNkabZYfh0byNaa9MjB/+E/T5W+Bf79K4Pvvg4pR9/PWpU4U1iauxto/TfvPsAAAAAAAAAAAAAAAAAAABFhe+K97503c4bpg+LeviJE5oeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyI4f//LxT2dmOk5iiF6+0JUdW1jc2IyoTMf/0PWwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO3qnwAAAP//7gFmJg==")
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000))

5m3.138708287s ago: executing program 5 (id=569):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)
close(0x3)

5m2.498097551s ago: executing program 5 (id=575):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000200)={0xdddd0000, 0x103000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

5m2.293340294s ago: executing program 34 (id=575):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000200)={0xdddd0000, 0x103000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

3m26.768953294s ago: executing program 7 (id=1513):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000002c0)={0x42, 0x80000009, 0x3}, 0x10)
bind$tipc(r2, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r1, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x1004)

3m26.606800004s ago: executing program 7 (id=1515):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000001c0), 0x4, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==")
chdir(&(0x7f0000000240)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

3m25.997002293s ago: executing program 7 (id=1518):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="dd", 0x1}], 0x1}, 0x24008800)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000340), 0x4)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000002380)=""/4080, 0x1001, 0x1, 0x0, 0xffffffffffffff71}, &(0x7f00000000c0)=0x40)

3m25.626806776s ago: executing program 7 (id=1522):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000340)='./file0\x00', 0x2048c5, &(0x7f0000000640)={[{@fat=@uid={'uid', 0x3d, 0xee00}}, {@utf8no}, {@numtail}, {@fat=@nfs_nostale_ro}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@uni_xlateno}, {@fat=@uid}, {@fat=@debug}, {@numtail}, {@fat=@quiet}, {@utf8no}]}, 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020)

3m25.412081566s ago: executing program 7 (id=1524):
timerfd_create(0x1, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x9, 0x0)
set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

3m24.150924657s ago: executing program 7 (id=1536):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000000904004001030000000921010000012205"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x9, &(0x7f0000000680)="1000000500ca32a375")

3m23.917942024s ago: executing program 35 (id=1536):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000000904004001030000000921010000012205"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x9, &(0x7f0000000680)="1000000500ca32a375")

1m11.558509642s ago: executing program 3 (id=3022):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x10, 0x572, 0x8000, 0x9, "ff000d00009a468e0cd912098d00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0))
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000200)={0xfffe, 0x81, 0x8, 0xb3, 0xb, "0300"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x6)

1m11.450837772s ago: executing program 3 (id=3024):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000400000000000000000000000850000004f000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="b9fdef306844268cb89614f086dd", 0x0, 0x3, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x60, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}, @IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x308, {0xfffffff7, 0x3}}]}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x60}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB='V?\x00\x00-\x00Y'], 0xfe33)

1m11.186716204s ago: executing program 3 (id=3026):
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x8080c0, &(0x7f0000000080)={[{@fat=@dos1xfloppy}, {@nodots}]}, 0x1, 0x21f, &(0x7f0000000100)="$eJzs3DtrW2cYB/BXvqmWsdFUaJe+uEu7iNZzh5biQqmgpa5KL1A4xnIrpEpGR4NUOmjOlM+QMYRkyRYw+QL+FMlmAsZLPOUEW4ovceLcFCnEv9+i5+iv5/A+6HAQr+DsfnX13/pmWtpMOmEqnwtTX4f+wyzLimEqPNEPn9/6bf/K2lw4I8a49Mn2n//fWL7bWfj19tKdfNgp/rW7t3J/58Odj3Yf/fJPLY21NDZbnZjE9Vark6w3qnGjltZLMf7UqCZpNdaaabV9Jt9stLa2ejFpbiwWttrVNI1Jsxfr1V7stGKn3YvJ30mtGUulUlwsBN5E5fpBlutnh/L9kGXZpBfEmB1kWdjz/V9aa7//8cM35fLqzzF+EMKDfrfSrQxeB/l335dXv4hHiidd+91uZfo4/3KQx1On7XYrs6EwzFfO5Yf9c+GzTwf5Yfbtj+Wn8vmw8danBwAAAACA91MpHju/v58bHp7N7xWO9vcHB6f+Hxjs31/bHvbPhI9nxjwMAAAA8Exp77960mhU2xcU0yGEF31m5MVMeM322eFk41vq84tcGGyijPDMWT6Eyc01F4bF/CtcP+9+sXD8Tii+XNf0qJdxc5QXySiKC24ay2O4MQEAACN38qN/0isBAAAAAAAAAAAAAAAAAACAy2scjxOb9IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd5HAAA//9eWF7C")
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c082", 0x61}], 0x1}}], 0x1, 0x2090)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000300)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x8000011000000009, 0x3a, 'B\xd4GGI\x82\\4\xbb\xbb\xbb\xb3\xd4)\xed\x8f\xaa\xf4\xd2{\xc5\t\xa9\xed\xf8e\xaa\xb9\xf5\r\xe3T\x0e\x8a\xd6\x9a_?G\x05\x00\x00\x00\x00\x00\x00\x00\x1e\x9a\xce\xac&x3\x15\x14y\xbf\xc6)\xa8\b/\x01\x00\x00\f\x8e1\xc4\xa1\xb2]I\xa5\x13}9\x1b<B\xc3k\xcd\x01\xe4\x05\n!\x02Y\xc7`ooveu`z\xb9\xf5r\xc0c\x95\xcbQbj5\xb1\x8f\xb9J\xa9#\x13\x92\x05H\x91\xa5\xdfxM\nD\xc70\xa11B\xf1\xab\xccw\x17\xbf\xc8W\xec\xb88\xc9\x1b*h\xc3c\x89n\x89ic\xfd\x9c\xfa~\xb5$VG\x85\xc2\x86\x89}*\x99\xda\x94\xba)\xb9b\xeb\xe9\x0f{V%TD\xbc\xee\x96C\x89No\xc9\n\x91\xe0\xfcqE4\x8c', 0x3a, '\x8c\xf0<\x06\xd3=(\xa0\x96k\xd8cf\x92\xd1\xed\xf5\x00\x00\xb5\xff\xd9o\x1c.\xecU \xc8\x12\xacf\x15I)S\xa5\xdb\x8f!\x8aA\xee$\x0e\x16\xf7wL\x9c~8\x10\xd2\nJ,D;Z \x92\xccY\xd7', 0x3a, './cgroup.cpu/cpuset.cpus/file0'}, 0x147)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00004c"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x84)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc142e00004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

1m10.911712964s ago: executing program 3 (id=3029):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1a37c1, 0x42)
write$UHID_INPUT(r0, &(0x7f0000006b80)={0x8, {"342412b0f441c1f817ca3bb86cf64533c2275b46182c05371c7f29075ada4017177349d9614051e3a40cfa803d4d45d65addb2f87f9a39358ff1bdc8560eb02f02d02f599f866146e7a7092dd11b61b59ebdeedc7c545d9a8a27f041a02975fb3fa8f57db19edc8776c810a8bfd109c8cf93470f5c38c113db88e59cc482d892069e0d4ba630583da1112b7597973e7e87ddca7971d3c66261e8203e3cfbd97bc0c2074c82ea8a66c827c84507ca6e4248c34d6bc7026aac8be76608e8cc4fbb14504f24addc211e0118e1f3669eba51b4e8a2d3f053b30f0b14bc5e33fa8350db43d20ef68b2b70857126cb1b1b8ca436ce40d1c25e813298f413cf085ad30c6178b966cf0dce179671a60008ea2c89831a160329efbe49505814a99708b1649eb330e29c05e247c107b8a52a1282daf004ef3621aab75a0af0cd159f8d6794df238285c145262b75e82c9aaec9e9a7d6649114b1250431a7cc2c1405be6471cb0be9d9efc68de67cd41bfe67780f292b4861401207321fdc69456234fe6f07930c8f320e771ab08d1b9eeb4db8f616a2512a25523d56772b8fd6349a1b787cb7ad69c6842da5d4ff166d4442363554f398e2cd9fdb722e2385e075fa66c74c66c982e4566cbff38a949d0d048cd172bfef350ff98c86f2fcd03183dc1af1e65c56eb32733fb547ae7234e81f32bb9a27bafc0bf29cf7c532c667865c545daa801b3a71058de84d02facbff9254f8ba19c3a69c5fc9ebc84cebda7189c45399a14c9bf62ff19fa24be27ba775de13ebe9d32fe7331bd3c4fc81cc14dd4d99cf33ee46c516a63d417211af6bf4db90f5d3ac90e68805f9ecabc08630bc024f1dcce9158655721e1cfce385980b4bf1269926510106f4fda965a5db75d9a890279d7421c38163ead62cd7ea83b079d5c9e546050fcc47aca9a14ae3f4f9fde7f8e7d2aac9abb4833d1f34bca84ffcd11739a68ae51be2c730fbef580d6eb73174fde815936c7b62e8f6342d9f47032f96dfadd8df1c177f9a7b7030628fdc1ed711cd3bdb3f51ca28042745c81b1a9879c426d05c0539a11630cfb170e4f9ad7b5d2e077ef57d03c0edfa0b6e51cb97a56dce8601736f3974346803b3cbe20f0d0b69e8547881e7ece02dde411044160781441f8c49e301aab70740afa2f92eef2ebbe125725e8c5936224ce72f6af2cf9d73c0092498d9d63586e1b7c5c8e8f16e8d125ff3571c8f5d52c08f1be88bd238e2ec3e7613bc6f74108d1da1bcb08fd9ca09ee07e83bbfb11d4a06885c83802b8cab426d38bdf5c7f9ed8a10180eb4ed67cbc754f3732291cde592bee3a5be5d78e65cefb0e62b0a4b49c266b36e9c22227f79aca8c8430517eebf867ee15cbd5f29289a9f9b3f523c97629eb60ac3a36fe0e65636c70db6195b7d1a86f2c1293bf28e1896c8f5b7da5ce0e3939650262ded558aab0da12d9d14f3a6194ea0143ffba65a68ab2745cd7006d51817fd6ef0b2dc6e3263c408d276073f9c55cffd4078e1e1ff73e4bc11b1ba5b022b725e6c7692ccfe2ab01decf060e15e9456a92bc7d4c26924be1f9da9a93c8d1472ead7e5c6960de5dcd10085740cbe8201b515297228de20687a38c349536e812d1ed4d91c3015b60751f0b802fbb5a8996309b13c0adbad38407d322853222bb66f7252c2e9ab7a30077664e165a10de2607d4e54cc4ddf1fe218fea1940d0171a773ff3bce0ecce20e8fe4540e57da07c37424856ea9522ee8e18dc76817a57ed1de22ab8b8575c7163dbf47dc7380f009a97eac2e03e068589a0e547b027fd993d4059e439cd3e82a7482acdcb4abcff6b113083852dc099085ab82abd88e4b892ad36822bd50a25c736db70905aef7ab47d0cef4eecdde34393406e35e74669c381bb833ac28770c02daccd5f47bef982ec97ccb6e155b7fce5dd55a8fd9f184b1a9bd51c52911b82b0cfa74d332824171d95836cf811a45d5b450561ccb8e6b9d69a2f310cb01965979d48e697603713d6123ff32c06e0f929f5bfc2aa4d655452f249a9634e35a8d64619245f2c829307b775ac382afb6e82e29a94e937c6f73dd42ace8dc3d71a3a7198a20df395494b1754f8b7d41f29cac8611bee7b4d1cc632c6daa69034b33e71523eb98d00b7d2190e3497a3cc003c7d05feb286d58d570d29fa12572353d2ccc3720c1dc527930f44f29c8de337337e9604a50cef2752bbfb00195e1207e4532008d354babb2526e07bdfca3def3d60c6e14c852668b2d2605bbfb83f88fb74f8dd61f9ea18fc6344ffca2e05269e2bd606c44a21d85845327d80f42f894c204eea830ee3180580425fded6fdf2831e2138cd1a173f34e488a99948aecbcddf4edacebc8cee37f4ba267f587134814d5d6b9dbd470e8cf2d222ae2dd5a00f280b990814e011c19f18dbe5453810436a1efa7b8dda00ff61284409f54b03b5c3ae72c50489199e50620cc51577535edfa880c4dfe0e2db0e28a0692ce31aa9fa83bb9584abd83086d071ae2a9817d5b3b384fa107435d3f0b3b5d7981b324e52d716dcd89eba6293c1f7fc0088a34dfc0d93992684f51b5ff021c0bd76d18c846403a52134317fa9969022f7ec3ad46ad49a50c072acd5dddf37d8513e09e3ab280ee04d2fbe4385b2ae524531d07e433510cb0b372a62d09d122e4cc55d515be710c3b3b53318ebca503e1a0c8a3166edc7df4b91805e87ac1769f49e34ddf3be7c2847de843c243375778c8c321c2c15362128800ea9cb2f7cade0289ed15eaca51a8740339649a9b378562acb7d54c10938205ffabd96bb7b7d00c7f8effaa742229f94e7a672ce2055ae429658cb357b3bbbbe5fb3bd917eccde8b1ef097b64fe0fbf3b6f50af144b74a160d0069bd3e090ad90eca7a3033cfe3d36e6dfed812a18cb37bfd59acebe0d2f69e14e8f7b04e93dfcc9e8d524fbbc32ac314d69e1b972e7fc01c7048a7f5dfe731a9ed90428ee23e0a6436843d2067ab1abc36a98e17617844c5d41266eba4517a86e9a9da85c5ca76bb6d8fd50575a914ad31c5312e9032ca29b7d33990118408cbe7509c2db2eb07ef03ebd3be5021f0dd617fb12c99f6c6a73f038bd1a7d3cb9594d4fb014ea08166ac7ff32db71587b704f977300b417c71eebae99aa316b6baa76560ff3c6fa888c8b73ab7a7df66fbbc4f54081b48558afff68a427af35b070123746c39ded9dc3f2c5768f47a006597a5f427b899f6446de400c73e031c5c4e03440d380a70b9c73d9f728cfa25351bf2b542e91c9aade3561588f7f416c87ce943a07b9da2ed159da6d12bd6bc61c36bbcb4c7bd7e2cf09a276523267992cd6762eb78015ace4520b1c4e8ea912c3da935d73aca6e8144b83267c87f80de6fcb939e9ba75c357999fa0ef6d6afcd5df086b324803d1a7d657be59e18e700aad55e67b3955e1a29d993e706e3008d2ffb05bd61e45ab185a41edbaa8b065ba1fbd071af46dca47676ebed1fa1b776cda3c548210cf407294ad2386f9783daec25c4826735b45d0f00e9265ff06802a1c82924a47f78845328f554b42210ddd9841e9fa99b96ed3707508ee0bfd15eb58d4bbc3ace0afe1fa4a3e3f536863c7addc71cb7c743b173da81f0ffdcd46af8f31ddb5d7b90ca638aa5e59d586779f6152ae5a2e3ca31595ed32650e0d4017fcf1be345633415ab35e35513c22f77973e97686327613bbe7f56f5f0321701491d586edf3f0665cf89d80beaf5fafad97bb230a03984e8c18878163b36dd7fa6826d10421794a5d2558adcf594fb98c50e3f2a92e11eba7ccd114f00513dcdaeb67c8ce783b1ce62c1df63de389cfe2d7279f7eb6c589145b2d47676c5373cf5201331f9e40ca0c6ed52803e8a38a11098398b12a7b861970e5047d18434b5a02d4454c5316f6c203890faba68cc5f633df5dc0fbc6e8c7026d75576a4ff724d8ab0b8967032d5f0b2e90852ac457623b08e9a6ccc34b77e02d25af98ced8b35f21dd26e3439327c5d653507a6978bd059e25a4b05f469819e325dc5044423b95a2d362df86eca37e3a14e19abf7e534e42b45c21f4f6332029ee7cf2427c72d9b664002597bcf1fbf4695090c9e65049d1a80695fe8cd935efc64f6002b16ed9ece9b5d4ad7783ed701601a51ff4a68fa22d8bde4f4aa338936a6a3b206cef471b306d8110e1f449432446579e3fb2501a1e49e3251f6ef2496c85e6f54daa76359b4b259fd9d49782a9ce60793a6f898cebed94629864ab0ec5966ee578691a75b5e1b4fc235c702e3ee60c894ef9afe8507ea134b8945b42f97edbaf5fc4a78eb57c06a6de4308f0271d08d00917e1e0c5fff6314b94cdc9ff8aa1a230319f908bf9750d36df2403b41e27d57d9b0fa847508128148335583c5257fa93954098e96d9b39a478276f2f67fd5d21db7d7e9d6d1c4e595c1986291fdeafabd6270a06613cd1d5f17d5e6942e4550a2a4f4b82e07461aef9991a03661dd779758226877fbfa1a4c58394499bd6d8a213c1874618f278c30c7020d5250ee537f0974ed684be20aafd026de5a78d339ae0d8bea263e394ccc8eab9a22867c8b3d087d70812394981170b72071be596a3e465993f9fe4742bf15b18e55c3c3874a2965b900d66dfc0bdbc58de1fe62771c84d0c1fe4f2a0a4ef2e841e43f9e8633a6078b6c8babe1be4b25280dd08ab9137ec460d6c418fba3a704f5893717ca05c1815ff6440c13dba6af6cde82e2bb43ab43842b674fc26a7c52981cc6273307f7055f49a6777eb180c4503e2df1cf1c7749d58e4338400a7e69cc799b7f581fa868908047049ad658ba90c53e43612e7df11b0d3258848b51ea30e0111bd08694b2d716524088974d0ed6b7dd096947f14a8cb37df063abea8a87199e0191437b595ea269fde1b4247850170e58d3886334cabf878b554cb27f1e9d7e90aa573963dbfc8fa9f85c7bc530933f24d19fca22fdd9e10c522b707d2c1681d96057cd04f4e144d5bf71962711a8a7c30de0445c4e66f5cb183f85127c31a3f5217b9e47e79a0f5d495ee3253cb76e1389ab4547fc19aedd92c0d2d1ed867d35555086c8792330c1b6351bc191db80dabeb29e8040294c6d825e9c92f8d3ccea695ceb06a19f7b3975997d5030f8e55b06cdf68c0d495cf1f0c475a06c4df913ee098562a1a5e8a11c708970ebacf6ac10c63da4c88fe35bcdd7b2f8b34adf61567b1776a0a25e05c676db9d3c236d78e581811937ef38d388bbfcc0c3fc378642bd417fd166770837f612dd8106ef602f492b652020674f93b34c970a5e020906460903aaee7ca4da7d22a9033ce2df434f5be181e342aa9991fe2c0ba270a6bc39c232aaf9d40b58aa64b506d9841bfa9c7041667408c1068683938972870b32176531c48a59007af856636ce514dd932f07887e15c34c19d7fa7d57c323e9509228c5d91fae36ff0387f3539bdfd7639baa1ac2677a7380cbe6aa1765af0814e8285791169738796e242a84e7364406fe2dacf4e0c975787871cf3460876b9eacd571f888e54eb03be99dbe4cc8a2376cddf63975bee454b3858efa12b4b0a1d2578dab0c8bf73764872fd7462d9aa501be9b9217f2206032d963b9f24a9070ec86d062ee56b79509804d0ef1fdf6a2ba07270e149eb712b65fef472c76478fc7b1bbe56734f225fc6ded5c4891632774371400dd46f1303c5763891448c365d7f22307e423cb31e690c4e3d8abd9febd745ee628ea37a73334fbce94eb155f75f5cee3c071fa853b0ed3ba87cb6a93955c3fe15c05b", 0x1000}}, 0x1006)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
open(&(0x7f0000000140)='./file0/file1\x00', 0x88440, 0x84)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x0)

1m9.259951863s ago: executing program 3 (id=3065):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1, 0x0, 0x10001})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x94}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x0, 0x2})

1m6.33483269s ago: executing program 3 (id=3096):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x4, r2, 0x12}, 0x10)

1m6.103031048s ago: executing program 36 (id=3096):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x4, r2, 0x12}, 0x10)

3.546182446s ago: executing program 1 (id=3635):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={0x0, 0x5}, 0x8)

3.360285033s ago: executing program 1 (id=3640):
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4094}, 0x8805)
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x4000080)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x2, 0x3, 0x38, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote, {[@rr={0x7, 0x3, 0x6a}]}}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x4, 0x9, 0x0, 0x1ff, {[@timestamp={0x8, 0xa, 0x102, 0x20}]}}}}}}}, 0x0)

2.682645349s ago: executing program 9 (id=3650):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000280600fe88a43de1a400000000000000027d01ff020000000000000000000000000001000088bed2868a1610e8f515ab"], 0xfdef)

2.670408217s ago: executing program 6 (id=3651):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r1, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r2=>0x0}, 0x8)
r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000080)=r2, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r3, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

2.502606576s ago: executing program 6 (id=3654):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f00000003c0)={[{@nogrpid}]}, 0x1, 0xbc0, &(0x7f0000000c00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiQTdtwZEzH8m0k5nGdjLHpL8fvDnve94z8zxPTibnPZCTAJ5ak9mXNOJQRJxNIsbr+9OIGKj2hiLWa8fd27g8m7UkKpW3f0siiYi7G5dnG++V1Lej9cFQRNx8LYl/f9Qad3l1bXGmXC4t1cdHV85fOrq8uvbKwvmZc6VzpQsnpl89MX1yerqLtd6+9N4Xz/zwxvNXr3889ebnB75L4nSM1eea6+iWyZjc/J40K0TETLeD5aSvXk9znUkhx4QAAOgobVrD/TfGoy+2Fm/j8e2PuSYHAAAAdEWlL6ICAAAA7HOJ+38AAADY5xp/B3B34/Jso+X7Fwm9dedMREzU6m8831ybKcR6dTsU/REx8nsSzY+1JrWXPbHJLNLX35eyFrv0HHIn61ci4v/bnf+kWv9E9Snu1vrTiJjqQvzJzd5G9adxL9V/ugvxJx8aP22fPwDyceNM7ULWev1LN9c/sc31r7DNtetx5H39a6z/7rWs/7bq72uz/ntrhzEO33/pZru55vXfu5/8PJfFz7ZPVNTfcOdKxOHCdvUnm/Unjfr/3LphyPad3WGM0dnb19rNZfVn9TZar+uvXI84Ul3NtdbfkHT6/0RH5xfKpana123ef/Vk5/jN5z9rWfzGvUAvZOd/JHZ4/ptel+27tMMYE//79VC7uUfXn/4ykLxT7Q3U93w4s7KydCxiIHm9df/xB3a1aBzTeI+s/hef6/z5367+7HfCev37kP30XKlvs/HVh2KOHjn+1ePXv7uy+uce8/x/usMYX35z7f12c3nXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDekEbEWCRpcbOfpsVixGhE/CdG0vLF5ZWX5y9+cGEum4uYiP50fqFcmoqI8do4ycbHqv2t8fGHxtMRcTAiPhsfro6LsxfLc3kXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKbRiBiLJC1GRBoRf4ynabGYd1YAAABA103knQAAAACw69z/AwAAwP7Xcv9feGA01MtcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JcOPnvjVhIR66eGqy0zUJ/rzzUzYLelOztsZLfzAHqvL+8EgNwUmvqVSqWSYypAj7nHB5KxzvNDbWcGu58MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9YLxy6cSuJiPVTw9WWGajP9eeaGbDb0rwTAHLT12kyeeQOYA8r5J0AkBv3+EBtZX+/UtM6P9T2lYNPHBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvWOs2pK0GBFptZ+mxWLEvyJiIvqT+YVyaSoiDkTET+P9g9n4WN5JAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0HXLq2uLM+VyaUlHR6eLneHoWazh+oe5zTGD7ac6dHL+xQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQC6WV9cWZ8rl0tJy3pkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeVteXVucKZdLS7vYybtGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy81cAAAD//xQfEa0=")
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xad1b8000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000ac0)='.\x00', 0x6ac00, 0x8e)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000140)={0x0, 0x200b620, 0xa})

2.501654236s ago: executing program 9 (id=3655):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/45, 0x2d}}], 0x1, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000180)=0x80000001, 0x4)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000280)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x7, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x8, 0x5e, 0x0, 0x0, [0x7f]}]}}, {0x4e20, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
getuid()
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000240)='cgroup.procs\x00', 0x2, 0x0)

2.41243692s ago: executing program 1 (id=3657):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x19})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
readv(r1, &(0x7f0000000340)=[{&(0x7f0000000980)=""/197, 0xc5}], 0x1)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

2.102520233s ago: executing program 6 (id=3660):
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/238, 0xee}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
mremap(&(0x7f00002ce000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil)
mlock(&(0x7f0000bfc000/0x3000)=nil, 0x3000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

1.830949014s ago: executing program 6 (id=3663):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be5216344841", 0xe}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d", 0x2a}], 0x2}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d41400000000000000290000003e000000", 0xfe60)

1.566908145s ago: executing program 9 (id=3665):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="300000002d0001002abd70000000000008000000", @ANYRES32], 0x30}], 0x1}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x464f, 0x1, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0)

1.496850063s ago: executing program 0 (id=3666):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x0, 0xe38, @private0}}}, 0x32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000001280), r3)
sendmsg$L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="2503000000000000000008"], 0x14}}, 0x0)

1.37003151s ago: executing program 0 (id=3669):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001435010026bd0c333c84df250a4022fe", @ANYRES32, @ANYBLOB="140006000000000005"], 0x40}, 0x1, 0x0, 0x0, 0x811}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd27, 0x25dfdbfd, {0x2, 0x18, 0x0, 0xcb, r3}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010102}, @IFA_BROADCAST={0x8, 0x4, @remote}, @IFA_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3d}}, @IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_RT_PRIORITY={0x8, 0x9, 0x1000}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040014}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000"], 0x18}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

1.266729381s ago: executing program 1 (id=3680):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vlan0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r2, 0x3, 0x6, @broadcast}, 0x10)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000200)={r2, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vlan0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0)

1.265946291s ago: executing program 0 (id=3671):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x9)

945.023592ms ago: executing program 6 (id=3675):
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4094}, 0x8805)
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x4000080)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x46, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x2, 0x3, 0x38, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote, {[@rr={0x7, 0x3, 0x6a}]}}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x4, 0x9, 0x0, 0x1ff, {[@timestamp={0x8, 0xa, 0x102, 0x20}]}}}}}}}, 0x0)

943.431372ms ago: executing program 1 (id=3686):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x7fffffff, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f00000002c0)='M', 0x1)
recvmmsg$unix(r1, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x10003, 0x0)

943.022372ms ago: executing program 8 (id=3676):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x303, 0x3a}, "03c0000000000500", "9e8ecc7bb535277672a2eff75b24866882519a85ef828f711330ff2bb17b5508", "dc5db43f", "a1034200000102a0"}, 0x38)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="001c86dd0700100000002800000060ec97000fc83a00fe8000000000000000000000000000aaff0200"/51], 0xffe)

735.046204ms ago: executing program 8 (id=3677):
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000200)='./file1\x00', 0x12, &(0x7f0000000480)=ANY=[], 0x5, 0xa66, &(0x7f0000000d80)="$eJzs3U1sHFcdAPA3a6/z2WZTHGrS0CYU2vJRu3FM+IiAVM2FqKm4Vaq4RElaIpKASCVI1UOSEzdaVeHK56mX8qFK5IKinrhUopG49FQ4cCAKUiUO0JC4yvq9/Xjezawd25P1/n7S+O2b/9t9b8Yzs7Pz9QIwsmrNv3NzU0UIly6/cehfj/1zUwiXJ9slGs2/4x25egihiPnx7PM+GFtIb3746rFeaRFmm39TPjx3vfXeLSGE82F3uBIaYeelq6+/O/vskQuHL+55780D11Zn6gEAYLR858qBuR1//+tD2z966+GDYUNrfNo/b8T81rjffzDu+Kf9/1rozhcdQ6eJrNx4HGpZubEe5TrrqWflxvvUP5F9br1PuQ0l9Y91jOs13TDM0nLcCEVtuitfq01PL/wmD83f9RPF9JmTp148W1FDgRX3n0dCCLsNhpEfLjRXiOrbEcLGuHKuQV3z2yrd/AC05OcLFzmfH1m4O61PGx+s/utP13q/H1bAWi//6h+u+n97wRaHlbNel6Y0XWk92hrzHecRToce1y/l6998/sHZ+p8+Lz8fUR+wnf3OIwzL+YV+7RwLB9e4JcvTr/35crFefSOmaT58M4t3rj9jWSzPA8Plv47/GwwjOyzav72D/FoZYH3Lr5ubj1I8v64vj28oiW8siW8qiW/uKhXju9vxLSXvh1H2x5d/Fl4r2r/z89/0Sz0eno6z3RfT+5fYnvx45FLrn7hDbi3qt4/EMPnT0edPfPX4C1cXrv8vWsv/rbi87475RlybrsQC6Xhhfly9de1/o7ueWp9yD2Ttua9H+ebrye5yxWT7c0LHdmZRO6a637etX7ld3eUaWblNcdiYtTffP9mcvS/tf6Ttappf49n01rPpmMjakbYr22OatwOWIy2P/a7/T8vnVKgXL548deKpmE/L6V/G6htuj99bXtXvVrrtwN0Z9P6fqdB9/8/W1vh6rXO7sK09vujcLjSy8bN9xu+L+fQ9972xTc3x08d+cOr4Sk88jLiz5175/tFTp078yAsvvPCi9aLqLROw2mZePv3DmbPnXnny5OmjL5146cSZffv375ud3f+1fXMzzf36mc69e2A9aX/pV90SAAAAAAAAAAAAYFA/Pnzo6t/e+cr7C/f/t+//S/f/pyt/0/3/Py0W7nWvdYwPPfoBTPcBbu8Rb5bJHrA6kZWrx+ETWXsns3p2ZO/7ZExb/fjF+/9TdflzXVN7HszG58/vTeWyxwksel7KRPbUkby/wM/E9GJMfx2gQsWm3qNjWvZ867Ssp+dTLOG5FL0rphLp/5b+Kek5Jun+737PdUrb/+1r0EZW3lrcTlj1NAK9/XuEn//d3HdZxc//zf3VT+PG/rENVbfNUP0wP68XD+DeUHX/n+m4Z0rP/PnbG28Pqdj1p7u3l/nzS+Fu3Ov9T6p/ffX/2er/bqDt343FvSc0llfv/35x7f2OasPOQbe/+fSn50BP5jXc+Uj0R7frv9GelMfDYPXP/yqrPz8hNKAbcfrT/N88YP2Lpn9XWU3n3u419v+x/jTbnnh00PoXWlzUutuRHzdO5//y48bJzWz6jy93+pfZUeOtWD+MsmHpZ3apBuj/t6ms/99FVrj/337y6zC+HPNpQ5iuc8h7OFli+1uZ9D2wI/v8ouT7rX//v8Nh1Pv//XpMy9aH1P9vWh4bPfK1jny9x7xdr9saGFYf3Lvn/9pfVNW3xTDo/6v6dhiWMMzPz6/uAa0SlVZO5fO/6t8JVddf9fwvk/f/m+/D5/3/5vG8/988nvf/m8fz/vXy+OYsns/PvP/fPP5g9rl5/8BT2Q/sPP6pkvfvLIk/VBLfVRL/dEl8T0n84ZL4IyXxB0rij5bEP1sS/1xJ/LGS+BMl8c+XxNe7dD/KqE4/jLL8/jzrP4yOdH9tv/V/siQODK+fv7X3mRf+8N3Gwv3/E63jIek83sGYr8ffzj+J+fy8d+jI3469E/P/yOL3+vEOGCX58zPy7/fHS+LA8ErXeVm/YQQVve+TGPS5Vf328xkuX4jpF2P6pZg+GdPpmM7EdG9MZ9eofayOZ37/9oHXivbv/W1ZfNDryfP7gfLnRO0bsD358YGlXo+fP8dvqe62/mXeDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCZWvPv3NxUEcKly28cev7IyZnbY77VKtFo/h3vyNVb7wvhqZiOxfSX8cXND1891pneimkRZkMRitb48Nz1Vk1bQgjnw+5wJTTCzktXX3939tkjFw5f3PPemweurd4cAAAAgPXv4wAAAP//hPYb+g==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

624.185364ms ago: executing program 9 (id=3678):
r0 = syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5b3, &(0x7f0000000680)="$eJzs3V9oJHcdAPDvbnavNnd6rdTqVdtLrbZn/2wuSTm8WpB71PZK7Z8nT86Q7OWObLIxu8EmtZBShAqehOqTPikIKj6cCAriQ0Gsj4JvSqlgEeUgFEtR9NSVmd099swmuTR/hst8PjDJzG9m8/vOfvnOzvxudi6A3BpKfhQiDkXEaxFxuL147QZD7V8rY5fOJ1MhWq2n3yqk270wdul8d9Pu6w4mP4oRH0p+/TriYHltv43FpenxWq0631kebs7MDTcWlx66MDM+VZ2qzo6OjZw4Pnpi5MTJHdvXHz7/ymffeP7xKxdXB7//+pGj/0jiPdRZ17sfO2UohjrvSTk+2ruiEPHpne4sIwMRUYqID2QdCFt25ndff7abv3Ja/4djIF2KGBw78/bhuPho1jECu6eVWm/tQAvYzwqRdQRANrqf9Mn1b3faq3OP6f1yEXwDWz3VvgB8oTO2s3I1/6UodrYp79L1/dG/RgxF8/5Ln7n7q8kUuzQOw/qWX4x0oG5t/RfSsbFbOtvdExHHIuJjEfHxiLg3Iu7bZt/PfCHJ/x+/2dsm/3vrevP/iYioRMT9EfFARDwYEQ9ts+/bTyf5P/jF3jb5z487Ppd1BGTpty9nHQHp8f94qdTv+F/c5t++e5P1rfTfFZff7G1z/M+Pp57OOgKy9MSJrCMgS995K+sIePVU+2Ju7ed/MW7v2S6Z/2D7UjGOJOfuEfHhiPhIRNwZEXdFxNHu/UTX6SuPJdtXqr1taz//i5e3s39sbPVUxKM993at9OS/45aBztJ70/GAcuHchVr1eES8Lx0TKt+ULI9s0MfXln/1WL/2H9+Z5P9TT3TH/5Ip6b87FtiJ43LppmtfNzneHN/uftO2+mLEHaV++S907gRq39fXiojhd9nHS8d+8pt+7Z98Ksn/vQ9unH92U+u77XHcfvnvKmx8f+ZwejwY7h4V1nopbrvYr/3JK0n+3/yD/Gcnqf/BjfOfHv+v3q/b2HofpZXL3+jbPpPk/8+/fDfH/wOFZ9IAD3TanhtvNudHIg4UHl/bPrr1mPer7vvRfb+S/B+7p//n//s7r0ne0KSy/xMR/42If0bEvyLiSkT8OyL+FhFvb9DnL1555Of92seeTfL/l9fUf3aS/E9uUv+Fa+p/6zPfvuvkl/v1/YPvJfkfrGxe/w+nwRzrtDj/29z1JijrOAEAAAAAAADYGcX0GXiFYuXqfLFYqbSf4XdbDBZr9UbzgXP1hdnJ6HwftFzs3ul1uOd+0JHOd0W7y6P/tzwWEbdGxMsDN6fLlYl6bTLrnYecOhTxxk+/NHHg4Dr1n3h9IOsogd2Q1P+5bw0sJ/PvqHPIlaT+f/TOTPq9LPUP+aL+Ib/UP+SX+of8Uv+QX+of8kv9Q36pf8gv9Q/51Vv/QD49efp0MrW6z/2crU9dmD4/d3L0eGVmYaIyUZ+fq0zV61PpN3ZmNv97tXp9buThWHhuuFltNIcbi0tnZ+oLs82z6XOjz1bLe7BPwOb+/qfP/+zWo6/+vhARy4/cnE7R8+xstQr7m0t/yK9S1gEAmXGODxQ2Wf+e9Vac2flYgL2x3f/jH7hx3XfE+D/klfF/yC/j/5BfzvEB4/+QP8b/Ib+q843FpenxWm3NTNaRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkU2NxaXq8VqvOmzFjJncz/wsAAP//ylZHUg==")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000b80)='./file0\x00', 0x1008002, &(0x7f0000000d00)={[{@grpjquota}]}, 0x3, 0x5ee, &(0x7f0000000280)="$eJzs3c1vVFUbAPDnTj9oKXk7kDcqLqSJMZAoLS1gGuMCtoY0+BE3urDSgkiBhtZo0YSS4MbEuDHGxJUL8b9QIltWunLhxpUhIWpYmjjmztxbOu1Mv2jnEu7vlwxz7zlze86lfeace+acOwGU1lD6TyVif0TMJhGDyeJSXndkmUON193/+5Mz6SOJWu31P5NIsrT89Un2PJAd3BcRP/+UxL6u1eXOLVy9MDkzM30l2x+Zvzg7Mrdw9fD5i5Pnps9NXxp7cWz8+LHj46NHtnRe11qknbrx/oeDn0289d03/ySj3/82kcSJeCV74fLz2C5DMVT/P0lWZw2Mb3dhBenK/k5qtVotT0u6i60TG5f//noi4skYjK548MsbjE9fLbRywI6qJY33bqCMEvEPJZX3A/Jr+5XXwZVCeiVAJ9w72RgAWB3/3Y2xweirjw3svp/E8mGdJCK2NjLXbE9E3Lk9cePs7YkbsUPjcEBri9cj4qlW8Z/U478afVGtx3+lKf7TfsHp7DlNf22L5a8cKhb/0DmN+O9bM/6jTfy/kz5fa8Twu1ssv/pg873+pvjv3+opAQAAAAAAQGndOhkRL7T6/L+yNP8nWsz/GYiIE9tQ/tCK/dWf/1fubkMxQAv3Tka83HL+byWf/VvtWraEtRo9ydnzM9NHIuJ/EXEoenal+6NrlHH4831ft8sbyub/5Y+0/DvZXMCsHne7dzUfMzU5P/kQpwxk7l2PeLrl/N9kqf1PWrT/6TvD7AbL2PfczdPt8taPf2Cn1L6NONiy/X9w14pk7ftzjNT7AyN5r2C1Zz7+4od25W81/t1iAh5e2v7vXjv+q8ny+/XMbb6MowvdtXZ5W+3/9yZv1O8q1JulfTQ5P39lNKI3OdWVpjalj22+zvA4yuMhj5c0/g89u/b4X6v+f39ELK742clfzWuKc0/8O/B7u/ro/0Nx0vif2lT7v/mNsZvVH9uVv7H2/1i9rT+UpRj/g4av8jDtbU5vEY7drbI6XV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBxUImJPJJXhpe1KZXg4YiAi/h+7KzOX5+afP3v5g0tTaV79+/8r+Tf9Djb2k/z7/6vL9sdW7B+NiL0R8WVXf31/+MzlmamiTx4AAAAAAAAAAAAAAAAAAAAeEQNt1v+n/ugqunbAjusuugJAYVrE/y9F1APoPO0/lJf4h/IS/1Be4h/KS/xDea0d/2+Pd6wiQMdp/6G8xD8AAAAAADxW9h649WsSEYsv9dcfqd4sr6fQmgE7rVJ0BYDCuMUPlJepP1BervGBZJ38vrYHrXfkWmbPPMTBAAAAAAAAAAAAAFA6B/db/w9lZf0/lJf1/1Be+fr/AwXXA+g81/hArLOSv+X6/3WPAgAAAAAAAAAAAAC209zC1QuTMzPTV2y8+WhUo5MbtVrtWvpX8KjUZ/s3kmyGekcKzafCd/5Mezdygvlav4395OLekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGb/BQAA//8wviV5")
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000}, 0x0)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000c40)='./file0\x00', 0x1a4a438, &(0x7f0000000c80)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYRES8=0x0, @ANYRES8], 0xd, 0x0, &(0x7f0000000000))

430.266948ms ago: executing program 8 (id=3679):
socket$kcm(0xa, 0x5, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x80002, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c0000001000fffd29bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000223803001c0012800c0001006d6163766c616e000c0002800800", @ANYRES32=r0], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)

429.412568ms ago: executing program 0 (id=3681):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setresuid(0x0, 0xee00, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x404, 0x4)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)

240.482034ms ago: executing program 8 (id=3682):
r0 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x80)
r2 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000001c00), 0x12)
timer_create(0x3, 0x0, &(0x7f0000000340))
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
timer_gettime(0x0, &(0x7f0000000000))

240.167783ms ago: executing program 9 (id=3683):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2100000008000000000000000000"], 0x610)
r2 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xfffffffe}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

170.354131ms ago: executing program 0 (id=3684):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000340)={0x200000, 0x200000, 0x0, 0x0, 0x5989})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@userxattr}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r0, &(0x7f0000000400)=""/4096, 0xc00)

155.371188ms ago: executing program 8 (id=3685):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x800810, &(0x7f0000000180)={[{@nobh}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000940)='./file1\x00', 0xeb46)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000000)={[{@i_version}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@errors_remount}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x470, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gh/U7/jVv8jjfvy59/yv7uKOZTBiLg7InZHxD0RsSci7o3I294fEQ+sMp7b+z/plVV+5LKy/t9zxdzW4v5f2fuLwZ6itjPPvy85Pl2vHSz+J8PRtyWrjy2zjm9e/PmTdsua+3/ZI1t/2Rcs4rjS2zJANzUxN5F3Sjvg6sWIfb1L5Z/cnAlIImJvROxb2UfvKgvTT3y5v12jO+e/jA7MMy18kaU3n+U/Hy35l5Lm+cnp2+YnR7dGvXZwtNwrbvfjT5dea7f+VeXfAVdrjeem7d/aZDBpnq+dXfk6Lv36Udt7mv+4/6f9yRv5PHN/8dp7E3NzZ8Yi+pOjeX3R6+O33lvWy/bZ/j98YOnjf3fxniz/ByMi24kfioiHI+KRIvZHI+KxiDiwTP7fv9B+WZl/pBVt/4sRU0ue/27u/y3bf+WFnpPffd1u/f9u+x/OS8PFK/n57w6WCic7XbQGuJr/HQAAAPxfpPl34JN05GY5TUdGGt/h3xN3pfWZ2bknj8+8c3qq8V35wehLy5GugWI8tD5dr40l88UnNsZHx4ux4nK89FAxbvxpz7a8PjI5U5+qOHfodtvbHP+Z33uqjg5YY9uWfHW8f90DASrQOo+eLq5eeDWcDGCz8ntt6F53OP7T9YoDWH+u/9C9ljr+L7TUzQXA5uT6D93L8Q9dKv226giACrn+Q1daze/617CwdWOEUU1ho26UvBBRFtINEY/CGhWqPjMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xj8BAAD//02e6R0=")
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x1000000, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x2008002)

133.405234ms ago: executing program 9 (id=3687):
r0 = syz_io_uring_setup(0x5c4, &(0x7f0000001d40)={0x0, 0x1001, 0x800}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
read$FUSE(r3, &(0x7f0000002200)={0x2020}, 0x2020)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000020240), 0x10010)

59.857041ms ago: executing program 1 (id=3688):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000440)={0x48, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x0, 0xffffffff}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3c}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x10001}]]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

285.67µs ago: executing program 0 (id=3689):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
socket(0x10, 0x803, 0x0)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/ip_mr_cache\x00')
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/20, 0x14}], 0x1, 0x10000009, 0xffffffff)

135.21µs ago: executing program 8 (id=3690):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000e40), 0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xffffffffffffffff)

0s ago: executing program 6 (id=3691):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0)

kernel console output (not intermixed with test programs):

er IBSS networks with same SSID (merge)
[  270.316426][ T4283] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  270.424870][ T9709] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  270.443947][ T9709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  270.470573][ T9709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  270.585829][ T4283] usb 9-1: Using ep0 maxpacket: 8
[  270.724558][ T4283] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  270.745840][ T4283] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  270.777165][ T4283] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  270.803359][ T4283] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  270.833382][ T4283] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  270.866161][ T4283] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.152312][ T4283] usb 9-1: GET_CAPABILITIES returned 0
[  271.158089][ T4283] usbtmc 9-1:16.0: can't read capabilities
[  271.374442][    C1] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  271.389980][ T4231] usb 9-1: USB disconnect, device number 4
[  271.396546][ T9734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1766'.
[  271.434254][ T9734] netlink: 'syz.0.1766': attribute type 14 has an invalid length.
[  271.769487][ T9750] loop3: detected capacity change from 0 to 4096
[  272.097028][   T26] audit: type=1326 audit(1773164526.689:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9748 comm="syz.3.1773" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f952662c799 code=0x0
[  273.100857][ T9786] netlink: 'syz.0.1787': attribute type 1 has an invalid length.
[  273.129848][ T9786] smc: adding net device bond0 with user defined pnetid SYZ2
[  273.139523][ T9786] 8021q: adding VLAN 0 to HW filter on device bond0
[  273.174309][ T4283] Bluetooth: hci2: command 0x0406 tx timeout
[  274.356300][ T9845] netlink: 'syz.8.1812': attribute type 15 has an invalid length.
[  274.381045][ T9845] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1812'.
[  274.407250][ T9845] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  274.416392][ T9845] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  274.425313][ T9845] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  274.434051][ T9845] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  274.452732][ T9845] netlink: 'syz.8.1812': attribute type 15 has an invalid length.
[  274.462355][ T9845] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1812'.
[  274.576030][ T9857] overlayfs: failed to clone upperpath
[  275.268559][ T9872] APIC base relocation is unsupported by KVM
[  275.627553][ T9894] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1833'.
[  275.917164][ T9916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1839'.
[  275.928238][ T9914] loop8: detected capacity change from 0 to 1024
[  275.944690][ T9916] netlink: 'syz.1.1839': attribute type 14 has an invalid length.
[  276.027760][ T9914] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  276.041698][ T9916] device vxlan1 entered promiscuous mode
[  276.090523][ T9914] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:3885: comm syz.8.1842: Allocating blocks 385-513 which overlap fs metadata
[  276.181748][ T9914] EXT4-fs (loop8): pa ffff88805fd249a0: logic 16, phys. 129, len 24
[  276.190343][ T9914] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 8
[  276.236434][ T9924] sctp: [Deprecated]: syz.3.1845 (pid 9924) Use of struct sctp_assoc_value in delayed_ack socket option.
[  276.236434][ T9924] Use struct sctp_sack_info instead
[  276.621574][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888063c60c00: rx timeout, send abort
[  276.734395][   T23] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  276.906701][    C1] vxcan0: j1939_tp_rxtimer: 0xffff8880623b7c00: rx timeout, send abort
[  277.127667][    C0] vxcan1: j1939_tp_rxtimer: 0xffff88806116a400: rx timeout, send abort
[  277.131955][    C1] vcan0: j1939_tp_rxtimer: 0xffff888061672800: rx timeout, send abort
[  277.137352][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888063c60c00: abort rx timeout. Force session deactivation
[  277.164648][   T23] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.175776][   T23] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.186076][   T23] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  277.206632][   T23] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  277.220533][   T23] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.235369][   T23] usb 9-1: config 0 descriptor??
[  277.415403][    C1] vxcan0: j1939_tp_rxtimer: 0xffff8880623b7c00: abort rx timeout. Force session deactivation
[  277.636237][    C0] vxcan1: j1939_tp_rxtimer: 0xffff88806116a400: abort rx timeout. Force session deactivation
[  277.644393][    C1] vcan0: j1939_tp_rxtimer: 0xffff888061672800: abort rx timeout. Force session deactivation
[  277.700010][   T23] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  277.730943][   T23] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  277.796801][ T9972] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1864'.
[  277.833020][ T9972] netlink: 'syz.6.1864': attribute type 14 has an invalid length.
[  277.863072][ T9972] device vxlan0 entered promiscuous mode
[  277.899533][   T23] usb 9-1: USB disconnect, device number 5
[  278.250621][ T9983] overlayfs: failed to clone upperpath
[  278.343693][ T9989] netlink: 'syz.1.1871': attribute type 1 has an invalid length.
[  278.425524][ T9989] smc: adding net device bond0 with user defined pnetid SYZ2
[  278.456226][ T9989] 8021q: adding VLAN 0 to HW filter on device bond0
[  278.600774][   T26] audit: type=1326 audit(1773164533.189:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9986 comm="syz.0.1884" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe1125f6799 code=0x0
[  279.185266][T10009] loop8: detected capacity change from 0 to 32768
[  279.223810][T10014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1883'.
[  279.267261][ T4414] Dev loop8 SGI disklabel: csum bad, label corrupted
[  279.296033][T10009] Dev loop8 SGI disklabel: csum bad, label corrupted
[  279.586704][T10024] loop8: detected capacity change from 0 to 4096
[  279.610063][T10031] 9pnet: Insufficient options for proto=fd
[  279.811722][   T26] audit: type=1326 audit(1773164534.399:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10022 comm="syz.8.1898" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c1ea49799 code=0x0
[  280.704225][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  280.853439][T10077] netem: unknown loss type 257
[  280.864424][T10077] netem: change failed
[  281.551838][   T26] audit: type=1326 audit(1773164536.139:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10086 comm="syz.1.1914" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d89719799 code=0x0
[  281.587165][T10097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1915'.
[  281.652044][T10097] netlink: 'syz.3.1915': attribute type 14 has an invalid length.
[  281.724210][T10097] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  281.734542][T10097] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  281.743400][T10097] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  281.752710][T10097] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  281.858406][T10097] device vxlan0 entered promiscuous mode
[  282.850145][T10139] 9pnet: p9_errstr2errno: server reported unknown error �@cƒF	S+¼ingult
[  283.308362][T10157] netlink: 27 bytes leftover after parsing attributes in process `syz.1.1944'.
[  284.064224][ T6168] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  284.324174][ T6168] usb 4-1: Using ep0 maxpacket: 8
[  284.423133][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88806153dc00: rx timeout, send abort
[  284.446804][ T6168] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  284.472281][ T6168] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  284.492040][ T6168] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  284.502392][ T6168] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  284.518387][T10182] loop8: detected capacity change from 0 to 8192
[  284.524404][ T6168] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  284.559921][T10182] REISERFS (device loop8): found reiserfs format "3.5" with non-standard journal
[  284.577780][ T6168] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  284.582700][T10182] REISERFS (device loop8): using ordered data mode
[  284.622682][ T6168] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.643671][T10182] reiserfs: using flush barriers
[  284.671502][T10182] REISERFS (device loop8): journal params: device loop8, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  284.688703][T10182] REISERFS (device loop8): checking transaction log (loop8)
[  284.699592][T10182] REISERFS (device loop8): Using r5 hash to sort names
[  284.709679][T10182] REISERFS (device loop8): using 3.5.x disk format
[  284.716674][T10182] REISERFS (device loop8): Created .reiserfs_priv - reserved for xattr storage.
[  284.931558][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88806153dc00: abort rx timeout. Force session deactivation
[  284.964244][ T6168] usb 4-1: usb_control_msg returned -32
[  284.969899][ T6168] usbtmc 4-1:16.0: can't read capabilities
[  285.230369][T10208] batman_adv: batadv0: Adding interface: macsec1
[  285.236976][T10208] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.268435][T10208] batman_adv: batadv0: Interface activated: macsec1
[  285.744390][T10220] usbtmc 4-1:16.0: CHECK_CLEAR_STATUS returned 0
[  285.777713][T10225] bridge_slave_0: default FDB implementation only supports local addresses
[  285.903332][T10209] loop8: detected capacity change from 0 to 32768
[  285.918384][T10231] netlink: 'syz.0.1975': attribute type 1 has an invalid length.
[  285.956254][ T6168] usb 4-1: USB disconnect, device number 9
[  285.968261][T10209] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 scanned by syz.8.1966 (10209)
[  286.011686][T10231] netlink: 'syz.0.1975': attribute type 1 has an invalid length.
[  286.037865][T10209] BTRFS info (device loop8): using sha256 (sha256-avx2) checksum algorithm
[  286.053698][T10209] BTRFS info (device loop8): using free space tree
[  286.071337][T10231] netlink: 'syz.0.1975': attribute type 11 has an invalid length.
[  286.080935][T10209] BTRFS info (device loop8): has skinny extents
[  286.098305][T10231] netlink: 198172 bytes leftover after parsing attributes in process `syz.0.1975'.
[  286.416472][T10209] BTRFS info (device loop8): enabling ssd optimizations
[  287.939821][T10284] netlink: 27 bytes leftover after parsing attributes in process `syz.6.1988'.
[  288.241165][T10292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:34) already exists on: macsec1
[  288.254865][T10292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  288.299956][T10292] batman_adv: batadv0: Adding interface: macsec1
[  288.316280][T10292] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  288.392507][T10292] batman_adv: batadv0: Interface activated: macsec1
[  289.300215][ T4231] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  289.330687][T10317] fuse: Bad value for 'fd'
[  289.361265][T10315] device gretap1 entered promiscuous mode
[  289.594276][ T4231] usb 4-1: Using ep0 maxpacket: 8
[  289.724548][ T4231] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  289.915304][ T5333] wlan1: Trigger new scan to find an IBSS to join
[  289.922263][ T4231] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  289.948998][ T4231] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.972184][ T4231] usb 4-1: Product: syz
[  289.985556][ T4231] usb 4-1: Manufacturer: syz
[  290.002897][ T4231] usb 4-1: SerialNumber: syz
[  290.017178][ T4231] usb 4-1: config 0 descriptor??
[  290.084577][ T4231] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  290.092694][ T4231] usb 4-1: setting power ON
[  290.123029][ T4231] dvb-usb: bulk message failed: -22 (2/0)
[  290.164525][ T4231] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  290.224918][ T4231] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  290.250392][ T4231] usb 4-1: media controller created
[  290.290928][T10346] dvb-usb: bulk message failed: -22 (3/0)
[  290.312230][T10346] cxusb: i2c rd: len=216 is too big!
[  290.312230][T10346] 
[  290.365063][T10309] dvb-usb: bulk message failed: -22 (3/0)
[  290.381479][ T4231] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  290.405849][T10309] dvb-usb: bulk message failed: -22 (3/0)
[  290.496557][ T4231] usb 4-1: selecting invalid altsetting 6
[  290.524999][ T4231] usb 4-1: digital interface selection failed (-22)
[  290.559732][ T4231] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  290.645016][ T4231] usb 4-1: setting power OFF
[  290.652368][ T4231] dvb-usb: bulk message failed: -22 (2/0)
[  290.679736][ T4231] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  290.713560][ T4231] (NULL device *): no alternate interface
[  290.827461][ T4231] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  290.883982][ T4231] usb 4-1: USB disconnect, device number 10
[  291.332909][T10386] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2032'.
[  291.633389][T10396] 9pnet: p9_errstr2errno: server reported unknown error �è00000000000000000000004
[  291.736541][T10401] loop8: detected capacity change from 0 to 64
[  291.854662][T10401] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  292.048637][T10408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2042'.
[  292.094862][T10408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2042'.
[  292.792631][T10432] overlayfs: failed to clone upperpath
[  294.006595][ T5333] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  294.549069][T10485] fuse: Bad value for 'fd'
[  295.468199][   T26] audit: type=1326 audit(1773164550.059:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10517 comm="syz.1.2086" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9d89719799 code=0x0
[  296.357695][T10551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2096'.
[  296.373303][T10551] device erspan0 entered promiscuous mode
[  296.393645][T10551] device macvtap2 entered promiscuous mode
[  296.494970][T10557] loop3: detected capacity change from 0 to 128
[  296.597553][T10557] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  296.643511][T10557] ext4 filesystem being mounted at /383/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  296.822512][T10557] EXT4-fs (loop3): shut down requested (2)
[  296.860994][T10557] syz.3.2101 (pid 10557) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  296.971379][T10585] overlayfs: failed to clone upperpath
[  299.188939][T10588] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 50250 - 0
[  299.198423][T10588] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 50250 - 0
[  299.207667][T10588] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 50250 - 0
[  299.217031][T10588] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 50250 - 0
[  299.235084][T10588] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  299.244125][T10588] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  299.253238][T10588] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  299.262481][T10588] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  299.396284][T10588] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  299.414147][T10588] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  299.423822][T10588] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  299.440655][T10588] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  300.478440][   T26] audit: type=1326 audit(1773164555.069:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10654 comm="syz.8.2136" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c1ea49799 code=0x0
[  301.412651][   T26] audit: type=1326 audit(1773164555.999:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.3.2149" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f952662c799 code=0x0
[  301.542574][T10689] netlink: 76 bytes leftover after parsing attributes in process `syz.8.2150'.
[  301.799741][T10702] loop8: detected capacity change from 0 to 16
[  301.844886][T10702] erofs: (device loop8): mounted with root inode @ nid 36.
[  301.859859][T10702] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  301.888591][T10702] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  301.944804][T10702] overlayfs: inode number too big (/, ino=4611686018427387940, xinobits=3)
[  301.976723][T10702] overlayfs: d_ino too big (., ino=4611686018427387950, xinobits=3)
[  301.995536][T10702] overlayfs: d_ino too big (file0, ino=4611686018427387953, xinobits=3)
[  302.022809][T10702] overlayfs: d_ino too big (file1, ino=4611686018427387987, xinobits=3)
[  302.193626][T10706] Set syz1 is full, maxelem 2 reached
[  302.362673][T10714] loop3: detected capacity change from 0 to 128
[  302.931928][T10735] binder: 10734:10735 ioctl c0306201 2000000001c0 returned -14
[  303.557933][T10755] loop3: detected capacity change from 0 to 8192
[  303.652439][T10755] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  303.668162][T10755] REISERFS (device loop3): using ordered data mode
[  303.675913][T10755] reiserfs: using flush barriers
[  303.687766][T10755] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  303.730440][T10765] loop8: detected capacity change from 0 to 4096
[  303.748027][T10755] REISERFS (device loop3): checking transaction log (loop3)
[  303.767697][T10755] REISERFS (device loop3): Using r5 hash to sort names
[  303.782745][ T2303] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  303.794587][T10755] REISERFS (device loop3): using 3.5.x disk format
[  303.802706][T10755] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  303.828497][T10765] EXT4-fs (loop8): Ignoring removed mblk_io_submit option
[  303.876827][T10765] EXT4-fs (loop8): Test dummy encryption mode enabled
[  303.916270][T10765] EXT4-fs (loop8): Ignoring removed orlov option
[  303.940287][ T2303] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  303.992752][T10765] EXT4-fs (loop8): mounted filesystem without journal. Opts: grpid,mblk_io_submit,nodioread_nolock,test_dummy_encryption,lazytime,nodelalloc,minixdf,orlov,,errors=continue. Quota mode: writeback.
[  304.818931][T10791] loop8: detected capacity change from 0 to 128
[  304.894248][T10791] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=2802c118, mo2=0102]
[  304.902444][T10791] System zones: 1-3, 19-19, 35-36
[  304.909022][T10791] EXT4-fs (loop8): mounted filesystem without journal. Opts: noload,abort,debug,noinit_itable,usrjquota=,,errors=continue. Quota mode: none.
[  304.924199][T10791] ext4 filesystem being mounted at /103/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  305.425990][T10807] loop8: detected capacity change from 0 to 764
[  305.513563][T10788] loop3: detected capacity change from 0 to 32768
[  305.531814][T10807] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  305.580857][T10807] netem: incorrect gi model size
[  305.586972][T10807] netem: change failed
[  305.730630][T10788] XFS (loop3): Mounting V5 Filesystem
[  305.788859][T10817] loop8: detected capacity change from 0 to 1024
[  305.886477][T10788] XFS (loop3): Ending clean mount
[  305.904454][T10817] EXT4-fs (loop8): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,noblock_validity,auto_da_alloc,auto_da_alloc=0x0000000000000005,,errors=continue. Quota mode: none.
[  306.013953][T10817] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  306.376904][ T4193] XFS (loop3): Unmounting Filesystem
[  306.925305][T10849] overlayfs: failed to clone upperpath
[  307.160441][T10855] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  307.192831][T10855] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  307.210352][T10858] loop3: detected capacity change from 0 to 128
[  308.160266][T10883] netlink: 51 bytes leftover after parsing attributes in process `syz.1.2225'.
[  308.257941][T10887] cgroup: Setting release_agent not allowed
[  308.268653][   T26] audit: type=1326 audit(1773164562.859:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10889 comm="syz.6.2228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c59e70799 code=0x0
[  308.987881][T10894] loop3: detected capacity change from 0 to 32768
[  309.084150][T10894] XFS (loop3): Mounting V5 Filesystem
[  309.212567][T10894] XFS (loop3): Ending clean mount
[  309.227759][T10894] XFS (loop3): Quotacheck needed: Please wait.
[  309.390590][T10894] XFS (loop3): Quotacheck: Done.
[  309.653394][ T4193] XFS (loop3): Unmounting Filesystem
[  312.015956][T10921] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.024960][T10921] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.034451][T10921] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.043378][T10921] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  312.083404][T10921] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.093111][T10921] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.102636][T10921] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.112243][T10921] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  312.159207][T10921] batman_adv: batadv0: Interface deactivated: macsec1
[  312.302165][T10946] loop8: detected capacity change from 0 to 128
[  313.189242][T10952] loop3: detected capacity change from 0 to 32768
[  313.249299][T10952] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.2247 (10952)
[  313.306926][T10968] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2254'.
[  313.317105][T10952] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  313.367780][T10952] BTRFS info (device loop3): using free space tree
[  313.388087][T10952] BTRFS info (device loop3): has skinny extents
[  313.705178][T10952] BTRFS info (device loop3): enabling ssd optimizations
[  313.712867][T10965] loop8: detected capacity change from 0 to 40427
[  313.762531][T10952] BTRFS info (device loop3): setting compat-ro feature flag for VERITY (0x4)
[  313.864644][T10965] F2FS-fs (loop8): invalid crc value
[  313.922517][T10965] F2FS-fs (loop8): Found nat_bits in checkpoint
[  314.159645][ T4429] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop3 scanned by udevd (4429)
[  314.198173][T10965] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  314.555676][ T9162] attempt to access beyond end of device
[  314.555676][ T9162] loop8: rw=2049, want=45104, limit=40427
[  316.790750][T11007] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  316.808122][T11007] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  316.819225][T11007] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  316.831624][T11007] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.067039][T11007] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.076070][T11007] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.085119][T11007] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.094023][T11007] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.180151][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  317.821479][T11074] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2289'.
[  318.033006][T11051] loop8: detected capacity change from 0 to 40427
[  318.061184][T11051] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x1ffff
[  318.099685][T11051] xt_hashlimit: size too large, truncated to 1048576
[  318.533034][T11084] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2301'.
[  318.548125][T11083] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2293'.
[  319.893147][T11099] overlayfs: failed to clone upperpath
[  321.423406][T11105] loop8: detected capacity change from 0 to 2048
[  321.464039][T11105] UDF-fs: error (device loop8): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  321.494626][T11105] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  321.915764][T11086] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.926953][T11086] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.936818][T11086] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.945842][T11086] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  322.096439][T11086] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  322.105666][T11086] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  322.114848][T11086] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  322.123758][T11086] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  322.245697][T11083] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2293'.
[  322.284988][T11096] netlink: 'syz.0.2295': attribute type 4 has an invalid length.
[  322.478626][T11114] netlink: 'syz.6.2302': attribute type 1 has an invalid length.
[  322.489865][T11114] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2302'.
[  322.635414][T11123] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2307'.
[  322.676164][T11118] block device autoloading is deprecated and will be removed.
[  323.302174][T11165] netlink: 'syz.0.2323': attribute type 1 has an invalid length.
[  323.332910][T11165] netlink: 'syz.0.2323': attribute type 4 has an invalid length.
[  323.347102][T11165] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2323'.
[  323.375154][T11170] netlink: 'syz.0.2323': attribute type 1 has an invalid length.
[  323.383105][T11170] netlink: 'syz.0.2323': attribute type 4 has an invalid length.
[  323.392669][T11170] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2323'.
[  323.554284][T11177] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2328'.
[  323.903071][T11175] loop8: detected capacity change from 0 to 40427
[  323.977685][T11175] F2FS-fs (loop8): Invalid SB checksum offset: 0
[  323.992838][T11175] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock
[  324.001659][T11192] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  324.032093][T11175] F2FS-fs (loop8): invalid crc value
[  324.073092][T11175] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  324.251128][T11175] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0
[  324.258308][T11175] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  324.732794][T11217] overlayfs: failed to clone upperpath
[  324.821065][T11201] loop3: detected capacity change from 0 to 32768
[  324.915550][T11201] blkno = 8ed2c, nblocks = 1
[  324.922399][T11201] ERROR: (device loop3): dbFree: block to be freed is outside the map
[  324.922399][T11201] 
[  324.968822][T11201] ERROR: (device loop3): remounting filesystem as read-only
[  324.984507][T11201] ialloc: diAlloc returned -17!
[  325.056995][ T9162] attempt to access beyond end of device
[  325.056995][ T9162] loop8: rw=2049, want=45104, limit=40427
[  325.218424][T11228] loop3: detected capacity change from 0 to 2048
[  325.352264][T11228] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  325.396555][T11228] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  326.003432][T11250] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  326.040986][T11250] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  326.440682][T11266] netdevsim netdevsim8 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0
[  326.450033][T11266] netdevsim netdevsim8 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0
[  326.459072][T11266] netdevsim netdevsim8 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0
[  326.468034][T11266] netdevsim netdevsim8 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0
[  327.288044][T11266] batman_adv: batadv0: Interface deactivated: macsec1
[  327.324331][T11284] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2364'.
[  327.361249][T11284] netlink: 'syz.3.2364': attribute type 7 has an invalid length.
[  327.379295][T11284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2364'.
[  327.524403][T11286] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2368'.
[  327.576023][T11286] device team1 entered promiscuous mode
[  327.590875][T11286] 8021q: adding VLAN 0 to HW filter on device team1
[  327.693041][T11291] device vxcan1 entered promiscuous mode
[  327.839430][T11297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2373'.
[  328.000197][T11305] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2376'.
[  328.071279][T11310] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2376'.
[  329.266979][T11353] netlink: 68 bytes leftover after parsing attributes in process `syz.6.2396'.
[  329.291450][T11353] tipc: Started in network mode
[  329.302219][T11353] tipc: Node identity fe800000000000000000000000000014, cluster identity 4711
[  329.314187][T11353] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  329.382438][ T4231] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  329.655798][ T4231] usb 9-1: Using ep0 maxpacket: 16
[  329.761806][T11367] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2402'.
[  329.784037][T11367] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2402'.
[  329.784472][ T4231] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  329.804576][ T4231] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  329.845711][T11369] overlayfs: failed to clone upperpath
[  329.888231][T11371] batman_adv: batadv0: Removing interface: macsec1
[  329.899203][T11371] team0: Mode changed to "activebackup"
[  329.974779][ T4231] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  329.984228][ T4231] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.992391][ T4231] usb 9-1: Product: syz
[  329.997993][ T4231] usb 9-1: Manufacturer: syz
[  330.002756][ T4231] usb 9-1: SerialNumber: syz
[  330.334334][ T4231] usb 9-1: 0:2 : does not exist
[  330.409622][ T4231] usb 9-1: USB disconnect, device number 6
[  330.455895][ T4414] udevd[4414]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  330.922199][T11407] netlink: 'syz.6.2419': attribute type 1 has an invalid length.
[  330.975259][T11407] smc: adding net device bond0 with user defined pnetid SYZ2
[  330.983657][T11407] 8021q: adding VLAN 0 to HW filter on device bond0
[  331.079669][T11410] bond0: (slave veth9): Enslaving as an active interface with a down link
[  331.094266][ T6163] Bluetooth: hci5: command 0x1003 tx timeout
[  331.100406][ T4196] Bluetooth: hci5: sending frame failed (-49)
[  331.164948][T11407] 8021q: adding VLAN 0 to HW filter on device batadv1
[  331.200027][T11407] bond0: (slave batadv1): making interface the new active one
[  331.236543][T11407] device batadv1 entered promiscuous mode
[  331.249476][T11407] bond0: (slave batadv1): Enslaving as an active interface with an up link
[  331.279051][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  331.416556][T11421] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2426'.
[  331.423118][T11403] loop8: detected capacity change from 0 to 40427
[  331.453037][T11403] F2FS-fs (loop8): build fault injection attr: rate: 771, type: 0x1ffff
[  331.467760][T11421] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2426'.
[  331.501122][T11403] F2FS-fs (loop8): invalid crc value
[  331.530579][T11403] F2FS-fs (loop8): Found nat_bits in checkpoint
[  331.671123][T11403] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  331.752183][T11403] F2FS-fs (loop8) : inject kvmalloc in f2fs_kvmalloc of f2fs_insert_range+0x2e7/0x3b0
[  331.836252][ T9162] attempt to access beyond end of device
[  331.836252][ T9162] loop8: rw=2049, want=45104, limit=40427
[  331.932037][T11443] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2433'.
[  331.963565][T11443] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2433'.
[  333.174283][ T6163] Bluetooth: hci5: command 0x1001 tx timeout
[  333.180599][ T4196] Bluetooth: hci5: sending frame failed (-49)
[  333.288781][T11485] loop8: detected capacity change from 0 to 2048
[  333.372310][T11485] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  333.392716][ T4414] udevd[4414]: incorrect nilfs2 checksum on /dev/loop8
[  333.440738][T11490] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  333.587443][T11494] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2450'.
[  334.042396][T11502] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2454'.
[  334.163459][ T4232] libceph: connect (1)[c::]:6789 error -22
[  334.182580][ T4232] libceph: mon0 (1)[c::]:6789 connect error
[  334.217045][T11503] ceph: No mds server is up or the cluster is laggy
[  334.226816][ T4232] libceph: connect (1)[c::]:6789 error -22
[  334.232822][ T4232] libceph: mon0 (1)[c::]:6789 connect error
[  334.585713][   T23] libceph: connect (1)[c::]:6789 error -22
[  334.592047][   T23] libceph: mon0 (1)[c::]:6789 connect error
[  335.054350][T11531] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2463'.
[  335.230485][T11538] 8021q: adding VLAN 0 to HW filter on device bond1
[  335.240437][T11538] team0: Port device bond1 added
[  335.254339][ T4283] Bluetooth: hci5: command 0x1009 tx timeout
[  335.756702][T11567] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2478'.

syzkaller
syzkaller login: [  336.911304][T11609] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2497'.
[  337.318618][T11630] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2504'.
[  340.174265][ T6163] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  340.424377][ T6163] usb 4-1: Using ep0 maxpacket: 16
[  340.544554][ T6163] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  340.579165][ T6163] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  340.624220][ T6163] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  340.633335][ T6163] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.692526][T11716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  340.745664][ T6163] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  340.753544][ T6163] cdc_acm 4-1:1.0: This needs exactly 3 endpoints
[  340.770271][ T6163] cdc_acm: probe of 4-1:1.0 failed with error -22
[  340.806555][T11716] device bond2 entered promiscuous mode
[  340.853637][T11716] 8021q: adding VLAN 0 to HW filter on device bond2
[  340.885252][T11718] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  340.936092][T11718] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  340.998608][T11719] bond2: (slave vti0): refused to change device type
[  341.068851][T11704] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2545'.
[  341.094296][T11704] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2545'.
[  341.136184][   T13] usb 4-1: USB disconnect, device number 11
[  341.377501][T11728] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2543'.
[  342.056563][T11729] loop8: detected capacity change from 0 to 32768
[  342.196672][T11729] XFS (loop8): Mounting V5 Filesystem
[  342.342999][T11729] XFS (loop8): Ending clean mount
[  342.376108][T11729] XFS (loop8): Quotacheck needed: Please wait.
[  342.539014][T11729] XFS (loop8): Quotacheck: Done.
[  342.566614][ T4418] device batadv1 left promiscuous mode
[  342.761748][ T9162] XFS (loop8): Unmounting Filesystem
[  342.790865][T11748] syz.3.2554 (11748): drop_caches: 2
[  343.231449][T11781] batman_adv: batadv0: Adding interface: dummy0
[  343.238017][T11781] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  343.265106][T11781] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  343.437325][T11790] overlayfs: failed to clone upperpath
[  345.486005][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.495085][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.504207][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.514111][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.523231][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.532358][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.541708][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  345.550722][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  346.503907][T11850] loop3: detected capacity change from 0 to 16
[  346.530950][T11850] erofs: (device loop3): check_layout_compatibility: unidentified incompatible feature 20, please upgrade kernel version
[  346.666011][T11856] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2594'.
[  346.729704][T11850] 9pnet: p9_errstr2errno: server reported unknown error GôÇ3ï™þÙ¹ØÜ
v;8;˜ç±ø:§Ei{ñ_2½—xzÆ~~F-DÒ¢�ðä^s¢öm­½ÿÿÿÿ
[  346.974014][T11861] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2596'.
[  347.025789][T11861] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2596'.
[  347.100626][T11858] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  347.130721][T11858] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  347.284839][T11866] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2598'.
[  347.340354][T11866] device bond1 entered promiscuous mode
[  347.347078][T11866] 8021q: adding VLAN 0 to HW filter on device bond1
[  347.385980][T11866] device macvlan2 entered promiscuous mode
[  347.421035][T11866] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  347.510996][T11874] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2585'.
[  347.532434][T11874] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  347.592297][T11879] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2585'.
[  347.613335][T11879] bond1: peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  347.909936][T11896] loop8: detected capacity change from 0 to 512
[  347.975493][T11896] EXT4-fs (loop8): Mount option "noacl" will be removed by 3.5
[  347.975493][T11896] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  347.975493][T11896] 
[  347.998454][T11896] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[  348.070737][T11896] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=80026019, mo2=0000]
[  348.135838][T11896] EXT4-fs (loop8): 1 truncate cleaned up
[  348.141896][T11896] EXT4-fs (loop8): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nombcache,acl,barrier=0x000000000000000c,noacl,max_batch_time=0x0000000000000006,nodelalloc,resgid=0x00000000000000002,errors=continue. Quota mode: writeback.
[  348.167389][ T5333] Quota error (device loop8): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  348.207680][ T5333] EXT4-fs error (device loop8): ext4_release_dquot:6270: comm kworker/u4:14: Failed to release dquot type 1
[  348.281214][T11896] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:3885: comm syz.8.2608: Allocating blocks 43-64 which overlap fs metadata
[  348.374689][T11904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2609'.
[  348.922038][T11909] loop8: detected capacity change from 0 to 40427
[  349.054476][T11909] F2FS-fs (loop8): build fault injection attr: rate: 14, type: 0x1ffff
[  349.062894][T11909] F2FS-fs (loop8): build fault injection attr: rate: 0, type: 0x724
[  349.084638][T11909] F2FS-fs (loop8): invalid crc value
[  349.111157][T11909] F2FS-fs (loop8): Found nat_bits in checkpoint
[  349.183765][T11909] F2FS-fs (loop8) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x43c/0xaa0
[  349.284331][T11909] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  349.325351][T11909] F2FS-fs (loop8) : inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x6a4/0x1dc0
[  349.395708][T11909] F2FS-fs (loop8) : inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xf7/0x580
[  349.433367][T11909] F2FS-fs (loop8) : inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x136/0x8f0
[  349.572073][ T9162] attempt to access beyond end of device
[  349.572073][ T9162] loop8: rw=2049, want=45104, limit=40427
[  350.203213][T11983] netlink: 11562 bytes leftover after parsing attributes in process `syz.6.2630'.
[  351.020718][T12010] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2639'.
[  351.369709][T12016] loop3: detected capacity change from 0 to 512
[  351.447262][T12016] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  351.611157][T12016] loop3: detected capacity change from 0 to 4096
[  351.665910][T12016] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
[  352.173133][T12031] netlink: 68 bytes leftover after parsing attributes in process `syz.8.2647'.
[  352.227689][T12031] sctp: [Deprecated]: syz.8.2647 (pid 12031) Use of int in maxseg socket option.
[  352.227689][T12031] Use struct sctp_assoc_value instead
[  353.478499][T12076] ptrace attach of ""[12077] was attempted by "./syz-executor exec"[12076]
[  354.684252][ T4283] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  354.936875][ T4283] usb 4-1: Using ep0 maxpacket: 8
[  355.054277][ T4283] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  355.074164][ T4283] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  355.094151][ T4283] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  355.114222][ T4283] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  355.144167][ T4283] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  355.153259][ T4283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.424260][ T4283] usb 4-1: GET_CAPABILITIES returned 0
[  355.429936][ T4283] usbtmc 4-1:16.0: can't read capabilities
[  355.568790][ T4253] tipc: Subscription rejected, illegal request
[  355.630152][   T23] usb 4-1: USB disconnect, device number 12
[  356.517141][T12166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2703'.
[  357.052699][T12177] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2707'.
[  357.710485][T12189] loop8: detected capacity change from 0 to 4096
[  357.863121][T12189] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  358.042564][T12212] overlayfs: failed to clone upperpath
[  358.453106][T12236] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2729'.
[  358.601293][T12237] fuse: root generation should be zero
[  358.971982][T12271] loop3: detected capacity change from 0 to 2048
[  359.067443][T12271] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  359.259194][T12288] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2753'.
[  359.300624][T12290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2752'.
[  359.319308][T12290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2752'.
[  359.343917][T12290] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  359.353045][T12290] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  359.361988][T12290] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  359.370835][T12290] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  359.383063][T12290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2752'.
[  359.392641][T12290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2752'.
[  359.417384][T12291] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2753'.
[  359.443462][T12291] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2753'.
[  359.606575][T12300] loop8: detected capacity change from 0 to 16
[  359.642650][T12300] erofs: (device loop8): mounted with root inode @ nid 36.
[  359.714929][T12303] netlink: 'syz.6.2759': attribute type 1 has an invalid length.
[  359.770134][T12303] 8021q: adding VLAN 0 to HW filter on device bond2
[  359.867534][T12309] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.945627][T12309] bond2: (slave bond0): making interface the new active one
[  359.971621][T12309] bond2: (slave bond0): Enslaving as an active interface with an up link
[  359.998210][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  360.091715][T12309] syz.6.2759 (12309) used greatest stack depth: 17872 bytes left
[  360.660895][ T4418] attempt to access beyond end of device
[  360.660895][ T4418] loop3: rw=1, want=2049, limit=2048
[  360.687156][ T4418] Buffer I/O error on dev loop3, logical block 2048, lost async page write
[  360.707203][ T4418] attempt to access beyond end of device
[  360.707203][ T4418] loop3: rw=1, want=2049, limit=2048
[  360.730893][ T4418] Buffer I/O error on dev loop3, logical block 2048, lost async page write
[  360.751377][ T4418] attempt to access beyond end of device
[  360.751377][ T4418] loop3: rw=1, want=2049, limit=2048
[  360.783650][ T4418] Buffer I/O error on dev loop3, logical block 2048, lost async page write
[  360.802099][ T4418] attempt to access beyond end of device
[  360.802099][ T4418] loop3: rw=1, want=2049, limit=2048
[  360.854392][ T4418] Buffer I/O error on dev loop3, logical block 2048, lost async page write
[  360.865350][ T4418] attempt to access beyond end of device
[  360.865350][ T4418] loop3: rw=1, want=2050, limit=2048
[  360.895842][ T4418] Buffer I/O error on dev loop3, logical block 2049, lost async page write
[  360.914393][ T4418] attempt to access beyond end of device
[  360.914393][ T4418] loop3: rw=1, want=2050, limit=2048
[  360.936007][ T4418] Buffer I/O error on dev loop3, logical block 2049, lost async page write
[  360.953752][ T4418] attempt to access beyond end of device
[  360.953752][ T4418] loop3: rw=1, want=2050, limit=2048
[  360.965509][ T4418] Buffer I/O error on dev loop3, logical block 2049, lost async page write
[  360.974527][ T4418] attempt to access beyond end of device
[  360.974527][ T4418] loop3: rw=1, want=2050, limit=2048
[  360.986207][ T4418] Buffer I/O error on dev loop3, logical block 2049, lost async page write
[  361.001940][ T4418] attempt to access beyond end of device
[  361.001940][ T4418] loop3: rw=1, want=2051, limit=2048
[  361.023464][ T4418] Buffer I/O error on dev loop3, logical block 2050, lost async page write
[  361.042668][ T4418] attempt to access beyond end of device
[  361.042668][ T4418] loop3: rw=1, want=2051, limit=2048
[  361.064205][ T4418] Buffer I/O error on dev loop3, logical block 2050, lost async page write
[  361.174248][ T4283] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  361.250877][T12363] netlink: 'syz.0.2777': attribute type 2 has an invalid length.
[  361.259371][T12363] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.2777'.
[  361.534612][ T4283] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.564341][ T4283] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.590527][ T4283] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  361.617793][ T4283] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.648802][ T4283] usb 9-1: config 0 descriptor??
[  361.657455][T12387] loop2: detected capacity change from 0 to 7
[  361.683705][ T4414] Dev loop2: unable to read RDB block 7
[  361.694304][ T4414]  loop2: unable to read partition table
[  361.700403][ T4414] loop2: partition table beyond EOD, truncated
[  361.723163][T12387] Dev loop2: unable to read RDB block 7
[  361.732744][T12387]  loop2: unable to read partition table
[  361.748015][T12387] loop2: partition table beyond EOD, truncated
[  361.754877][T12387] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  362.005286][T12406] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2794'.
[  362.344375][ T4283] usb 9-1: string descriptor 0 read error: -22
[  362.609948][ T4283] uclogic 0003:256C:006D.000A: interface is invalid, ignoring
[  362.812918][ T6163] usb 9-1: USB disconnect, device number 7
[  362.944458][ T4283] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  363.304958][ T4283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.316356][ T4283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.326651][ T4283] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  363.353091][ T4283] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  363.362568][ T4283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.400445][ T4283] usb 4-1: config 0 descriptor??
[  363.896658][ T4283] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  363.908436][ T4283] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  363.924283][ T4283] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  363.941436][ T4283] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  363.974495][ T6163] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[  364.152833][T12480] "syz.1.2824" (12480) uses obsolete ecb(arc4) skcipher
[  364.334206][ T6163] usb 9-1: config 0 has an invalid interface number: 64 but max is 0
[  364.342882][ T6163] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.353997][ T6163] usb 9-1: config 0 has no interface number 0
[  364.360702][ T6163] usb 9-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b
[  364.370795][ T6163] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.384553][ T6163] usb 9-1: config 0 descriptor??
[  364.633644][   T23] usb 9-1: USB disconnect, device number 8
[  365.316662][T12513] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2835'.
[  365.456322][T12523] overlayfs: failed to clone upperpath
[  365.545545][T12528] netlink: 'syz.8.2842': attribute type 1 has an invalid length.
[  365.642712][T12528] 8021q: adding VLAN 0 to HW filter on device bond2
[  365.667108][T12532] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0
[  365.704122][T12532] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0
[  365.752463][T12532] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0
[  365.796266][T12532] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0
[  365.837997][T12532] bond2: (slave geneve2): making interface the new active one
[  365.877996][T12532] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  365.897449][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  365.970414][T12552] 9pnet_virtio: no channels available for device syz
[  366.076494][   T23] usb 4-1: USB disconnect, device number 13
[  366.508499][T12548] loop3: detected capacity change from 0 to 32768
[  366.589900][T12548]  loop3: p1 p3 < p5 p6 >
[  366.857261][ T4416] udevd[4416]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[  366.859989][ T4429] udevd[4429]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  366.880333][ T4178] udevd[4178]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory
[  366.903882][ T4414] udevd[4414]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  368.220484][T12594] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2868'.
[  368.333000][T12597] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2868'.
[  368.517973][T12579] chnl_net:caif_netlink_parms(): no params data found
[  368.541905][T12587] loop3: detected capacity change from 0 to 32768
[  368.662882][T12587] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2866 (12587)
[  368.875395][T12579] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.900360][T12579] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.933162][T12579] device bridge_slave_0 entered promiscuous mode
[  368.961671][T12579] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.987725][T12579] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.015936][T12579] device bridge_slave_1 entered promiscuous mode
[  369.053036][T12587] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  369.086583][T12587] BTRFS info (device loop3): using free space tree
[  369.117165][T12587] BTRFS info (device loop3): has skinny extents
[  369.172295][T12579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  369.253974][T12579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  369.391802][T12587] BTRFS info (device loop3): enabling ssd optimizations
[  369.419257][T12629] overlayfs: failed to clone upperpath
[  369.453016][   T26] audit: type=1800 audit(1773164624.039:95): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2866" name="file1" dev="loop3" ino=260 res=0 errno=0
[  369.498089][T12579] team0: Port device team_slave_0 added
[  369.571299][T12579] team0: Port device team_slave_1 added
[  369.596430][T12633] BTRFS info (device loop3): scrub: started on devid 1
[  369.611360][T12579] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.639491][T12579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.710232][T12579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.727140][T12639] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2876'.
[  369.765564][T12579] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.772571][T12579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.814876][T12579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.830245][T12639] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2876'.
[  369.846522][ T4230] Bluetooth: hci3: command 0x0409 tx timeout
[  369.918465][T12633] BTRFS info (device loop3): scrub: finished on devid 1 with status: 0
[  370.015583][T12579] device hsr_slave_0 entered promiscuous mode
[  370.041345][T12579] device hsr_slave_1 entered promiscuous mode
[  370.146588][T12579] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  370.189228][T12579] Cannot create hsr debugfs directory
[  370.593432][T12663] overlayfs: failed to clone upperpath
[  370.718104][T12579] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  370.950682][T12579] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  371.075471][T12579] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  371.160697][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.195025][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.204465][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.213519][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.292039][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.349424][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.394274][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.436587][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.457022][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  371.514718][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2888'.
[  372.012316][ T6569] Bluetooth: hci3: command 0x041b tx timeout
[  372.045753][T12579] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  372.388353][T12579] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  372.423052][T12579] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  372.453819][T12579] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  372.482369][T12579] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  372.853828][T12579] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.945303][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  372.957522][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  372.988823][T12579] 8021q: adding VLAN 0 to HW filter on device team0
[  373.012881][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  373.042728][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  373.074885][ T4418] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.082056][ T4418] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.114778][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  373.148415][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  373.164991][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  373.185661][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.192780][ T5345] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.228437][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  373.242989][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  373.276888][ T4231] libceph: connect (1)[c::]:6789 error -22
[  373.282869][ T4231] libceph: mon0 (1)[c::]:6789 connect error
[  373.290555][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  373.325012][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  373.360969][T12714] ceph: No mds server is up or the cluster is laggy
[  373.375660][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  373.400208][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  373.417110][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  373.458206][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  373.474840][T12702] loop3: detected capacity change from 0 to 40427
[  373.498820][T12579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  373.510672][T12579] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  373.523904][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  373.573630][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  373.583611][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  373.638525][T12702] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  373.653979][T12702] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  373.721013][T12702] F2FS-fs (loop3): invalid crc value
[  373.779989][T12702] F2FS-fs (loop3): Found nat_bits in checkpoint
[  373.985223][T12702] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  373.992351][T12702] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  374.054375][ T6569] Bluetooth: hci3: command 0x040f tx timeout
[  374.135206][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  374.142803][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  374.209021][T12579] 8021q: adding VLAN 0 to HW filter on device batadv0
[  374.245872][T12756] tipc: Failed to remove unknown binding: 66,0,0/0:4157913377/4157913378
[  374.572716][T12777] device ip6tnl1 entered promiscuous mode
[  374.724877][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  374.735236][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  374.763617][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  374.776252][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  374.789847][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  374.819757][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  374.840254][T12579] device veth0_vlan entered promiscuous mode
[  374.886711][T12579] device veth1_vlan entered promiscuous mode
[  374.945094][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  374.955720][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  374.977900][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  374.996657][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  375.030203][T12579] device veth0_macvtap entered promiscuous mode
[  375.053417][T12579] device veth1_macvtap entered promiscuous mode
[  375.075629][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  375.093094][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  375.129171][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  375.152628][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  375.170972][T12579] batman_adv: batadv0: Interface activated: batadv_slave_0
[  375.185729][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  375.201952][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  375.210514][T12796] overlayfs: failed to clone upperpath
[  375.233160][T12579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  375.251791][T12579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  375.270400][T12579] batman_adv: batadv0: Interface activated: batadv_slave_1
[  375.288049][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  375.303222][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  375.323152][T12579] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  375.338473][T12579] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  375.353659][T12579] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  375.367228][T12579] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  375.568125][T12802] sock: sock_set_timeout: `syz.3.2934' (pid 12802) tries to set negative timeout
[  375.687947][ T5345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  375.715407][ T5345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  375.731771][ T5325] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  375.770501][ T5345] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  375.813643][ T5345] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  375.841954][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  376.134213][ T6163] Bluetooth: hci3: command 0x0419 tx timeout
[  376.524426][   T23] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  376.600353][T12838] netlink: 'syz.0.2946': attribute type 12 has an invalid length.
[  376.791523][T12844] __nla_validate_parse: 3 callbacks suppressed
[  376.791543][T12844] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2949'.
[  376.935401][   T23] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  376.949818][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.977382][   T23] usb 4-1: config 0 descriptor??
[  377.038219][   T23] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  377.253141][T12857] device syzkaller0 entered promiscuous mode
[  377.291048][T12857] device syzkaller0 left promiscuous mode
[  377.620871][T12864] loop8: detected capacity change from 0 to 4096
[  377.658646][T12864] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  377.705942][T12864] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 4096)
[  377.785052][T12874] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  377.869773][T12864] overlayfs: upper fs does not support tmpfile.
[  377.879793][T12864] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  377.887391][T12864] overlayfs: failed to set xattr on upper
[  377.893150][T12864] overlayfs: ...falling back to index=off,metacopy=off.
[  377.918991][T12864] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  377.943648][T12864] Remounting filesystem read-only
[  377.949117][T12864] overlayfs: cleanup of 'work/#46' failed (-30)
[  378.038241][T12579] NILFS (loop8): disposed unprocessed dirty file(s) when detaching log writer
[  378.304433][   T23] gspca_stv06xx: HDCS-1000/1100 sensor detected
[  378.467485][T12889] netlink: 'syz.0.2968': attribute type 10 has an invalid length.
[  378.511506][T12891] device syzkaller1 entered promiscuous mode
[  378.633628][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  378.844389][   T23] STV06xx: probe of 4-1:0.0 failed with error -71
[  378.863486][   T23] usb 4-1: USB disconnect, device number 14
[  378.992959][T12908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2975'.
[  380.000653][T12925] loop8: detected capacity change from 0 to 32768
[  380.123602][T12925] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 scanned by syz.8.2983 (12925)
[  380.170529][T12925] BTRFS info (device loop8): using crc32c (crc32c-intel) checksum algorithm
[  380.189672][T12925] BTRFS info (device loop8): setting nodatacow, compression disabled
[  380.222978][T12925] BTRFS info (device loop8): turning on flush-on-commit
[  380.248891][T12925] BTRFS info (device loop8): setting incompat feature flag for COMPRESS_LZO (0x8)
[  380.280421][T12925] BTRFS info (device loop8): use lzo compression, level 0
[  380.312007][T12925] BTRFS info (device loop8): setting nodatasum
[  380.332182][T12925] BTRFS info (device loop8): use no compression
[  380.337276][T12974] overlayfs: failed to clone upperpath
[  380.383783][T12925] BTRFS info (device loop8): trying to use backup root at mount time
[  380.393542][T12925] BTRFS info (device loop8): max_inline at 0
[  380.421294][T12925] BTRFS info (device loop8): using free space tree
[  380.439988][T12925] BTRFS info (device loop8): has skinny extents
[  380.514794][T12981] mmap: syz.0.3004 (12981) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  380.624600][ T5327] BTRFS warning (device loop8): checksum verify failed on 5332992 wanted 0x0a5e5d25 found 0xcee3a718 level 0
[  380.708736][T12925] BTRFS warning (device loop8): couldn't read tree root
[  380.745592][  T155] BTRFS warning (device loop8): checksum verify failed on 5324800 wanted 0x9f73850b found 0xe06dfc66 level 0
[  380.799858][T13012] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3011'.
[  380.818258][T12925] BTRFS warning (device loop8): couldn't read tree root
[  380.826389][T12925] BTRFS error (device loop8): parent transid verify failed on 5255168 wanted 5 found 7
[  380.890316][T12925] BTRFS warning (device loop8): couldn't read tree root
[  380.931471][T12925] BTRFS info (device loop8): enabling ssd optimizations
[  380.942170][T12925] BTRFS info (device loop8): clearing free space tree
[  380.957731][T12925] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  380.978992][T12925] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  381.020681][T12925] BTRFS info (device loop8): creating free space tree
[  381.049111][T12925] BTRFS info (device loop8): setting compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  381.081563][T12925] BTRFS info (device loop8): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  381.398360][T13031] kvm: MONITOR instruction emulated as NOP!
[  382.345174][   T26] audit: type=1326 audit(1773164636.929:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.391391][   T26] audit: type=1326 audit(1773164636.929:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.423281][T13057] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.3024'.
[  382.462397][   T26] audit: type=1326 audit(1773164636.929:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.498904][   T26] audit: type=1326 audit(1773164636.929:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.566964][   T26] audit: type=1326 audit(1773164636.929:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.624478][T13063] loop3: detected capacity change from 0 to 128
[  382.640438][   T26] audit: type=1326 audit(1773164636.959:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.700104][   T26] audit: type=1326 audit(1773164636.959:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13056 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe1125b6fce code=0x7ffc0000
[  382.729290][   T26] audit: type=1326 audit(1773164636.969:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13052 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  382.790354][   T26] audit: type=1326 audit(1773164637.119:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13056 comm="syz.0.3025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fe1125f6799 code=0x7ffc0000
[  383.623833][T13116] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  383.761123][T13074] loop3: detected capacity change from 0 to 40427
[  383.869355][T13074] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff
[  383.938084][T13074] F2FS-fs (loop3): invalid crc value
[  383.957984][T13074] F2FS-fs (loop3): Found nat_bits in checkpoint
[  384.144578][T13074] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  384.217898][T13074] handle_bad_sector: 24 callbacks suppressed
[  384.217920][T13074] attempt to access beyond end of device
[  384.217920][T13074] loop3: rw=2049, want=45112, limit=40427
[  384.313400][T13154] F2FS-fs (loop3) : inject no more block in inc_valid_node_count of f2fs_new_node_page+0x185/0x8f0
[  384.380532][T13154] overlayfs: failed to create directory ./file0/index (errno: 28); mounting read-only
[  384.410171][T13154] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  384.452492][ T4193] F2FS-fs (loop3): access invalid blkaddr:2816
[  384.476694][ T4193] CPU: 1 PID: 4193 Comm: syz-executor Not tainted syzkaller #0
[  384.484316][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  384.494503][ T4193] Call Trace:
[  384.497810][ T4193]  <TASK>
[  384.500774][ T4193]  dump_stack_lvl+0x188/0x250
[  384.505586][ T4193]  ? show_regs_print_info+0x20/0x20
[  384.510831][ T4193]  ? f2fs_get_next_page_offset+0x6a0/0x6a0
[  384.516698][ T4193]  f2fs_is_valid_blkaddr+0xc7e/0x1250
[  384.522123][ T4193]  f2fs_map_blocks+0xbcd/0x3300
[  384.527064][ T4193]  ? f2fs_force_buffered_io+0x680/0x680
[  384.532765][ T4193]  ? xa_load+0x276/0x2a0
[  384.537067][ T4193]  f2fs_mpage_readpages+0xc95/0x2260
[  384.542452][ T4193]  ? dquot_release_reservation_block+0xa0/0xa0
[  384.548686][ T4193]  ? f2fs_is_compress_backend_ready+0x99/0x120
[  384.554892][ T4193]  ? f2fs_readahead+0x163/0x2f0
[  384.559785][ T4193]  ? f2fs_set_data_page_dirty+0xad0/0xad0
[  384.565551][ T4193]  read_pages+0x175/0x930
[  384.570066][ T4193]  ? page_cache_ra_unbounded+0x940/0x940
[  384.575842][ T4193]  ? add_to_page_cache_lru+0x2a8/0x4a0
[  384.581349][ T4193]  page_cache_ra_unbounded+0x838/0x940
[  384.586934][ T4193]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  384.593587][ T4193]  f2fs_readdir+0x496/0xda0
[  384.598174][ T4193]  ? f2fs_fill_dentries+0xd10/0xd10
[  384.603435][ T4193]  ? end_current_label_crit_section+0x14b/0x170
[  384.609891][ T4193]  ? iterate_dir+0x10d/0x560
[  384.614516][ T4193]  ? down_read_killable+0x1ce/0x340
[  384.619745][ T4193]  ? fsnotify_perm+0x254/0x560
[  384.624558][ T4193]  iterate_dir+0x218/0x560
[  384.629015][ T4193]  ? f2fs_fill_dentries+0xd10/0xd10
[  384.634415][ T4193]  __se_sys_getdents64+0xf2/0x270
[  384.639500][ T4193]  ? __x64_sys_getdents64+0x80/0x80
[  384.644734][ T4193]  ? filldir+0x720/0x720
[  384.649128][ T4193]  ? vtime_user_exit+0x2c8/0x3e0
[  384.654115][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  384.659360][ T4193]  do_syscall_64+0x4c/0xa0
[  384.663947][ T4193]  ? clear_bhb_loop+0x30/0x80
[  384.668672][ T4193]  ? clear_bhb_loop+0x30/0x80
[  384.673395][ T4193]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  384.679341][ T4193] RIP: 0033:0x7f9526655133
[  384.683793][ T4193] Code: c7 c0 e8 ff ff ff 64 c7 00 16 00 00 00 31 c0 eb 9e e8 81 9b fd ff 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 e8 ff ff ff f7 d8
[  384.703532][ T4193] RSP: 002b:00007ffe0612e318 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  384.711994][ T4193] RAX: ffffffffffffffda RBX: 0000555594dafa30 RCX: 00007f9526655133
[  384.720016][ T4193] RDX: 0000000000008000 RSI: 0000555594dafa60 RDI: 0000000000000005
[  384.728037][ T4193] RBP: 0000555594dafa60 R08: 00007f952687ce20 R09: 0000000000000001
[  384.736059][ T4193] R10: 0000000000000000 R11: 0000000000000293 R12: 0000555594dafa34
[  384.744287][ T4193] R13: ffffffffffffffe8 R14: 0000000000000010 R15: 00007ffe061305c0
[  384.752343][ T4193]  </TASK>
[  384.764023][ T4193] F2FS-fs (loop3): access invalid blkaddr:2816
[  384.770525][ T4193] CPU: 1 PID: 4193 Comm: syz-executor Not tainted syzkaller #0
[  384.778111][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  384.788199][ T4193] Call Trace:
[  384.791530][ T4193]  <TASK>
[  384.794505][ T4193]  dump_stack_lvl+0x188/0x250
[  384.799235][ T4193]  ? show_regs_print_info+0x20/0x20
[  384.804477][ T4193]  ? f2fs_get_next_page_offset+0x6a0/0x6a0
[  384.810395][ T4193]  f2fs_is_valid_blkaddr+0xc7e/0x1250
[  384.815819][ T4193]  f2fs_map_blocks+0xbcd/0x3300
[  384.820881][ T4193]  ? f2fs_force_buffered_io+0x680/0x680
[  384.826490][ T4193]  ? xa_load+0x276/0x2a0
[  384.830815][ T4193]  f2fs_mpage_readpages+0xc95/0x2260
[  384.836170][ T4193]  ? dquot_release_reservation_block+0xa0/0xa0
[  384.842385][ T4193]  ? f2fs_is_compress_backend_ready+0x99/0x120
[  384.848587][ T4193]  ? f2fs_readahead+0x163/0x2f0
[  384.853479][ T4193]  ? f2fs_set_data_page_dirty+0xad0/0xad0
[  384.859344][ T4193]  read_pages+0x175/0x930
[  384.863742][ T4193]  ? page_cache_ra_unbounded+0x940/0x940
[  384.869418][ T4193]  ? add_to_page_cache_lru+0x2a8/0x4a0
[  384.874934][ T4193]  page_cache_ra_unbounded+0x838/0x940
[  384.880449][ T4193]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  384.887135][ T4193]  f2fs_readdir+0x496/0xda0
[  384.891699][ T4193]  ? f2fs_fill_dentries+0xd10/0xd10
[  384.896936][ T4193]  ? end_current_label_crit_section+0x14b/0x170
[  384.903266][ T4193]  ? iterate_dir+0x10d/0x560
[  384.908008][ T4193]  ? down_read_killable+0x1ce/0x340
[  384.913259][ T4193]  ? fsnotify_perm+0x254/0x560
[  384.918066][ T4193]  iterate_dir+0x218/0x560
[  384.922520][ T4193]  ? f2fs_fill_dentries+0xd10/0xd10
[  384.927770][ T4193]  __se_sys_getdents64+0xf2/0x270
[  384.932842][ T4193]  ? __x64_sys_getdents64+0x80/0x80
[  384.938078][ T4193]  ? filldir+0x720/0x720
[  384.942366][ T4193]  ? vtime_user_exit+0x2c8/0x3e0
[  384.947906][ T4193]  ? lockdep_hardirqs_on+0x94/0x140
[  384.953166][ T4193]  do_syscall_64+0x4c/0xa0
[  384.957627][ T4193]  ? clear_bhb_loop+0x30/0x80
[  384.962340][ T4193]  ? clear_bhb_loop+0x30/0x80
[  384.967061][ T4193]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  384.973089][ T4193] RIP: 0033:0x7f9526655133
[  384.977539][ T4193] Code: c7 c0 e8 ff ff ff 64 c7 00 16 00 00 00 31 c0 eb 9e e8 81 9b fd ff 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 e8 ff ff ff f7 d8
[  384.997295][ T4193] RSP: 002b:00007ffe0612e318 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  385.005801][ T4193] RAX: ffffffffffffffda RBX: 0000555594dafa30 RCX: 00007f9526655133
[  385.013814][ T4193] RDX: 0000000000008000 RSI: 0000555594dafa60 RDI: 0000000000000005
[  385.021949][ T4193] RBP: 0000555594dafa60 R08: 00007f952687ce20 R09: 0000000000000001
[  385.029966][ T4193] R10: 0000000000000000 R11: 0000000000000293 R12: 0000555594dafa34
[  385.038236][ T4193] R13: ffffffffffffffe8 R14: 0000000000000010 R15: 00007ffe061305c0
[  385.046311][ T4193]  </TASK>
[  385.074857][ T4193] attempt to access beyond end of device
[  385.074857][ T4193] loop3: rw=0, want=45072, limit=40427
[  385.160240][T13169] netlink: 100 bytes leftover after parsing attributes in process `syz.8.3068'.
[  386.510409][T13200] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3082'.
[  386.555668][ T4355] attempt to access beyond end of device
[  386.555668][ T4355] loop3: rw=2049, want=45136, limit=40427
[  386.645354][T13202] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3083'.
[  386.908618][T13212] bridge0: port 1(syz_tun) entered blocking state
[  386.928235][T13212] bridge0: port 1(syz_tun) entered disabled state
[  386.945637][T13212] device syz_tun entered promiscuous mode
[  386.968496][T13214] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3088'.
[  387.021694][T13216] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3089'.
[  388.452331][  T155] device hsr_slave_0 left promiscuous mode
[  388.465017][  T155] device hsr_slave_1 left promiscuous mode
[  388.713011][  T155] bond1 (unregistering): Released all slaves
[  389.581692][  T155] bond0 (unregistering): Released all slaves
[  389.651250][   T26] audit: type=1326 audit(1773164644.239:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13328 comm="syz.0.3120" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe1125f6799 code=0x0
[  389.989937][T13255] chnl_net:caif_netlink_parms(): no params data found
[  390.134430][ T4230] Bluetooth: hci4: command 0x0409 tx timeout
[  390.220695][T13255] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.243622][T13255] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.303302][T13255] device bridge_slave_0 entered promiscuous mode
[  390.337202][T13255] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.344788][T13255] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.353545][T13255] device bridge_slave_1 entered promiscuous mode
[  390.414702][T13255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.446487][T13255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.570854][T13255] team0: Port device team_slave_0 added
[  390.620068][T13255] team0: Port device team_slave_1 added
[  390.697370][T13255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  390.705168][T13255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.762186][T13255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.826972][T13255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  390.846508][T13255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.904219][T13255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.056110][T13255] device hsr_slave_0 entered promiscuous mode
[  391.445607][T13255] device hsr_slave_1 entered promiscuous mode
[  392.214226][ T6163] Bluetooth: hci4: command 0x041b tx timeout
[  394.074337][T13255] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  394.085443][T13255] Cannot create hsr debugfs directory
[  394.294152][ T4230] Bluetooth: hci4: command 0x040f tx timeout
[  394.328919][T13412] netlink: 7 bytes leftover after parsing attributes in process `syz.8.3143'.
[  394.729662][T13255] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  394.774726][T13255] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  394.817497][T13255] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  394.851304][T13255] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  394.930343][T13448] overlayfs: missing 'lowerdir'
[  394.954556][T13449] netlink: 'syz.8.3155': attribute type 1 has an invalid length.
[  394.971038][T13449] netlink: 'syz.8.3155': attribute type 4 has an invalid length.
[  395.000934][T13449] netlink: 9462 bytes leftover after parsing attributes in process `syz.8.3155'.
[  395.040989][T13451] netlink: 'syz.8.3155': attribute type 1 has an invalid length.
[  395.051345][T13451] netlink: 'syz.8.3155': attribute type 4 has an invalid length.
[  395.071742][T13451] netlink: 9462 bytes leftover after parsing attributes in process `syz.8.3155'.
[  395.182793][T13255] 8021q: adding VLAN 0 to HW filter on device bond0
[  395.237324][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  395.263466][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  395.300293][T13255] 8021q: adding VLAN 0 to HW filter on device team0
[  395.325257][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  395.357030][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  395.383248][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state
[  395.390539][ T5345] bridge0: port 1(bridge_slave_0) entered forwarding state
[  395.429265][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  395.486740][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  395.519096][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  395.567819][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state
[  395.575179][ T5345] bridge0: port 2(bridge_slave_1) entered forwarding state
[  395.644763][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  395.663825][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  395.693745][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  395.722833][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  395.745278][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  395.764907][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  395.789139][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  395.832043][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  395.861586][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  395.882177][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  395.901820][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  395.922845][T13255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  396.351129][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  396.374538][ T4230] Bluetooth: hci4: command 0x0419 tx timeout
[  396.405677][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  396.441565][T13255] 8021q: adding VLAN 0 to HW filter on device batadv0
[  397.072331][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  397.088652][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  397.184839][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  397.198741][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  397.223978][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  397.246673][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  397.270189][T13255] device veth0_vlan entered promiscuous mode
[  397.316989][T13255] device veth1_vlan entered promiscuous mode
[  397.405074][T13544] overlayfs: failed to clone lowerpath
[  397.418091][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  397.445388][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  397.471714][T13255] device veth0_macvtap entered promiscuous mode
[  397.497707][T13255] device veth1_macvtap entered promiscuous mode
[  397.536946][T13255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  397.551099][T13255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.562128][T13255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  397.580697][T13255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.608097][T13255] batman_adv: batadv0: Interface activated: batadv_slave_0
[  397.622549][T13255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.641599][T13255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.662795][T13255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.701933][T13255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.725765][T13255] batman_adv: batadv0: Interface activated: batadv_slave_1
[  397.734760][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  397.749950][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  397.760091][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  397.774676][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  397.793967][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  397.815257][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  397.863816][T13255] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  397.889744][T13255] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  397.919844][T13255] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  397.944883][T13255] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  397.994761][T13555] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3192'.
[  398.190192][ T5333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.204553][ T5333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.225766][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  398.271990][ T5327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.296353][ T5327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  398.303987][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  398.333288][T13534] overlayfs: failed to resolve './file1': -2
[  398.702671][T13582] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3188'.
[  399.112639][T13598] netlink: 'syz.8.3194': attribute type 1 has an invalid length.
[  399.439290][T13614] loop9: detected capacity change from 0 to 1024
[  399.498004][T13614] EXT4-fs (loop9): Ignoring removed oldalloc option
[  399.526964][T13614] EXT4-fs (loop9): Ignoring removed bh option
[  399.533123][T13614] EXT4-fs (loop9): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  399.644242][T13614] EXT4-fs (loop9): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,nobarrier,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  399.751532][   T26] audit: type=1804 audit(1773164654.339:106): pid=13614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.3201" name="/newroot/5/file1/bus" dev="loop9" ino=18 res=1 errno=0
[  400.343974][T13643] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3207'.
[  400.377122][T13643] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3207'.
[  400.870198][T13661] overlayfs: failed to clone upperpath
[  401.164683][T13673] netlink: 'syz.8.3214': attribute type 1 has an invalid length.
[  401.237280][T13673] 8021q: adding VLAN 0 to HW filter on device bond1
[  401.386283][T13676] bond1: (slave veth3): Enslaving as an active interface with a down link
[  401.451723][T13679] 8021q: adding VLAN 0 to HW filter on device batadv1
[  401.487151][T13679] bond1: (slave batadv1): making interface the new active one
[  401.529046][T13679] device batadv1 entered promiscuous mode
[  401.553873][T13679] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  401.571812][T13685] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3217'.
[  401.621776][T13686] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3217'.
[  401.634463][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  401.852364][T13696] loop9: detected capacity change from 0 to 2048
[  401.963951][T13703] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3221'.
[  401.997544][T13703] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3221'.
[  402.325128][T13717] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  402.758253][T13667] overlayfs: failed to clone upperpath
[  402.839794][T13733] netlink: 'syz.9.3231': attribute type 1 has an invalid length.
[  403.003448][T13740] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3233'.
[  403.255742][T13744] device erspan0 left promiscuous mode
[  403.334533][T13744] bridge0: port 1(syz_tun) entered blocking state
[  403.341104][T13744] bridge0: port 1(syz_tun) entered forwarding state
[  403.393140][T13749] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3237'.
[  403.431694][T13754] overlayfs: failed to clone upperpath
[  403.509467][T13754] overlayfs: failed to clone lowerpath
[  403.802152][T13766] overlayfs: failed to clone upperpath
[  403.848221][T13766] overlayfs: failed to clone lowerpath
[  403.968044][T13774] netlink: 'syz.1.3246': attribute type 1 has an invalid length.
[  404.051533][T13774] 8021q: adding VLAN 0 to HW filter on device bond1
[  404.082431][T13779] bond1: (slave veth7): Enslaving as an active interface with a down link
[  404.148453][T13774] 8021q: adding VLAN 0 to HW filter on device batadv1
[  404.157837][T13774] bond1: (slave batadv1): making interface the new active one
[  404.175215][T13774] device batadv1 entered promiscuous mode
[  404.187266][T13774] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  404.212749][ T5327] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  404.307927][T13782] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3249'.
[  404.452004][T13789] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  404.619824][T13792] 8021q: adding VLAN 0 to HW filter on device team0
[  404.668210][T13792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  404.846507][T13798] loop9: detected capacity change from 0 to 2048
[  404.945511][T13802] overlayfs: failed to clone upperpath
[  404.957571][T13802] overlayfs: failed to clone lowerpath
[  404.975894][T13798] EXT4-fs (loop9): mounted filesystem without journal. Opts: barrier,,errors=continue. Quota mode: none.
[  405.003953][T13798] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  405.364210][ T6163] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  405.470879][T13821] netlink: 'syz.0.3262': attribute type 1 has an invalid length.
[  405.484650][ T4283] libceph: connect (1)[c::]:6789 error -22
[  405.490769][ T4283] libceph: mon0 (1)[c::]:6789 connect error
[  405.522237][T13817] ceph: No mds server is up or the cluster is laggy
[  405.546757][T13821] 8021q: adding VLAN 0 to HW filter on device bond3
[  405.627991][T13827] bond3: (slave veth11): Enslaving as an active interface with a down link
[  405.644673][T13821] 8021q: adding VLAN 0 to HW filter on device batadv1
[  405.663606][T13821] bond3: (slave batadv1): making interface the new active one
[  405.676608][T13821] device batadv1 entered promiscuous mode
[  405.684615][T13821] bond3: (slave batadv1): Enslaving as an active interface with an up link
[  405.693709][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  405.754367][ T6163] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  405.779193][ T6163] usb 10-1: config 0 has no interfaces?
[  405.964371][ T6163] usb 10-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  405.973567][ T6163] usb 10-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  405.999914][ T6163] usb 10-1: Product: syz
[  406.004473][ T6163] usb 10-1: Manufacturer: syz
[  406.009202][ T6163] usb 10-1: SerialNumber: syz
[  406.043429][ T6163] usb 10-1: config 0 descriptor??
[  406.335635][ T6163] usb 10-1: USB disconnect, device number 2
[  406.917130][T13846] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3281'.
[  406.963716][T13846] device team1 entered promiscuous mode
[  407.035334][T13846] 8021q: adding VLAN 0 to HW filter on device team1
[  407.746238][T13864] loop9: detected capacity change from 0 to 40427
[  407.778064][T13864] F2FS-fs (loop9): Invalid SB checksum offset: 0
[  407.798568][T13864] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[  407.833418][T13864] F2FS-fs (loop9): invalid crc value
[  407.884918][T13864] F2FS-fs (loop9): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  407.977582][T13864] F2FS-fs (loop9): Try to recover 2th superblock, ret: 0
[  407.992992][T13864] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  408.055624][T13871] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3278'.
[  408.080083][T13871] netlink: 'syz.8.3278': attribute type 7 has an invalid length.
[  408.098307][T13871] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3278'.
[  408.159602][T13877] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3280'.
[  408.297890][T13891] overlayfs: failed to clone lowerpath
[  408.375346][T13896] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3298'.
[  408.403637][T13896] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3298'.
[  408.715501][T13255] attempt to access beyond end of device
[  408.715501][T13255] loop9: rw=2049, want=45104, limit=40427
[  409.200238][T13921] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3294'.
[  409.275393][T13921] device bond3 entered promiscuous mode
[  409.305843][T13921] 8021q: adding VLAN 0 to HW filter on device bond3
[  409.354981][T13925] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3294'.
[  409.394304][T13925] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3294'.
[  409.533234][T13921] bond3: (slave vti1): refused to change device type
[  409.556076][T13927] netlink: 112 bytes leftover after parsing attributes in process `syz.8.3297'.
[  409.589600][T13931] overlayfs: failed to clone upperpath
[  410.070228][T13958] batman_adv: batadv0: Adding interface: dummy0
[  410.086983][T13958] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  410.143993][T13958] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  410.164266][T13961] macvtap1: mtu less than device minimum
[  411.174360][ T5961] Bluetooth: hci5: command 0x1003 tx timeout
[  411.180525][ T4192] Bluetooth: hci5: sending frame failed (-49)
[  412.616802][T14004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3328'.
[  412.693142][T14008] 9pnet: p9_errstr2errno: server reported unknown error GôÇ3ï™þÙ¹ØÜ
v;8;˜ç±ø:§Ei{ñ_2½—xzÆ~~F-DÒ¢�ðä^s¢öm­½ÿÿÿÿ
[  412.777501][T14010] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3330'.
[  412.978679][T14014] netlink: 92 bytes leftover after parsing attributes in process `syz.6.3330'.
[  413.256143][ T5961] Bluetooth: hci5: command 0x1001 tx timeout
[  413.262528][ T4192] Bluetooth: hci5: sending frame failed (-49)
[  413.871707][T14025] ptrace attach of ""[14028] was attempted by "./syz-executor exec"[14025]
[  414.300665][T14046] netlink: 11562 bytes leftover after parsing attributes in process `syz.8.3340'.
[  414.554530][ T5345] device batadv1 left promiscuous mode
[  415.334196][ T2303] Bluetooth: hci5: command 0x1009 tx timeout
[  416.507741][T14134] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3356'.
[  416.778340][T14151] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3361'.
[  417.033641][T14163] netlink: 'syz.6.3363': attribute type 1 has an invalid length.
[  417.130442][T14163] 8021q: adding VLAN 0 to HW filter on device bond4
[  417.215354][T14168] bond4: (slave veth15): Enslaving as an active interface with a down link
[  417.280273][T14171] 8021q: adding VLAN 0 to HW filter on device batadv2
[  417.316143][T14171] bond4: (slave batadv2): making interface the new active one
[  417.327419][T14171] device batadv2 entered promiscuous mode
[  417.333500][T14171] bond4: (slave batadv2): Enslaving as an active interface with an up link
[  417.364436][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[  417.484487][ T5333] device batadv1 left promiscuous mode
[  419.713881][T14231] overlayfs: failed to clone lowerpath
[  419.722665][ T4283] libceph: connect (1)[c::]:6789 error -13
[  419.732282][ T4283] libceph: mon0 (1)[c::]:6789 connect error
[  419.773060][T14228] ceph: No mds server is up or the cluster is laggy
[  419.910658][T14238] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3368'.
[  420.006565][ T6163] libceph: connect (1)[c::]:6789 error -13
[  420.012544][ T6163] libceph: mon0 (1)[c::]:6789 connect error
[  420.326278][T14250] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  420.378370][T14250] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  420.407047][T14250] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  420.443377][T14250] device bridge_slave_0 left promiscuous mode
[  420.476178][T14250] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.517666][T14250] device bridge_slave_1 left promiscuous mode
[  420.538397][T14250] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.586139][T14250] bond0: (slave bond_slave_0): Releasing backup interface
[  420.638708][T14250] bond0: (slave bond_slave_1): Releasing backup interface
[  420.801660][T14250] team0: Port device team_slave_0 removed
[  420.845858][T14250] team0: Port device team_slave_1 removed
[  420.865073][T14250] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  420.879015][T14250] batman_adv: batadv0: Removing interface: batadv_slave_0
[  420.892615][T14250] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  420.927931][T14250] batman_adv: batadv0: Removing interface: batadv_slave_1
[  420.988804][T14250] bond1: (slave veth3): Releasing active interface
[  421.006234][T14250] bond1: (slave veth3): the permanent HWaddr of slave - b2:58:ea:73:12:b0 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  421.047050][T14250] device batadv1 entered promiscuous mode
[  421.081678][T14250] bond1: (slave batadv1): Releasing active interface
[  421.104439][T14250] device batadv1 left promiscuous mode
[  421.167624][T14251] 8021q: adding VLAN 0 to HW filter on device bond2
[  421.179215][T14251] team0: Port device bond2 added
[  421.209276][T14253] 8021q: adding VLAN 0 to HW filter on device team0
[  421.220610][T14253] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  421.456316][T14271] overlayfs: failed to clone lowerpath
[  422.334277][T14286] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3383'.
[  422.493824][T14296] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3387'.
[  422.562652][ T4230] libceph: connect (1)[c::]:6789 error -101
[  422.574849][ T4230] libceph: mon0 (1)[c::]:6789 connect error
[  422.583025][T14301] ceph: No mds server is up or the cluster is laggy
[  422.606299][T14309] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  422.807372][T14317] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  422.833645][T14317] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  422.854590][T14317] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  422.880874][T14317] device bridge_slave_0 left promiscuous mode
[  422.898704][T14317] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.926109][T14317] device bridge_slave_1 left promiscuous mode
[  422.936897][T14317] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.972520][T14317] bond0: (slave bond_slave_0): Releasing backup interface
[  423.031550][T14317] bond0: (slave bond_slave_1): Releasing backup interface
[  423.125291][T14317] team0: Port device team_slave_0 removed
[  423.151587][T14317] team0: Port device team_slave_1 removed
[  423.167111][T14317] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  423.177363][T14317] batman_adv: batadv0: Removing interface: batadv_slave_0
[  423.186825][T14317] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  423.195008][T14317] batman_adv: batadv0: Removing interface: batadv_slave_1
[  423.232354][T14322] 8021q: adding VLAN 0 to HW filter on device bond1
[  423.261987][T14322] team0: Port device bond1 added
[  423.364724][T14327] netlink: 56 bytes leftover after parsing attributes in process `syz.6.3405'.
[  423.398449][T14330] device syz_tun left promiscuous mode
[  423.416879][T14330] bridge0: port 1(syz_tun) entered disabled state
[  423.438184][T14330] batman_adv: batadv0: Removing interface: dummy0
[  423.484411][T14330] bond1: (slave veth7): Releasing active interface
[  423.491119][T14330] bond1: (slave veth7): the permanent HWaddr of slave - 5e:3e:97:35:a8:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  423.532088][T14330] device batadv1 entered promiscuous mode
[  423.569093][T14330] bond1: (slave batadv1): Releasing active interface
[  423.581867][T14330] device batadv1 left promiscuous mode
[  423.678044][T14336] 8021q: adding VLAN 0 to HW filter on device bond2
[  423.705862][T14336] team0: Port device bond2 added
[  424.285348][T14343] netlink: 'syz.0.3409': attribute type 1 has an invalid length.
[  424.334886][T14343] 8021q: adding VLAN 0 to HW filter on device bond4
[  424.366662][T14351] bond4: (slave veth13): Enslaving as an active interface with a down link
[  424.799741][T14346] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  424.808800][T14346] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  424.817943][T14346] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  424.826914][T14346] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  425.011141][T14354] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3396'.
[  425.049501][T14343] 8021q: adding VLAN 0 to HW filter on device batadv2
[  425.065667][T14343] bond4: (slave batadv2): making interface the new active one
[  425.090596][T14343] device batadv2 entered promiscuous mode
[  425.104852][T14343] bond4: (slave batadv2): Enslaving as an active interface with an up link
[  425.141631][ T4418] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[  425.217365][ T5325] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.362400][ T5325] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.860319][ T5325] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.873011][T14402] netlink: 'syz.0.3419': attribute type 1 has an invalid length.
[  425.910323][T14402] 8021q: adding VLAN 0 to HW filter on device bond5
[  425.957745][T14403] bond5: (slave veth15): Enslaving as an active interface with a down link
[  425.972545][T14404] 8021q: adding VLAN 0 to HW filter on device batadv3
[  425.995147][T14404] bond5: (slave batadv3): making interface the new active one
[  426.007377][T14404] device batadv3 entered promiscuous mode
[  426.013649][T14404] bond5: (slave batadv3): Enslaving as an active interface with an up link
[  426.041649][ T5325] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.084743][ T5339] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[  426.221358][T14413] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3423'.
[  426.278399][T14413] device bond2 entered promiscuous mode
[  426.284541][T14413] 8021q: adding VLAN 0 to HW filter on device bond2
[  426.349952][T14418] device macvlan0 entered promiscuous mode
[  426.479982][T14418] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  426.590097][T14428] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3428'.
[  426.802132][T14432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3431'.
[  426.946875][T14432] device team1 entered promiscuous mode
[  426.976499][T14432] 8021q: adding VLAN 0 to HW filter on device team1
[  427.110952][T14442] netlink: 'syz.0.3434': attribute type 1 has an invalid length.
[  427.308731][T14442] 8021q: adding VLAN 0 to HW filter on device bond6
[  427.341228][T14448] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3436'.
[  427.361274][T14448] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  427.473175][T14447] bond6: (slave veth17): Enslaving as an active interface with a down link
[  427.500702][T14451] 8021q: adding VLAN 0 to HW filter on device batadv4
[  427.530487][T14451] bond6: (slave batadv4): making interface the new active one
[  427.587659][T14451] device batadv4 entered promiscuous mode
[  427.603260][T14451] bond6: (slave batadv4): Enslaving as an active interface with an up link
[  427.816939][T14456] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3436'.
[  427.837220][T14456] bond3: peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  427.901021][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready
[  427.986122][T14470] netlink: 'syz.6.3448': attribute type 1 has an invalid length.
[  428.084309][T14470] 8021q: adding VLAN 0 to HW filter on device bond5
[  428.122745][T14473] bond5: (slave veth19): Enslaving as an active interface with a down link
[  428.143534][T14476] 8021q: adding VLAN 0 to HW filter on device batadv3
[  428.195458][T14476] bond5: (slave batadv3): making interface the new active one
[  428.276415][T14476] device batadv3 entered promiscuous mode
[  428.288304][T14476] bond5: (slave batadv3): Enslaving as an active interface with an up link
[  428.313843][ T5333] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[  428.556958][T14489] netlink: 'syz.6.3453': attribute type 1 has an invalid length.
[  428.663786][T14498] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3441'.
[  428.705412][T14489] 8021q: adding VLAN 0 to HW filter on device bond6
[  428.718876][T14504] overlayfs: failed to clone upperpath
[  428.735895][T14494] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3443'.
[  428.815749][T14494] device bond7 entered promiscuous mode
[  428.821777][T14494] 8021q: adding VLAN 0 to HW filter on device bond7
[  428.931636][T14495] bond6: (slave veth21): Enslaving as an active interface with a down link
[  428.958397][T14501] device macvlan1 entered promiscuous mode
[  428.978091][T14501] 8021q: adding VLAN 0 to HW filter on device macvlan1
[  429.043539][T14500] 8021q: adding VLAN 0 to HW filter on device batadv4
[  429.063175][T14500] bond6: (slave batadv4): making interface the new active one
[  429.081162][T14500] device batadv4 entered promiscuous mode
[  429.087841][T14500] bond6: (slave batadv4): Enslaving as an active interface with an up link
[  429.117375][ T5345] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready
[  430.610767][T14564] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3461'.
[  431.201348][T14527] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  431.210994][T14527] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  431.221491][T14527] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  431.231062][T14527] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  431.439897][T14537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3455'.
[  431.464816][T14544] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3455'.
[  431.476495][T14567] loop9: detected capacity change from 0 to 16
[  431.483806][T14551] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3472'.
[  431.528675][T14557] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3472'.
[  431.539743][T14559] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3475'.
[  431.550065][T14559] netlink: 'syz.1.3475': attribute type 7 has an invalid length.
[  431.558333][T14559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3475'.
[  431.602573][T14567] erofs: (device loop9): check_layout_compatibility: unidentified incompatible feature 20, please upgrade kernel version
[  431.721040][ T5325] device hsr_slave_0 left promiscuous mode
[  431.756018][T14567] 9pnet: p9_errstr2errno: server reported unknown error GôÇ3ï™þÙ¹ØÜ
v;8;˜ç±ø:§Ei{ñ_2½—xzÆ~~F-DÒ¢�ðä^s¢öm­½ÿÿÿÿ
[  431.777528][T14575] overlayfs: failed to clone upperpath
[  431.847208][ T5325] device hsr_slave_1 left promiscuous mode
[  431.884498][ T5325] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  431.892318][ T5325] batman_adv: batadv0: Removing interface: batadv_slave_0
[  431.927974][ T5325] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  431.946921][ T5325] batman_adv: batadv0: Removing interface: batadv_slave_1
[  431.989404][ T5325] device bridge_slave_1 left promiscuous mode
[  432.021743][ T5325] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.050284][ T5325] device bridge_slave_0 left promiscuous mode
[  432.069070][ T5325] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.106350][ T5325] device veth1_macvtap left promiscuous mode
[  432.120414][ T5325] device veth0_macvtap left promiscuous mode
[  432.142301][ T5325] device veth1_vlan left promiscuous mode
[  432.164414][ T5325] device veth0_vlan left promiscuous mode
[  432.328093][T14582] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  432.336543][T14582] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  432.674676][T14586] 9pnet_virtio: no channels available for device syz
[  432.965711][T14597] sock: sock_set_timeout: `syz.6.3477' (pid 14597) tries to set negative timeout
[  433.077271][ T5325] team0 (unregistering): Port device team_slave_1 removed
[  433.128981][ T5325] team0 (unregistering): Port device team_slave_0 removed
[  433.188420][ T5325] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  433.243181][ T5325] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  433.539522][ T5325] bond0 (unregistering): Released all slaves
[  433.623886][T14573] netlink: 48 bytes leftover after parsing attributes in process `syz.8.3464'.
[  433.644343][T14573] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  433.732213][T14576] netlink: 48 bytes leftover after parsing attributes in process `syz.8.3464'.
[  433.745852][T14576] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (20), value rounded to 2360 ms
[  433.822506][T14609] netlink: 112 bytes leftover after parsing attributes in process `syz.6.3492'.
[  434.108841][    C0] vkms_vblank_simulate: vblank timer overrun
[  434.710511][T14641] netlink: 'syz.6.3493': attribute type 7 has an invalid length.
[  434.836847][T14647] overlayfs: failed to clone upperpath
[  435.862742][T14684] batman_adv: batadv0: Adding interface: dummy0
[  435.886234][T14684] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  435.911700][    C0] vkms_vblank_simulate: vblank timer overrun
[  436.024930][T14684] batman_adv: batadv0: Interface activated: dummy0
[  436.053548][T14686] batadv0: mtu less than device minimum
[  436.090054][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.103626][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.116472][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.129138][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.141979][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.154723][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.167238][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.179836][T14686] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  436.384690][T14668] loop9: detected capacity change from 0 to 32768
[  436.497395][T14668] XFS (loop9): Mounting V5 Filesystem
[  436.619220][T14668] XFS (loop9): Ending clean mount
[  436.638156][T14668] XFS (loop9): Quotacheck needed: Please wait.
[  436.764538][  T155] device batadv2 left promiscuous mode
[  436.795290][T14668] XFS (loop9): Quotacheck: Done.
[  436.929769][T13255] XFS (loop9): Unmounting Filesystem
[  436.975004][T14722] overlayfs: failed to clone upperpath
[  437.027365][    C0] vkms_vblank_simulate: vblank timer overrun
[  437.134291][  T155] device batadv3 left promiscuous mode
[  438.988113][T14755] batman_adv: batadv0: Adding interface: dummy0
[  439.047747][T14755] batman_adv: batadv0: The MTU of interface dummy0 is too small (1280) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.174809][T14755] batman_adv: batadv0: Interface activated: dummy0
[  439.220004][T14758] net_ratelimit: 11 callbacks suppressed
[  439.220026][T14758] batadv0: mtu less than device minimum
[  439.267572][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.280223][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.292838][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.305715][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.318357][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.330991][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.343752][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.356514][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.369135][T14758] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  439.650908][T14769] overlayfs: failed to clone upperpath
[  439.656814][ T5327] device batadv4 left promiscuous mode
[  440.058170][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  440.504357][ T5345] device batadv3 left promiscuous mode
[  441.314454][ T5327] device batadv4 left promiscuous mode
[  441.699423][T14844] batman_adv: batadv0: Adding interface: dummy0
[  441.726243][T14844] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  441.836299][T14844] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  443.997526][T14852] syz.9.3543 (14852): drop_caches: 2
[  444.038610][T14915] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  444.070805][T14915] batman_adv: batadv0: Interface deactivated: dummy0
[  444.108879][T14915] batman_adv: batadv0: Removing interface: dummy0
[  444.164985][T14915] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[  444.188997][T14915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  444.241142][T14915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  444.390641][T14926] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  444.401349][T14915] team0: Port device bond2 removed
[  444.419181][T14926] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  444.435465][T14920] team0: Mode changed to "activebackup"
[  445.904684][T14985] __nla_validate_parse: 2 callbacks suppressed
[  445.904702][T14985] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3576'.
[  445.969048][T14985] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3576'.
[  447.107842][T15012] netlink: 'syz.8.3586': attribute type 4 has an invalid length.
[  447.176278][T15013] netlink: 'syz.8.3586': attribute type 4 has an invalid length.
[  447.642345][T15030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3592'.
[  447.893929][T14979] overlayfs: failed to clone upperpath
[  448.239632][T15050] netlink: 'syz.9.3599': attribute type 4 has an invalid length.
[  448.281673][T15050] netlink: 'syz.9.3599': attribute type 4 has an invalid length.
[  448.497326][T15062] netlink: 'syz.8.3606': attribute type 1 has an invalid length.
[  448.516978][T15062] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3606'.
[  448.801254][T15080] loop9: detected capacity change from 0 to 512
[  448.972198][T15080] EXT4-fs error (device loop9): ext4_orphan_get:1400: inode #15: comm syz.9.3615: inode has both inline data and extents flags
[  449.027262][T15080] EXT4-fs error (device loop9): ext4_orphan_get:1405: comm syz.9.3615: couldn't read orphan inode 15 (err -117)
[  449.116345][   T26] audit: type=1804 audit(1773164703.699:107): pid=15093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3618" name="file1" dev="ramfs" ino=65337 res=1 errno=0
[  449.141100][T15080] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  449.513683][T15107] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3624'.
[  449.750107][T15121] loop9: detected capacity change from 0 to 512
[  450.297824][T15143] overlayfs: failed to clone lowerpath
[  450.357746][T15143] overlayfs: failed to clone lowerpath
[  450.830722][T15179] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3647'.
[  452.172648][T15231] overlayfs: failed to clone upperpath
[  452.236462][T15233] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3665'.
[  452.320252][T15238] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3665'.
[  452.399566][T15243] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3669'.
[  453.177049][T15279] loop9: detected capacity change from 0 to 512
[  453.310574][T15279] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  453.337319][T15283] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3679'.
[  453.381595][T15279] EXT4-fs error (device loop9): ext4_search_dir:1549: inode #2: block 21: comm syz.9.3678: bad entry in directory: inode out of bounds - offset=44, inode=12, rec_len=16, size=1024 fake=0
[  453.407121][T15279] EXT4-fs error (device loop9): ext4_search_dir:1549: inode #2: block 21: comm syz.9.3678: bad entry in directory: inode out of bounds - offset=44, inode=12, rec_len=16, size=1024 fake=0
[  453.543122][T15293] overlayfs: failed to clone lowerpath
[  453.586849][T15293] overlayfs: failed to clone lowerpath
[  453.747313][T15307] ------------[ cut here ]------------
[  453.757456][T15307] wlan0: Failed check-sdata-in-driver check, flags: 0x4
[  453.772253][T15307] WARNING: CPU: 1 PID: 15307 at net/mac80211/driver-ops.h:172 ieee80211_bss_info_change_notify+0x37b/0x550
[  453.787625][T15311] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3691'.
[  453.815831][T15307] Modules linked in:
[  453.831570][T15307] CPU: 1 PID: 15307 Comm: syz.1.3688 Not tainted syzkaller #0
[  453.858514][T15307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  453.886078][T15307] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550
[  453.902683][T15307] Code: 39 7e f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 20 20 39 8b 4c 89 e6 89 ea e8 05 86 71 00 <0f> 0b e9 07 fd ff ff e8 a9 2d 39 f8 0f 0b e9 b1 fe ff ff e8 9d 2d
[  453.949637][T15307] RSP: 0018:ffffc9000351f248 EFLAGS: 00010246
[  453.963161][T15307] RAX: 56a32f472bd54e00 RBX: 0000000000400000 RCX: 0000000000080000
[  453.974542][T15307] RDX: ffffc90005ddb000 RSI: 00000000000051b3 RDI: 00000000000051b4
[  453.982931][T15307] RBP: 0000000000000004 R08: ffff8880b9133d7f R09: 1ffff110172267af
[  453.991797][T15307] R10: dffffc0000000000 R11: ffffed10172267b0 R12: ffff888061738000
[  454.009069][T15307] R13: ffff888061739290 R14: ffff88801a7e8e40 R15: ffff88806173a268
[  454.026572][T15307] FS:  00007f9d879736c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  454.046002][T15307] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  454.066076][T15307] CR2: 00007f718fd7a000 CR3: 000000007cde6000 CR4: 00000000003506e0
[  454.076265][T15307] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  454.094516][T15307] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  454.115342][T15307] Call Trace:
[  454.123200][T15307]  <TASK>
[  454.131288][T15307]  ? netif_carrier_off+0x31/0xc0
[  454.144773][T15307]  ieee80211_ocb_leave+0x26f/0x320
[  454.150210][T15307]  __cfg80211_leave_ocb+0x219/0x3f0
[  454.158143][T15307]  cfg80211_leave_ocb+0x53/0x70
[  454.163243][T15307]  cfg80211_change_iface+0x4f1/0xeb0
[  454.169209][T15307]  nl80211_set_interface+0x5a7/0x7e0
[  454.175162][T15307]  ? nl80211_dump_interface+0x5c0/0x5c0
[  454.180954][T15307]  ? mutex_lock_nested+0x17/0x20
[  454.188142][T15307]  genl_rcv_msg+0xcea/0xf90
[  454.192889][T15307]  ? genl_bind+0x380/0x380
[  454.199180][T15307]  ? verify_lock_unused+0x140/0x140
[  454.205832][T15307]  ? verify_lock_unused+0x140/0x140
[  454.218265][T15307]  ? nl80211_dump_interface+0x5c0/0x5c0
[  454.232203][T15307]  netlink_rcv_skb+0x1f5/0x440
[  454.243159][T15307]  ? genl_bind+0x380/0x380
[  454.255031][T15307]  ? netlink_ack+0xb50/0xb50
[  454.268529][T15307]  ? __lock_acquire+0x7d10/0x7d10
[  454.273715][T15307]  ? down_read+0x1aa/0x2e0
[  454.278668][T15307]  genl_rcv+0x24/0x40
[  454.282780][T15307]  netlink_unicast+0x774/0x920
[  454.288353][T15307]  netlink_sendmsg+0x8ba/0xbe0
[  454.293343][T15307]  ? netlink_getsockopt+0x570/0x570
[  454.298889][T15307]  ? aa_sock_msg_perm+0x94/0x150
[  454.304535][T15307]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  454.309967][T15307]  ? security_socket_sendmsg+0x7c/0xa0
[  454.315795][T15307]  ? netlink_getsockopt+0x570/0x570
[  454.321121][T15307]  ____sys_sendmsg+0x5b7/0x8f0
[  454.326347][T15307]  ? __sys_sendmsg_sock+0x30/0x30
[  454.331512][T15307]  ? import_iovec+0x6f/0xa0
[  454.338453][T15307]  ___sys_sendmsg+0x236/0x2e0
[  454.343308][T15307]  ? __sys_sendmsg+0x2a0/0x2a0
[  454.350883][T15307]  __se_sys_sendmsg+0x1af/0x290
[  454.355967][T15307]  ? __x64_sys_sendmsg+0x80/0x80
[  454.361101][T15307]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  454.368066][T15307]  ? lockdep_hardirqs_on+0x94/0x140
[  454.373568][T15307]  do_syscall_64+0x4c/0xa0
[  454.378239][T15307]  ? clear_bhb_loop+0x30/0x80
[  454.383033][T15307]  ? clear_bhb_loop+0x30/0x80
[  454.388183][T15307]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  454.394476][T15307] RIP: 0033:0x7f9d89719799
[  454.399064][T15307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  454.419451][T15307] RSP: 002b:00007f9d87973028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  454.428107][T15307] RAX: ffffffffffffffda RBX: 00007f9d89992fa0 RCX: 00007f9d89719799
[  454.436467][T15307] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000004
[  454.446974][T15307] RBP: 00007f9d897afc99 R08: 0000000000000000 R09: 0000000000000000
[  454.455205][T15307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.463462][T15307] R13: 00007f9d89993038 R14: 00007f9d89992fa0 R15: 00007fff10b302d8
[  454.472458][T15307]  </TASK>
[  454.475848][T15307] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  454.483175][T15307] CPU: 0 PID: 15307 Comm: syz.1.3688 Not tainted syzkaller #0
[  454.490671][T15307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  454.500807][T15307] Call Trace:
[  454.504118][T15307]  <TASK>
[  454.507141][T15307]  dump_stack_lvl+0x188/0x250
[  454.511868][T15307]  ? show_regs_print_info+0x20/0x20
[  454.517112][T15307]  ? load_image+0x400/0x400
[  454.521676][T15307]  panic+0x2e5/0x810
[  454.525616][T15307]  ? bpf_jit_dump+0xd0/0xd0
[  454.530165][T15307]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  454.535866][T15307]  ? __warn+0x230/0x2b0
[  454.540061][T15307]  ? ieee80211_bss_info_change_notify+0x37b/0x550
[  454.546522][T15307]  __warn+0x248/0x2b0
[  454.550545][T15307]  ? ieee80211_bss_info_change_notify+0x37b/0x550
[  454.557001][T15307]  report_bug+0x1b7/0x2e0
[  454.561381][T15307]  handle_bug+0x3a/0x70
[  454.565568][T15307]  exc_invalid_op+0x16/0x40
[  454.570111][T15307]  asm_exc_invalid_op+0x16/0x20
[  454.574999][T15307] RIP: 0010:ieee80211_bss_info_change_notify+0x37b/0x550
[  454.582073][T15307] Code: 39 7e f8 49 8b 84 24 00 06 00 00 49 81 c4 20 06 00 00 48 85 c0 4c 0f 45 e0 48 c7 c7 20 20 39 8b 4c 89 e6 89 ea e8 05 86 71 00 <0f> 0b e9 07 fd ff ff e8 a9 2d 39 f8 0f 0b e9 b1 fe ff ff e8 9d 2d
[  454.601722][T15307] RSP: 0018:ffffc9000351f248 EFLAGS: 00010246
[  454.607837][T15307] RAX: 56a32f472bd54e00 RBX: 0000000000400000 RCX: 0000000000080000
[  454.615957][T15307] RDX: ffffc90005ddb000 RSI: 00000000000051b3 RDI: 00000000000051b4
[  454.623975][T15307] RBP: 0000000000000004 R08: ffff8880b9133d7f R09: 1ffff110172267af
[  454.632155][T15307] R10: dffffc0000000000 R11: ffffed10172267b0 R12: ffff888061738000
[  454.640179][T15307] R13: ffff888061739290 R14: ffff88801a7e8e40 R15: ffff88806173a268
[  454.648214][T15307]  ? ieee80211_bss_info_change_notify+0x37b/0x550
[  454.654676][T15307]  ? netif_carrier_off+0x31/0xc0
[  454.659660][T15307]  ieee80211_ocb_leave+0x26f/0x320
[  454.664820][T15307]  __cfg80211_leave_ocb+0x219/0x3f0
[  454.670207][T15307]  cfg80211_leave_ocb+0x53/0x70
[  454.675100][T15307]  cfg80211_change_iface+0x4f1/0xeb0
[  454.680505][T15307]  nl80211_set_interface+0x5a7/0x7e0
[  454.685843][T15307]  ? nl80211_dump_interface+0x5c0/0x5c0
[  454.691445][T15307]  ? mutex_lock_nested+0x17/0x20
[  454.696522][T15307]  genl_rcv_msg+0xcea/0xf90
[  454.701080][T15307]  ? genl_bind+0x380/0x380
[  454.705552][T15307]  ? verify_lock_unused+0x140/0x140
[  454.710789][T15307]  ? verify_lock_unused+0x140/0x140
[  454.716039][T15307]  ? nl80211_dump_interface+0x5c0/0x5c0
[  454.721640][T15307]  netlink_rcv_skb+0x1f5/0x440
[  454.726443][T15307]  ? genl_bind+0x380/0x380
[  454.730941][T15307]  ? netlink_ack+0xb50/0xb50
[  454.735574][T15307]  ? __lock_acquire+0x7d10/0x7d10
[  454.740648][T15307]  ? down_read+0x1aa/0x2e0
[  454.745111][T15307]  genl_rcv+0x24/0x40
[  454.749145][T15307]  netlink_unicast+0x774/0x920
[  454.753951][T15307]  netlink_sendmsg+0x8ba/0xbe0
[  454.758759][T15307]  ? netlink_getsockopt+0x570/0x570
[  454.763988][T15307]  ? aa_sock_msg_perm+0x94/0x150
[  454.768966][T15307]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  454.774295][T15307]  ? security_socket_sendmsg+0x7c/0xa0
[  454.779791][T15307]  ? netlink_getsockopt+0x570/0x570
[  454.785024][T15307]  ____sys_sendmsg+0x5b7/0x8f0
[  454.789847][T15307]  ? __sys_sendmsg_sock+0x30/0x30
[  454.794930][T15307]  ? import_iovec+0x6f/0xa0
[  454.799475][T15307]  ___sys_sendmsg+0x236/0x2e0
[  454.804213][T15307]  ? __sys_sendmsg+0x2a0/0x2a0
[  454.809063][T15307]  __se_sys_sendmsg+0x1af/0x290
[  454.813970][T15307]  ? __x64_sys_sendmsg+0x80/0x80
[  454.818975][T15307]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  454.825013][T15307]  ? lockdep_hardirqs_on+0x94/0x140
[  454.830255][T15307]  do_syscall_64+0x4c/0xa0
[  454.834709][T15307]  ? clear_bhb_loop+0x30/0x80
[  454.839422][T15307]  ? clear_bhb_loop+0x30/0x80
[  454.844144][T15307]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  454.850091][T15307] RIP: 0033:0x7f9d89719799
[  454.854546][T15307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  454.874276][T15307] RSP: 002b:00007f9d87973028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  454.882727][T15307] RAX: ffffffffffffffda RBX: 00007f9d89992fa0 RCX: 00007f9d89719799
[  454.890946][T15307] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000004
[  454.898960][T15307] RBP: 00007f9d897afc99 R08: 0000000000000000 R09: 0000000000000000
[  454.906964][T15307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.914980][T15307] R13: 00007f9d89993038 R14: 00007f9d89992fa0 R15: 00007fff10b302d8
[  454.923002][T15307]  </TASK>
[  454.926357][T15307] Kernel Offset: disabled
[  454.931445][T15307] Rebooting in 86400 seconds..