last executing test programs:

15.584877698s ago: executing program 4 (id=956):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r3, 0x388, 0x7ffffffe)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000009c0)={'ip6gretap0\x00', <r5=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000002c0))
socket$unix(0x1, 0x1, 0x0)

12.99095383s ago: executing program 1 (id=964):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x940d, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000180)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff})
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010100, 0x15, 0x3, 'sh\x00', 0x28, 0x0, 0x70}, 0x2c)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$kcm(0xa, 0x2, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000100)={'veth0_to_team\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x82002, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000580)={0x2, 0x0, @ioapic={0xeeee0000, 0xb, 0xfefffffb, 0xfffffffc, 0x0, [{0x0, 0xfc, 0x8, '\x00', 0xb4}, {0x83, 0x9, 0x8, '\x00', 0x4b}, {0xf9, 0x6, 0x47, '\x00', 0x7f}, {0x0, 0x5, 0x8, '\x00', 0x8}, {0x28, 0xd, 0x5, '\x00', 0x3}, {0x2, 0x5, 0x6, '\x00', 0x3}, {0x6, 0xf, 0x4b, '\x00', 0x6}, {0x5, 0x90, 0x6, '\x00', 0xe5}, {0x9, 0x7, 0xa7, '\x00', 0x1}, {0x9, 0xcc, 0x9, '\x00', 0x5}, {0x1, 0x0, 0xb, '\x00', 0x8}, {0x0, 0x3, 0x2, '\x00', 0x7}, {0x1, 0xca, 0x80, '\x00', 0xa}, {0x7, 0xf1, 0x2}, {0x8, 0x4, 0x0, '\x00', 0xfd}, {0x6, 0x0, 0x4, '\x00', 0x9}, {0x7, 0x2, 0x4, '\x00', 0x10}, {0x9, 0x6, 0x4, '\x00', 0xff}, {0x11, 0x41, 0xf, '\x00', 0xfe}, {0x22, 0x3, 0x54, '\x00', 0x4}, {0x1, 0x3, 0x6, '\x00', 0x4}, {0x9, 0x40, 0x7, '\x00', 0xfc}, {0xa, 0x0, 0x6, '\x00', 0x7}, {0x7, 0x5, 0xfa, '\x00', 0x40}]}})
ioctl$KVM_GET_MP_STATE(0xffffffffffffffff, 0x8004ae98, &(0x7f0000000040))
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0}, 0x0)

12.761712791s ago: executing program 4 (id=965):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800000, 0x80, 0x7, 0x4, 0x3ffd, 0x7})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

12.147556853s ago: executing program 1 (id=967):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
r0 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122)
fcntl$notify(r0, 0x402, 0x8000003d)
renameat2(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000880))
shmat(r2, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000040)={0x0})
read$FUSE(r3, &(0x7f00000079c0)={0x2020}, 0x2020)

12.147123833s ago: executing program 4 (id=968):
io_setup(0x9, &(0x7f00000000c0)=<r0=>0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/pm_freeze_timeout', 0x20001, 0x106)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000100)='9', 0x20000101}])

10.534171104s ago: executing program 1 (id=972):
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2})

10.456531709s ago: executing program 4 (id=974):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000030)
fallocate(r0, 0x8, 0x4000, 0x4000)

9.455419359s ago: executing program 0 (id=976):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7c1c, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
openat$cgroup_subtree(r0, &(0x7f0000000180), 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000003dd7083e00000000000a3c000000120a010200000000000000000200002009000000735e7a310000000008490440000000000900010073797a3000000000080003400000000a140000001100010000000000000000000000010a"], 0x64}}, 0x8800)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
read$FUSE(r4, &(0x7f0000000040)={0x2020}, 0x2084)
writev(r4, &(0x7f00000021c0)=[{&(0x7f0000002080)='T0', 0x2}, {&(0x7f0000002300)="08b5b2c0caf6337a3cabd4830ba9a93fc8cb47b98d0bf44c71e4e4b5f9f3bf4688a45e5b0e157505385d401cec3dad", 0x2f}], 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x14)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x1, 0x1, 0x3, 0x1}, 0x8)
write$rfkill(r6, &(0x7f0000000140)={0x8, 0x3, 0x0, 0x1, 0x1}, 0x8)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r7, &(0x7f00000020c0)={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00', 0x5}, 0x1c)

9.357492334s ago: executing program 2 (id=977):
r0 = syz_io_uring_setup(0x18d7, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, 0x17b}, 0x0, &(0x7f0000ffe000))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x2, &(0x7f0000000180), 0xfe)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000002140)='maps\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020)

9.312115957s ago: executing program 3 (id=978):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x940d, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000180)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff})
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010100, 0x15, 0x3, 'sh\x00', 0x28, 0x0, 0x70}, 0x2c)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$kcm(0xa, 0x2, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000100)={'veth0_to_team\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x82002, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000580)={0x2, 0x0, @ioapic={0xeeee0000, 0xb, 0xfefffffb, 0xfffffffc, 0x0, [{0x0, 0xfc, 0x8, '\x00', 0xb4}, {0x83, 0x9, 0x8, '\x00', 0x4b}, {0xf9, 0x6, 0x47, '\x00', 0x7f}, {0x0, 0x5, 0x8, '\x00', 0x8}, {0x28, 0xd, 0x5, '\x00', 0x3}, {0x2, 0x5, 0x6, '\x00', 0x3}, {0x6, 0xf, 0x4b, '\x00', 0x6}, {0x5, 0x90, 0x6, '\x00', 0xe5}, {0x9, 0x7, 0xa7, '\x00', 0x1}, {0x9, 0xcc, 0x9, '\x00', 0x5}, {0x1, 0x0, 0xb, '\x00', 0x8}, {0x0, 0x3, 0x2, '\x00', 0x7}, {0x1, 0xca, 0x80, '\x00', 0xa}, {0x7, 0xf1, 0x2}, {0x8, 0x4, 0x0, '\x00', 0xfd}, {0x6, 0x0, 0x4, '\x00', 0x9}, {0x7, 0x2, 0x4, '\x00', 0x10}, {0x9, 0x6, 0x4, '\x00', 0xff}, {0x11, 0x41, 0xf, '\x00', 0xfe}, {0x22, 0x3, 0x54, '\x00', 0x4}, {0x1, 0x3, 0x6, '\x00', 0x4}, {0x9, 0x40, 0x7, '\x00', 0xfc}, {0xa, 0x0, 0x6, '\x00', 0x7}, {0x7, 0x5, 0xfa, '\x00', 0x40}]}})
ioctl$KVM_GET_MP_STATE(0xffffffffffffffff, 0x8004ae98, &(0x7f0000000040))
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0}, 0x0)

8.116231537s ago: executing program 0 (id=979):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f00000001c0)={0x800000, 0x80, 0x7, 0x4, 0x3ffd, 0x7})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

7.901586659s ago: executing program 0 (id=980):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)

7.180663665s ago: executing program 3 (id=981):
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x1)
fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000001800dd8d0000000000000008020000000100c805000d0000060015000200000014001680100008800c00038005000380"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040000)

6.977169955s ago: executing program 1 (id=982):
fcntl$notify(0xffffffffffffffff, 0x402, 0x8000002d)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x200000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000001600), 0xfc, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x400, 0x0, 0x1, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002700000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10)
sendto$inet6(r3, &(0x7f00000004c0)='+', 0x1, 0x40011, 0x0, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x3000, 0x0, 0x3)

6.28458887s ago: executing program 4 (id=983):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r2, &(0x7f0000000000)={0x6, 0x2d, 0x1, 0x3a, 0x6, 0x2c}, 0x48)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x800182, &(0x7f0000000680)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303030333737372c616c6c6f775f7574696d653d30303030303000000083ec4c0d6e84de0249d09f31ef580c3d000000000000000000"], 0x1, 0x191, &(0x7f00000002c0)="$eJzs3c+qElEcB/Cff5qkletoMdCmlVRPYIWCNBAULmpVYG00gtxMrXyL3qBX6XXClTsv3hHlyly4F64O1/l8Nn7xq5xzZjFnNWc+P/k+nfyYf/v77090Oo1o96Mfq0Z0oxmtKCwCADgnq/U6/q8LN/j56xNMCQA4slvu/wDAGbD/A0D92P8BoH4+fPz09lWWDd6naSdiucjH+bj4LPrhKBs8Ty919/9a5vm4tetfFH16tX8Qj7b9y9I+iWdPi37TvXmXHfQPY1I24X7jzq8BAAAAAAAAAAAAAAAAAAAAAACcWi/dKT3fp9dLrumLNBwl2+8Oz/dpx+N2yYDJUZYBAAAAAAAAAAAAAAAAAAAA99r81+/pl9ns609BEIRdqPrOBAAAAAAAAAAAAAAAAAAA9bN/6LfqmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAdfbv/z9e2IzTrHqhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU2kUAAAD//1z+TP8=")
syz_mount_image$vfat(&(0x7f0000000480), &(0x7f0000000500)='./bus\x00', 0x2925409, 0x0, 0x40, 0x0, &(0x7f0000000500))
ioctl$TIOCVHANGUP(r1, 0x5437, 0x200000000000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./bus/file0\x00', 0x200000, &(0x7f0000000540)={[{@min_batch_time={'min_batch_time', 0x3d, 0x38c2c5bc}}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@nombcache}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@noauto_da_alloc}, {@grpjquota}]}, 0x3, 0x57b, &(0x7f0000000800)="$eJzs3d1rW+UfAPDvSZu9/37rYAz1Qgq7cDKXrq0vE4TNS9HhQO9naLMymi6jScdaB9su3I03MgQRB+If4L2Xw3/Av2KggyGj6IUXVk56smV56Uua2cx8PnC25znnpN/z5DnPk+/JSUgAQ2s8/ScX8XJEfJVEHG7aNhrZxvH1/VYf35hJlyTW1j75PYkkW9fYP8n+P5hVXoqIn7+IOJlrj1tdXpkvlsulxaw+UVu4OlFdXjl1eaE4V5orXZmanj7z1vTUu++83WPL2oO+fuHPbz++/8GZL4+vfvPjwyN3kzgXh7JtTe1IegyYutVcGY/x7I/l41zLjpM7CDKIdvKksXtGsnGej3QOOBwj2agH/vtuRsQaMJxGTAAwrBp5QOPavvl6fiN/Nz32Rfbo/fULoPb2j66/NxL76tdGB1aTZ66M0uvdsT7ET2P89Nu9u+kSLe+ntLrZh3gADbduR8Tp0dH2+S/J5r/ene70JmyL1hhbff0Bdu5+mv+80Sn/yT3Jf6JD/nOww9jtxebjP/ewD2G6SvO/9zrmv0+mrrGRrPa/es6XTy5dLpdOR8T/I+JE5Pem9Y3u55xZfdA1V27O/9Iljd/IBbPjeDi699nHzBZrxZ20udmj2xGvPM1/k2ib//fVc93W/k+fjwtbjHGsdO/Vbts2b3+z/mfAaz9EvNax/5/e0Uo2vj85UT8fJhpnRbs/7hz7pVv87bW//9L+P7Bx+8eS5vu11e3H+H7fX6Vu23o9//ckn9bLe7J114u12uJkxJ7ko/b1U08f26g39k/bf+L4xvNfp/N/f0R8tsX23zl6p+uug9D/s9vq/2cK+bY1HQoPPvz8u27xt9b/b9ZLJ7I1W5n/tnJcvZ3NAAAAAAAAMLhyEXEoklzhSTmXKxTWP99xNA7kypVq7eSlytKV2ah/V3Ys8rnGne7DTZ+HmMw+D9uoT7XUpyPiSER8PbK/Xi/MVMqzu914AAAAAAAAAAAAAAAAAAAAGBAHu3z/P/XryG4fHfDc+clvGF6bjv9+/NITMJC8/sPwMv5heBn/MLyMfxhexj8ML+MfhpfxD8PL+AcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+unD+fLqsrT6+MZPWZ68tL81Xrp2aLVXnCwtLM4WZyuLVwlylMlcuFWYqC5v9vXKlcnVyKpauT9RK1dpEdXnl4kJl6Urt4uWF4lzpYin/r7QKAAAAAAAAAAAAAAAAAAAAXizV5ZX5YrlcWlToWjgbA3EYPReSzXr5bHYy9BRidPcbqPAcCrs8MQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAk38CAAD//2iMNWI=")
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000003001980080001000d010000100001800c000280050001000100000000000000000000000000000200000000"], 0x30}, 0x1, 0x0, 0x0, 0x840c0}, 0x4000c0c0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x149)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='3', 0x1, 0x4fed0)
fallocate(r4, 0x10, 0xffff, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x0)
writev(r5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)

6.202467865s ago: executing program 2 (id=984):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
futex(&(0x7f0000000000), 0x5, 0x1, 0x0, &(0x7f0000000100), 0x92000005)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r4, &(0x7f0000000200)=""/202, 0xca)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)=@o_path={&(0x7f0000000440)='./file0\x00', 0x0, 0x2000, r4}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x4058534c, &(0x7f00000003c0)={0x80, 0x1, {0x3, 0x3, 0x8b2c, 0x3, 0x2c7}})
tkill(0x0, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r4, 0xc0a85322, &(0x7f00000000c0))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100, 0x2})
io_uring_enter(r2, 0x49f5, 0x73ee, 0x7, &(0x7f0000000300)={[0xbf8b]}, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1040}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x3c, 0x0, &(0x7f00000016c0)="b828e78f501fc612546ce8709ab5a6fc4e0a79acc305802d7ca94ee509f86ec63a8e8ed808072a0d07bd05e4843329c3377bb253701c185ef53f935c"})

6.201654765s ago: executing program 3 (id=985):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r2, &(0x7f0000000000)={0x6, 0x2d, 0x1, 0x3a, 0x6, 0x2c}, 0x48)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
syz_mount_image$vfat(&(0x7f0000000480), &(0x7f0000000500)='./bus\x00', 0x2925409, 0x0, 0x40, 0x0, &(0x7f0000000500))
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000a00)='./bus/file0\x00')
ioctl$TIOCVHANGUP(r1, 0x5437, 0x200000000000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./bus/file0\x00', 0x200000, &(0x7f0000000540)={[{@min_batch_time={'min_batch_time', 0x3d, 0x38c2c5bc}}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@nombcache}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@noauto_da_alloc}, {@grpjquota}]}, 0x3, 0x57b, &(0x7f0000000800)="$eJzs3d1rW+UfAPDvSZu9/37rYAz1Qgq7cDKXrq0vE4TNS9HhQO9naLMymi6jScdaB9su3I03MgQRB+If4L2Xw3/Av2KggyGj6IUXVk56smV56Uua2cx8PnC25znnpN/z5DnPk+/JSUgAQ2s8/ScX8XJEfJVEHG7aNhrZxvH1/VYf35hJlyTW1j75PYkkW9fYP8n+P5hVXoqIn7+IOJlrj1tdXpkvlsulxaw+UVu4OlFdXjl1eaE4V5orXZmanj7z1vTUu++83WPL2oO+fuHPbz++/8GZL4+vfvPjwyN3kzgXh7JtTe1IegyYutVcGY/x7I/l41zLjpM7CDKIdvKksXtGsnGej3QOOBwj2agH/vtuRsQaMJxGTAAwrBp5QOPavvl6fiN/Nz32Rfbo/fULoPb2j66/NxL76tdGB1aTZ66M0uvdsT7ET2P89Nu9u+kSLe+ntLrZh3gADbduR8Tp0dH2+S/J5r/ene70JmyL1hhbff0Bdu5+mv+80Sn/yT3Jf6JD/nOww9jtxebjP/ewD2G6SvO/9zrmv0+mrrGRrPa/es6XTy5dLpdOR8T/I+JE5Pem9Y3u55xZfdA1V27O/9Iljd/IBbPjeDi699nHzBZrxZ20udmj2xGvPM1/k2ib//fVc93W/k+fjwtbjHGsdO/Vbts2b3+z/mfAaz9EvNax/5/e0Uo2vj85UT8fJhpnRbs/7hz7pVv87bW//9L+P7Bx+8eS5vu11e3H+H7fX6Vu23o9//ckn9bLe7J114u12uJkxJ7ko/b1U08f26g39k/bf+L4xvNfp/N/f0R8tsX23zl6p+uug9D/s9vq/2cK+bY1HQoPPvz8u27xt9b/b9ZLJ7I1W5n/tnJcvZ3NAAAAAAAAMLhyEXEoklzhSTmXKxTWP99xNA7kypVq7eSlytKV2ah/V3Ys8rnGne7DTZ+HmMw+D9uoT7XUpyPiSER8PbK/Xi/MVMqzu914AAAAAAAAAAAAAAAAAAAAGBAHu3z/P/XryG4fHfDc+clvGF6bjv9+/NITMJC8/sPwMv5heBn/MLyMfxhexj8ML+MfhpfxD8PL+AcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+unD+fLqsrT6+MZPWZ68tL81Xrp2aLVXnCwtLM4WZyuLVwlylMlcuFWYqC5v9vXKlcnVyKpauT9RK1dpEdXnl4kJl6Urt4uWF4lzpYin/r7QKAAAAAAAAAAAAAAAAAAAAXizV5ZX5YrlcWlToWjgbA3EYPReSzXr5bHYy9BRidPcbqPAcCrs8MQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAk38CAAD//2iMNWI=")
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000003001980080001000d010000100001800c000280050001000100000000000000000000000000000200000000"], 0x30}, 0x1, 0x0, 0x0, 0x840c0}, 0x4000c0c0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x149)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='3', 0x1, 0x4fed0)
fallocate(r4, 0x10, 0xffff, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x0)
writev(r5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)

4.12606731s ago: executing program 2 (id=986):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettfilter={0x24, 0x2e, 0x400, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xf, 0xfff1}, {0xe, 0xf}, {0x8, 0xffff}}}, 0x24}}, 0x0)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840)
getdents64(0xffffffffffffffff, &(0x7f0000000e00)=""/4102, 0x1006)
lseek(0xffffffffffffffff, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0xcac)

4.12497439s ago: executing program 4 (id=987):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xbbe21a6a6c0c72fd}, 0xc000)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)

4.096858091s ago: executing program 3 (id=988):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84d, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x2, 0xb}, 0x5, 0x34, 0x91f}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_RATE64={0xc, 0x4, 0xdd31e353c9fd1eb}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000980)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffe0, 0xb}, {0xfff3, 0xffe0}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2400c0e1}, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee", 0x1d}], 0x1}, 0x0)

4.012365656s ago: executing program 0 (id=989):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7c1c, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
openat$cgroup_subtree(r0, &(0x7f0000000180), 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000003dd7083e00000000000a3c000000120a010200000000000000000200002009000000735e7a310000000008490440000000000900010073797a3000000000080003400000000a140000001100010000000000000000000000010a"], 0x64}}, 0x8800)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
read$FUSE(r4, &(0x7f0000000040)={0x2020}, 0x2084)
writev(r4, &(0x7f00000021c0)=[{&(0x7f0000002080)='T0', 0x2}, {&(0x7f0000002300)="08b5b2c0caf6337a3cabd4830ba9a93fc8cb47b98d0bf44c71e4e4b5f9f3bf4688a45e5b0e157505385d401cec3dad", 0x2f}], 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x14)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x1, 0x1, 0x3, 0x1}, 0x8)
write$rfkill(r6, &(0x7f0000000140)={0x8, 0x3, 0x0, 0x1, 0x1}, 0x8)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r7, &(0x7f00000020c0)={0xa, 0x4e24, 0x3, @rand_addr=' \x01\x00', 0x5}, 0x1c)

3.964818908s ago: executing program 2 (id=990):
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {0x0}, {&(0x7f00000005c0)="f2", 0x1}], 0x3}}, {{&(0x7f0000000600)=@can, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000b40)}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000c80)="6c3e28dcd5c7eb9bc39a4bbc398357f3ad842b38a95863911bbd6e6afd9641d356257181e43b6e60349f69ec5f529734f76708a6c5eccb57005c1a513d8030d12c", 0x41}, {&(0x7f0000000d00)="dc6e94ac2db166801ffce85f6f44f2cb071c6b5113bc6bbf2f503d468253693a01102fcb8157c6e8a2b5620efa5d22400147cce896821150f95c0c69fa587a1f99fcb28cfeb09f45cb836f0ff891be10bb209dc04adc202ef866f27b74faa5ad3a2e5d40ebd6785c4e4a97ac13238c746d1109d12af5446c4e84591f121a494251e43bed18f6269bdd2e56f9c211dd7145f664286911b8bb3acf76a1b5ece94183a6c8cc47f2e1dd4e91dc10be8732e92e8620fa060fb15016c2dc9b6da18325e778660d499aec6215b0f9f679fa76d22cdd4ae3776203e2054240594f1c9b77ad77cf3f5631012fa0788c5b17f98cc34720b0", 0xf3}, {&(0x7f0000000fc0)="c6eae69212ba50dd664af774c32d34273a3baad9692140de74d9294c555a8c2e0d53acea79b788b5eb1a12ada17eda2b2fb96c439ce16e6266afda6613fd7c90be9a9dfcd1b099fe6b023b725241a6e1048c700e7a939bd3a38f1101213b81c252dd8c44b7e647940438343d0d082507d218a952e6d77ec0918968c74f220c981a3797fb6cadfd6723a75c5c4da33e830ecf602c55bc60831ddd694f15728f4d1eacad82a03540713f52f9485138574e5b6aec693c2c613e442d5306c2ef1c8ad8dda8d005f3f3bacb5991d1c18db228", 0xd0}, {&(0x7f0000000800)="b56380b7487ff3b0cd079ed795bdeeb3ad75fe87", 0x14}, {&(0x7f00000011c0)}, {&(0x7f0000001200)="43979d4537ac96f6e22b12acd1fdd3ffc7ef440e65e2e70d511a408f743d4ce7516f4364a00a041dc7b1ffe56ebc713b158ea1aab13ce3db53ab8af3f76ffaa86df636018175c4a8ea922a193ad08ca30d5031b27a4a87bff93dc12a98b6e4f25b5550d98a5bf3e040a8902083eea93bdbde6da91df3a730dd2b8215e9840f04dd0ab667500fe952fa1b8845c2cee50f8322175049c4a994def6599287fb0f8d61029188945e9b273cded03bf8a0c2da5168461dafc53f", 0xb7}, {&(0x7f0000001300)}], 0x7, &(0x7f00000014c0)}}], 0x3, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x80000000, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000880)="562f2edb8e8c8229195820c788783ff270fb0f06936fe49376e5519e3fa8f998387d7011fc5d8c9f5fc8e0e1663c9f6919128a8941ae935aaba3f683642630f5a74535b0e1f886ea2807f04d3a68ff4285f2bf581674a033cb5ecf8c756e8df3968c959df5326ed67c09d8b72eceeb87023f6188e15cb258cd8c85be3eddaac311ee4cb17a08ef47157753606ce7996162ea4b18214763730e2b944b468575927829842ee7f6f8a3603a7a522025c55284c9ca0ab899626f86c9336ead2278445733db5e643e10fa93339be4", 0xcc}, {&(0x7f00000006c0)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca", 0x89}, {0x0}, {0x0}, {0x0}], 0x5}}], 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257", 0xf15}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.615226677s ago: executing program 0 (id=991):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000200)='./file0\x00', 0x802, &(0x7f00000000c0)={[{@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@utf8}, {@fat=@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@shortname_mixed}, {@utf8no}, {@uni_xlate}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@fat=@dos1xfloppy}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@fat=@check_normal}, {@uni_xlateno}]}, 0x25, 0x339, &(0x7f00000011c0)="$eJzs3T1sW9UXAPDjPidOI/WfDH+pgsmwIaGqCWKAKVFVpIoMUGTxtWDRlI/YVIqFpTDE9QJiBLEgwcTWAcbOiAEhNgZWioQKiIVulVrxkP2e7eeP0BThlI/fb4iOzj3H976Xq/glSm5e2oidCwtx8caN67G0VIryxpmNuFmK1TgWSWQuBwDwb3IzTePXNHPn6veXB9HinNcFAMxP//3/lROjROVergYAOAqH/P7/qZnZS3NbFgAwR1Pv/w+ODU/8mL88/J0AAOCf65nnX3hycyvifLW6FNF8p11r1+Lx0fjmxXgtGrEdp2MlbkdkDwrZ00Lv4xPnts6ervb8uBq1Xke7FtHstGvZk8Jm0u+vxFqsxGrenw77k17/Wr+/GhGXO/35o1lq1xZiOZ//u+XYjvVYif9P9Uec2zq7Xs1foNYc9HciurE0uIje+k/FSnzzclyKRlyIXu9o/ftr1eqZdGusv32l0q8DAAAAAAAAAAAAAAAAAAAAAIB5OFUdWh2ef5M2O+23z08WrI6dj1PLhvPzgbrZ+UBpZXA6z7vJ5PlA4+fztGvlOHZPrxwAAAAAAAAAAAAAAAAAAAD+Plp7i1FvNLZ3W3tv7RSDTiHzxleffnE8JmteT0aZKGcvN1aT56LQlcSwPR22p8lYTR4kEaPiK1eHKy7WVIZXMdXeCypTQ6V8TfVG48QDP3w0q+u3USaJqdsyHpTy+QtDzf9lqT/oOjhYv0PNtTRND2rf/3C6K0oR5alP3F8RfHn91fseaZ18tJ/5PD/04aGHV5699sEnP+/UG5HfmkZjcbd1O/3TcyWF/VPK73Npxk6YHXRHme5ua6+efPvLc/e/9/WgppzthGT2/kmLmTcPnuuzycxiFvSWeZgrXZix+WcHL94a7t67v5knP96oX93//qfDdhW+SDioAwAAAAAAAAAAAAAAAAAAjkThb8XvwmNPz29FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD0Rv//vxB0pzKHCW51Ynqosr3bOnDy40d6qQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/If9HgAA//+a43cf")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r0, &(0x7f0000001780)=""/4101, 0x1005)

2.35216316s ago: executing program 3 (id=992):
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2})

1.293070054s ago: executing program 3 (id=993):
syz_open_dev$sg(&(0x7f0000001800), 0xcc60, 0xa002)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
userfaultfd(0x1)
unshare(0x22020600)
userfaultfd(0x80001)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x5}, 0x0, 0x0)

1.135471992s ago: executing program 2 (id=994):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="20000000390001"], 0x20}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

1.028300508s ago: executing program 1 (id=995):
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x1)
fsopen(&(0x7f00000001c0)='tracefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000001800dd8d0000000000000008020000000100c805000d0000060015000200000014001680100008800c00038005000380"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040000)

885.758564ms ago: executing program 2 (id=996):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
futex(&(0x7f0000000000), 0x5, 0x1, 0x0, &(0x7f0000000100), 0x92000005)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r4, &(0x7f0000000200)=""/202, 0xca)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)=@o_path={&(0x7f0000000440)='./file0\x00', 0x0, 0x2000, r4}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x4058534c, &(0x7f00000003c0)={0x80, 0x1, {0x3, 0x3, 0x8b2c, 0x3, 0x2c7}})
tkill(0x0, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r4, 0xc0a85322, &(0x7f00000000c0))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x100, 0x2})
io_uring_enter(r2, 0x49f5, 0x73ee, 0x7, &(0x7f0000000300)={[0xbf8b]}, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1040}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x3c, 0x0, &(0x7f00000016c0)="b828e78f501fc612546ce8709ab5a6fc4e0a79acc305802d7ca94ee509f86ec63a8e8ed808072a0d07bd05e4843329c3377bb253701c185ef53f935c"})

148.112902ms ago: executing program 1 (id=997):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000001b40)={'syz0\x00', {}, 0x0, [0x5, 0x3, 0x4000401, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x7, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffff6, 0x0, 0x8, 0x800000, 0xfffffffc, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x100, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x2, 0xfffff41a, 0x0, 0x0, 0x4, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x9, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffff8800, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffa, 0xfffff986], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0xfffffffd, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x2, 0x7fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0xfffffffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

0s ago: executing program 0 (id=998):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r2, &(0x7f0000000000)={0x6, 0x2d, 0x1, 0x3a, 0x6, 0x2c}, 0x48)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x800182, &(0x7f0000000680)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303030333737372c616c6c6f775f7574696d653d30303030303000000083ec4c0d6e84de0249d09f31ef580c3d000000000000000000"], 0x1, 0x191, &(0x7f00000002c0)="$eJzs3c+qElEcB/Cff5qkletoMdCmlVRPYIWCNBAULmpVYG00gtxMrXyL3qBX6XXClTsv3hHlyly4F64O1/l8Nn7xq5xzZjFnNWc+P/k+nfyYf/v77090Oo1o96Mfq0Z0oxmtKCwCADgnq/U6/q8LN/j56xNMCQA4slvu/wDAGbD/A0D92P8BoH4+fPz09lWWDd6naSdiucjH+bj4LPrhKBs8Ty919/9a5vm4tetfFH16tX8Qj7b9y9I+iWdPi37TvXmXHfQPY1I24X7jzq8BAAAAAAAAAAAAAAAAAAAAAACcWi/dKT3fp9dLrumLNBwl2+8Oz/dpx+N2yYDJUZYBAAAAAAAAAAAAAAAAAAAA99r81+/pl9ns609BEIRdqPrOBAAAAAAAAAAAAAAAAAAA9bN/6LfqmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAdfbv/z9e2IzTrHqhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU2kUAAAD//1z+TP8=")
syz_mount_image$vfat(&(0x7f0000000480), &(0x7f0000000500)='./bus\x00', 0x2925409, 0x0, 0x40, 0x0, &(0x7f0000000500))
ioctl$TIOCVHANGUP(r1, 0x5437, 0x200000000000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./bus/file0\x00', 0x200000, &(0x7f0000000540)={[{@min_batch_time={'min_batch_time', 0x3d, 0x38c2c5bc}}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@nombcache}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@grpjquota_path={'grpjquota', 0x3d, './file1'}}, {@noauto_da_alloc}, {@grpjquota}]}, 0x3, 0x57b, &(0x7f0000000800)="$eJzs3d1rW+UfAPDvSZu9/37rYAz1Qgq7cDKXrq0vE4TNS9HhQO9naLMymi6jScdaB9su3I03MgQRB+If4L2Xw3/Av2KggyGj6IUXVk56smV56Uua2cx8PnC25znnpN/z5DnPk+/JSUgAQ2s8/ScX8XJEfJVEHG7aNhrZxvH1/VYf35hJlyTW1j75PYkkW9fYP8n+P5hVXoqIn7+IOJlrj1tdXpkvlsulxaw+UVu4OlFdXjl1eaE4V5orXZmanj7z1vTUu++83WPL2oO+fuHPbz++/8GZL4+vfvPjwyN3kzgXh7JtTe1IegyYutVcGY/x7I/l41zLjpM7CDKIdvKksXtGsnGej3QOOBwj2agH/vtuRsQaMJxGTAAwrBp5QOPavvl6fiN/Nz32Rfbo/fULoPb2j66/NxL76tdGB1aTZ66M0uvdsT7ET2P89Nu9u+kSLe+ntLrZh3gADbduR8Tp0dH2+S/J5r/ene70JmyL1hhbff0Bdu5+mv+80Sn/yT3Jf6JD/nOww9jtxebjP/ewD2G6SvO/9zrmv0+mrrGRrPa/es6XTy5dLpdOR8T/I+JE5Pem9Y3u55xZfdA1V27O/9Iljd/IBbPjeDi699nHzBZrxZ20udmj2xGvPM1/k2ib//fVc93W/k+fjwtbjHGsdO/Vbts2b3+z/mfAaz9EvNax/5/e0Uo2vj85UT8fJhpnRbs/7hz7pVv87bW//9L+P7Bx+8eS5vu11e3H+H7fX6Vu23o9//ckn9bLe7J114u12uJkxJ7ko/b1U08f26g39k/bf+L4xvNfp/N/f0R8tsX23zl6p+uug9D/s9vq/2cK+bY1HQoPPvz8u27xt9b/b9ZLJ7I1W5n/tnJcvZ3NAAAAAAAAMLhyEXEoklzhSTmXKxTWP99xNA7kypVq7eSlytKV2ah/V3Ys8rnGne7DTZ+HmMw+D9uoT7XUpyPiSER8PbK/Xi/MVMqzu914AAAAAAAAAAAAAAAAAAAAGBAHu3z/P/XryG4fHfDc+clvGF6bjv9+/NITMJC8/sPwMv5heBn/MLyMfxhexj8ML+MfhpfxD8PL+AcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+unD+fLqsrT6+MZPWZ68tL81Xrp2aLVXnCwtLM4WZyuLVwlylMlcuFWYqC5v9vXKlcnVyKpauT9RK1dpEdXnl4kJl6Urt4uWF4lzpYin/r7QKAAAAAAAAAAAAAAAAAAAAXizV5ZX5YrlcWlToWjgbA3EYPReSzXr5bHYy9BRidPcbqPAcCrs8MQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAk38CAAD//2iMNWI=")
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000003001980080001000d010000100001800c000280050001000100000000000000000000000000000200000000"], 0x30}, 0x1, 0x0, 0x0, 0x840c0}, 0x4000c0c0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x149)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='3', 0x1, 0x4fed0)
fallocate(r4, 0x10, 0xffff, 0x8001)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x4842, 0x0)
writev(r5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)

kernel console output (not intermixed with test programs):

NGE): batadv_slave_0: link becomes ready
[   57.752980][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.100042][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.191829][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.248195][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.304055][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.377310][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.391559][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.404040][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.414808][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.427334][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.446365][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.455890][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.476136][ T4248] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.484089][ T4248] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.501126][ T4192] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.511800][ T4192] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.520832][ T4192] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.532497][ T4192] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.542524][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.592797][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.602386][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.620026][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.664219][ T1278] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.680097][ T1278] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.690438][ T1278] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.699385][ T1278] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.707931][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.724863][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   58.767478][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.777821][ T4248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.824520][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!!
[   58.833445][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   58.843427][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #0a!!!
[   58.853424][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   58.862380][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   58.871250][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   58.880110][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #8a!!!
[   58.888974][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   58.897940][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   58.906903][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!!
[   60.121847][ T1108] Bluetooth: hci3: command 0x0419 tx timeout
[   60.129048][ T1108] Bluetooth: hci4: command 0x0419 tx timeout
[   60.135415][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.142905][ T1108] Bluetooth: hci2: command 0x0419 tx timeout
[   60.151791][ T1108] Bluetooth: hci0: command 0x0419 tx timeout
[   60.152005][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   60.165266][ T1108] Bluetooth: hci1: command 0x0419 tx timeout
[   60.170828][ T4248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.244468][ T4210] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   60.354412][ T1278] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.362242][ T1278] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.425990][ T4248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   60.473448][ T4210] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.481332][ T4210] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.530065][ T4278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   60.609323][ T4289] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET)
[   60.851569][ T4293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5'.
[   61.569441][ T4294] loop0: detected capacity change from 0 to 1024
[   61.982305][ T4292] =======================================================
[   61.982305][ T4292] WARNING: The mand mount option has been deprecated and
[   61.982305][ T4292]          and is ignored by this kernel. Remove the mand
[   61.982305][ T4292]          option from the mount to silence this warning.
[   61.982305][ T4292] =======================================================
[   62.153754][ T4292] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   64.495885][ T4308] hfsplus: b-tree write err: -5, ino 25
[   64.502303][ T4308] hfsplus: b-tree write err: -5, ino 4
[   64.544192][ T4308] hfsplus: b-tree write err: -5, ino 2
[   64.617456][ T4311] raw_sendmsg: syz.2.13 forgot to set AF_INET. Fix it!
[   64.756353][ T4316] netlink: 104 bytes leftover after parsing attributes in process `syz.0.14'.
[   66.463411][    C0] sched: RT throttling activated
[   69.591930][ T4344] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004
[   71.385800][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[   71.835897][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[   71.879750][ T4348] loop2: detected capacity change from 0 to 4096
[   71.961162][   T13] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   72.020386][ T4358] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   72.157392][ T4361] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25'.
[   72.176499][ T4361] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   72.185871][ T4361] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   72.194639][ T4361] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   72.203924][ T4361] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   73.041617][ T4361] netlink: 12 bytes leftover after parsing attributes in process `syz.3.25'.
[   73.203102][ T4361] Zero length message leads to an empty skb
[   73.329059][   T13] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   73.813537][   T13] usb 1-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[   73.833637][   T13] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   73.853888][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.923905][   T13] usb 1-1: can't set config #27, error -71
[   73.975662][   T13] usb 1-1: USB disconnect, device number 2
[   74.080596][ T4377] vivid-002: disconnect
[   74.819957][ T4373] vivid-002: reconnect
[   74.999774][ T4386] loop1: detected capacity change from 0 to 512
[   75.521774][ T4386] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   75.543361][ T4386] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.992407][   T23] cfg80211: failed to load regulatory.db
[   77.220326][ T4386] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[   78.643515][ T4409] netlink: 76 bytes leftover after parsing attributes in process `syz.2.39'.
[   81.784710][ T4413] bridge0: port 3(syz_tun) entered blocking state
[   81.791473][ T4413] bridge0: port 3(syz_tun) entered disabled state
[   81.802806][ T4413] device syz_tun entered promiscuous mode
[   81.809333][ T4413] bridge0: port 3(syz_tun) entered blocking state
[   81.816085][ T4413] bridge0: port 3(syz_tun) entered forwarding state
[   81.830392][ T4413] netlink: 'syz.4.40': attribute type 10 has an invalid length.
[   81.881088][ T4413] bridge0: port 3(syz_tun) entered disabled state
[   81.888036][ T4413] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.896130][ T4413] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.910404][ T4414] loop4: detected capacity change from 0 to 1024
[   81.911838][ T4413] bridge0: port 3(syz_tun) entered blocking state
[   81.923265][ T4413] bridge0: port 3(syz_tun) entered forwarding state
[   81.930615][ T4413] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.937724][ T4413] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.945206][ T4413] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.952282][ T4413] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.962655][ T4413] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   82.018434][ T4414] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[   82.031823][ T4418] netlink: 12 bytes leftover after parsing attributes in process `syz.2.41'.
[   82.041642][ T4414] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   82.050672][ T4414] EXT4-fs (loop4): orphan cleanup on readonly fs
[   82.058025][ T4414] EXT4-fs error (device loop4): ext4_read_inode_bitmap:168: comm syz.4.40: Inode bitmap for bg 0 marked uninitialized
[   82.071801][ T4414] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback.
[   82.156851][ T4424] IPVS: set_ctl: invalid protocol: 47 224.0.0.1:20003
[   82.200802][ T4424] netlink: 32 bytes leftover after parsing attributes in process `syz.2.41'.
[   82.276010][ T4424] netlink: 32 bytes leftover after parsing attributes in process `syz.2.41'.
[   82.340165][ T4428] kernel profiling enabled (shift: 6)
[   82.407470][ T4429] loop0: detected capacity change from 0 to 256
[   82.863464][ T4418] Can't find ip_set type 
[   83.299162][ T4232] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   84.826753][ T4433] loop3: detected capacity change from 0 to 40427
[   85.422260][ T4433] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   85.430103][ T4433] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   85.440776][ T4433] F2FS-fs (loop3): invalid crc value
[   85.589725][ T4442] loop1: detected capacity change from 0 to 1024
[   85.616584][ T4433] F2FS-fs (loop3): Found nat_bits in checkpoint
[   85.617107][ T4445] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   86.477063][ T4433] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   86.484285][ T4433] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   87.134728][ T4442] hfsplus: cannot replace xattr
[   87.224783][ T4458] loop0: detected capacity change from 0 to 128
[   87.489491][ T4458] FAT-fs (loop0): Invalid FSINFO signature: 0x41000006, 0x61417272 (sector = 1)
[   88.048476][ T4461] device syzkaller0 entered promiscuous mode
[   88.332083][ T4470] loop0: detected capacity change from 0 to 4096
[   91.161382][ T4485] process 'syz.4.54' launched './file2' with NULL argv: empty string added
[   91.742852][ T4231] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   91.879763][ T4493] tipc: Can't bind to reserved service type 1
[   93.653643][ T4231] usb 4-1: device descriptor read/all, error -71
[   93.942504][ T4508] xt_TPROXY: Can be used only with -p tcp or -p udp
[   98.268755][ T4538] device syzkaller0 entered promiscuous mode
[   98.283606][ T4231] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[   98.396545][ T4543] loop1: detected capacity change from 0 to 512
[   98.558582][ T4543] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[   98.578326][ T4543] EXT4-fs (loop1): orphan cleanup on readonly fs
[   98.650584][ T4543] EXT4-fs warning (device loop1): ext4_enable_quotas:6486: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[   98.651647][ T4545] loop4: detected capacity change from 0 to 32768
[   98.675756][ T4543] EXT4-fs (loop1): Cannot turn on quotas: error -22
[   98.683868][ T4543] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #13: comm syz.1.72: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[   98.702361][ T4543] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.72: couldn't read orphan inode 13 (err -117)
[   98.725980][ T4543] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noblock_validity,min_batch_time=0x000000000000082f,grpquota,debug,journal_dev=0x0000000000000001,grpid,inode_readahead_blks=0x0000000000010000,,errors=continue. Quota mode: writeback.
[   98.762697][ T4543] EXT4-fs error (device loop1): ext4_lookup:1858: comm syz.1.72: inode #15: comm syz.1.72: iget: illegal inode #
[   98.840640][ T4545] XFS (loop4): Mounting V5 Filesystem
[   98.853920][ T4231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   98.883454][ T4231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[   98.932228][ T4231] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[   98.984548][ T4231] usb 4-1: New USB device found, idVendor=04b4, idProduct=de64, bcdDevice= 0.00
[   99.025667][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.096000][ T4231] usb 4-1: config 0 descriptor??
[   99.188702][ T4531] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   99.645440][ T4238] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   99.685520][ T4545] XFS (loop4): Ending clean mount
[   99.717410][ T4545] XFS (loop4): Quotacheck needed: Please wait.
[   99.774203][ T4545] XFS (loop4): Quotacheck: Done.
[  100.343723][ T4571] netlink: 168 bytes leftover after parsing attributes in process `syz.4.73'.
[  100.431572][   T26] audit: type=1800 audit(1774644957.842:2): pid=4571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.73" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=4430 res=0 errno=0
[  100.490643][ T4231] cypress 0003:04B4:DE64.0001: unknown main item tag 0xd
[  100.499830][ T4231] cypress 0003:04B4:DE64.0001: report_id 1868782771 is invalid
[  100.508167][ T4231] cypress 0003:04B4:DE64.0001: item 0 4 1 8 parsing failed
[  100.515941][ T4231] cypress 0003:04B4:DE64.0001: parse failed
[  100.521863][ T4231] cypress: probe of 0003:04B4:DE64.0001 failed with error -22
[  100.674395][ T4190] XFS (loop4): Unmounting Filesystem
[  100.693710][ T4238] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  100.714250][ T4231] usb 4-1: USB disconnect, device number 4
[  100.729261][ T4238] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  100.793335][ T4238] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  100.811625][ T4238] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.859434][ T4238] usb 1-1: config 0 descriptor??
[  101.251213][ T4594] device syzkaller0 entered promiscuous mode
[  101.346590][ T4238] ath6kl: Unsupported hardware version: 0x0
[  101.357814][ T4238] ath6kl: Failed to init ath6kl core: -22
[  101.378332][ T4238] ath6kl_usb: probe of 1-1:0.0 failed with error -22
[  101.443493][ T4279] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  101.543565][ T4356] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  101.561144][ T4238] usb 1-1: USB disconnect, device number 3
[  101.879909][ T4279] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  101.892466][ T4279] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  101.903689][ T4279] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  101.912740][ T4279] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  101.928419][ T4279] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  102.018619][ T4608] netlink: 68 bytes leftover after parsing attributes in process `syz.3.90'.
[  102.103543][ T4356] usb 3-1: unable to get BOS descriptor or descriptor too short
[  102.176630][ T4356] usb 3-1: not running at top speed; connect to a high speed hub
[  102.595380][ T4612] loop0: detected capacity change from 0 to 1024
[  102.651910][ T4614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.93'.
[  102.694330][ T4356] usb 3-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice= 0.40
[  102.719324][ T4356] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.723646][ T4279] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  102.739145][ T4356] usb 3-1: Product: syz
[  102.743327][ T4356] usb 3-1: Manufacturer: syz
[  102.749473][ T4612] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=continue,jqfmt=vfsv0,auto_da_alloc=0x0000000000000005,max_batch_time=0x0000000000000003,max_batch_time=0x0000000000000009,,errors=continue. Quota mode: none.
[  102.767071][ T4279] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  102.771530][ T4356] usb 3-1: SerialNumber: syz
[  102.877499][ T4612] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3885: comm syz.0.92: Allocating blocks 497-513 which overlap fs metadata
[  102.894549][ T4612] EXT4-fs (loop0): pa ffff88807f006d20: logic 131104, phys. 177, len 21
[  102.902999][ T4612] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1
[  102.933557][ T4279] usb 5-1: Product: syz
[  102.937902][ T4279] usb 5-1: Manufacturer: syz
[  103.007231][ T4279] cdc_wdm 5-1:1.0: skipping garbage
[  103.014720][ T4279] cdc_wdm 5-1:1.0: skipping garbage
[  103.103736][ T4279] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  103.121251][ T4279] cdc_wdm 5-1:1.0: Unknown control protocol
[  103.223586][ T4356] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  103.794101][ T4356] usb 3-1: 2:1 : bogus bTerminalLink 0
[  104.000696][ T4356] usb 3-1: unit 5 not found!
[  104.201790][ T4356] usb 3-1: unit 8 not found!
[  104.213536][ T4356] usb 3-1: unit 1 not found!
[  104.301865][ T4232] usb 5-1: USB disconnect, device number 2
[  104.402919][ T4356] usb 3-1: USB disconnect, device number 2
[  104.576110][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  104.753422][ T4634] loop2: detected capacity change from 0 to 2048
[  105.275710][ T4634] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  106.205944][ T4356] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  106.877823][ T4356] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  107.363498][ T4232] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  107.522311][ T4665] device syzkaller0 entered promiscuous mode
[  107.739638][ T4674] loop1: detected capacity change from 0 to 256
[  108.353895][ T4232] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  109.140452][ T4232] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  109.285176][ T4232] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  109.398058][ T4232] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  109.459832][ T4232] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  109.673676][ T4232] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  109.696691][ T4232] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  109.733866][ T4232] usb 3-1: Product: syz
[  109.743345][ T4232] usb 3-1: Manufacturer: syz
[  109.784806][ T4232] cdc_wdm 3-1:1.0: skipping garbage
[  109.795321][ T4232] cdc_wdm 3-1:1.0: skipping garbage
[  109.816060][ T4232] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  109.823249][ T4232] cdc_wdm 3-1:1.0: Unknown control protocol
[  110.573680][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -75
[  110.824799][ T4279] usb 3-1: USB disconnect, device number 3
[  112.025025][ T4679] loop3: detected capacity change from 0 to 32768
[  112.159579][ T4703] loop4: detected capacity change from 0 to 32768
[  112.207431][ T4708] loop2: detected capacity change from 0 to 256
[  112.215431][ T4679] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.110 (4679)
[  112.430443][ T4703] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.118 (4703)
[  112.516794][ T4703] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  112.526085][ T4703] BTRFS info (device loop4): using free space tree
[  112.532674][ T4703] BTRFS info (device loop4): has skinny extents
[  112.798189][ T4679] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  112.879927][ T4679] BTRFS info (device loop3): enabling auto defrag
[  112.886588][ T4679] BTRFS info (device loop3): disabling auto defrag
[  112.893205][ T4679] BTRFS info (device loop3): max_inline at 0
[  112.899255][ T4679] BTRFS info (device loop3): enabling ssd optimizations
[  112.906575][ T4679] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  112.916191][ T4679] BTRFS info (device loop3): use lzo compression, level 0
[  112.923586][ T4679] BTRFS info (device loop3): using free space tree
[  112.930093][ T4679] BTRFS info (device loop3): has skinny extents
[  113.333346][ T4703] BTRFS info (device loop4): enabling ssd optimizations
[  113.347301][ T4760] loop0: detected capacity change from 0 to 256
[  114.149037][ T4679] BTRFS error (device loop3): open_ctree failed: -12
[  114.149132][ T4175] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by udevd (4175)
[  114.720660][ T4778] device syzkaller0 entered promiscuous mode
[  115.046089][ T4789] loop0: detected capacity change from 0 to 40427
[  115.205479][ T4789] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  115.213702][ T4789] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  115.244202][ T4789] F2FS-fs (loop0): invalid crc value
[  115.615893][ T4789] F2FS-fs (loop0): Found nat_bits in checkpoint
[  115.674531][ T4789] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  115.681582][ T4789] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  116.301816][ T4356] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  116.539893][ T4809] sch_tbf: peakrate 11 is lower than or equals to rate 996173156578218475 !
[  116.540281][ T4812] loop4: detected capacity change from 0 to 1024
[  116.568202][ T4809] device syzkaller0 entered promiscuous mode
[  116.602724][ T4812] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  116.615100][ T4356] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  116.693622][ T4356] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  116.703334][ T4812] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none.
[  116.734318][ T4356] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  116.746101][ T4356] usb 4-1: config 0 interface 0 has no altsetting 0
[  116.823588][ T4356] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  116.842801][ T4356] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  116.864060][ T4356] usb 4-1: config 0 interface 0 has no altsetting 0
[  116.890072][ T4821] vivid-002: =================  START STATUS  =================
[  116.952710][ T4821] vivid-002: Radio HW Seek Mode: Bounded
[  116.969213][ T4821] vivid-002: Radio Programmable HW Seek: false
[  117.005582][ T4821] vivid-002: RDS Rx I/O Mode: Block I/O
[  117.037081][ T4821] vivid-002: Generate RBDS Instead of RDS: false
[  117.062176][ T4821] vivid-002: RDS Reception: true
[  117.089644][ T4821] vivid-002: RDS Program Type: 0 inactive
[  117.100228][ T4825] loop0: detected capacity change from 0 to 32768
[  117.100878][ T4821] vivid-002: RDS PS Name:  inactive
[  117.112396][ T4821] vivid-002: RDS Radio Text:  inactive
[  117.117956][ T4821] vivid-002: RDS Traffic Announcement: false inactive
[  117.124832][ T4821] vivid-002: RDS Traffic Program: false inactive
[  117.131190][ T4821] vivid-002: RDS Music: false inactive
[  117.136723][ T4821] vivid-002: ==================  END STATUS  ==================
[  117.144613][ T4356] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.154138][ T4356] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.166006][ T4356] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.194382][ T4825] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.137 (4825)
[  117.213735][ T4825] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  117.222440][ T4825] BTRFS info (device loop0): using free space tree
[  117.228995][ T4825] BTRFS info (device loop0): has skinny extents
[  117.283554][ T4356] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.284090][ T4233] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  117.301328][ T4356] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.314591][ T4356] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.500851][ T4825] BTRFS info (device loop0): enabling ssd optimizations
[  117.692133][ T4356] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.780064][ T4356] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  118.057194][ T4233] usb 3-1: Using ep0 maxpacket: 16
[  118.127072][ T4356] usb 4-1: config 0 interface 0 has no altsetting 0
[  118.249079][ T4233] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  118.300003][ T4233] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  118.440228][ T4858] device syzkaller0 entered promiscuous mode
[  118.486636][ T4233] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  118.509929][ T4233] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.546023][ T4233] usb 3-1: Product: syz
[  118.550276][ T4233] usb 3-1: Manufacturer: syz
[  118.569695][ T4233] usb 3-1: SerialNumber: syz
[  118.834912][ T4356] usb 4-1: unable to read config index 5 descriptor/all
[  118.841966][ T4356] usb 4-1: can't read configurations, error -71
[  118.925260][ T4233] usb 3-1: 0:2 : does not exist
[  120.074168][ T4863] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  120.147599][ T4233] usb 3-1: USB disconnect, device number 4
[  120.482763][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  120.540978][ T4877] loop2: detected capacity change from 0 to 2048
[  120.743600][ T4883] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  120.801740][ T4875] loop0: detected capacity change from 0 to 40427
[  120.825009][   T26] audit: type=1800 audit(1774644978.362:3): pid=4877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.153" name="file1" dev="loop2" ino=15 res=0 errno=0
[  120.919218][ T4875] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  120.927140][ T4875] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  120.937659][ T4875] F2FS-fs (loop0): invalid crc value
[  120.972588][ T4875] F2FS-fs (loop0): Found nat_bits in checkpoint
[  121.027038][ T4875] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  121.034266][ T4875] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  121.183550][ T4757] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  121.559120][ T4892] device syzkaller0 entered promiscuous mode
[  121.892528][ T4896] loop3: detected capacity change from 0 to 40427
[  121.899273][ T4757] usb 3-1: Using ep0 maxpacket: 8
[  121.979392][ T4896] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  121.987278][ T4896] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  121.998300][ T4896] F2FS-fs (loop3): invalid crc value
[  122.044527][ T4896] F2FS-fs (loop3): Found nat_bits in checkpoint
[  122.233600][ T4757] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  122.746937][ T4757] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.755048][ T4896] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  122.762086][ T4896] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  122.769975][ T4757] usb 3-1: Product: syz
[  122.774697][ T4757] usb 3-1: Manufacturer: syz
[  122.779320][ T4757] usb 3-1: SerialNumber: syz
[  122.788241][ T4757] usb 3-1: config 0 descriptor??
[  122.940740][ T4908] device syzkaller0 entered promiscuous mode
[  123.894205][ T4914] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  123.973579][ T4757] dvb_usb_rtl28xxu 3-1:0.0: chip type detection failed -110
[  123.981098][ T4757] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -110
[  124.044185][ T4757] usb 3-1: USB disconnect, device number 5
[  124.871548][ T4921] loop0: detected capacity change from 0 to 4096
[  125.096078][ T4921] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[  125.400710][ T4930] loop1: detected capacity change from 0 to 256
[  126.195428][ T4932] loop2: detected capacity change from 0 to 1764
[  126.291625][ T4939] device syzkaller0 entered promiscuous mode
[  126.333295][ T4932] tmpfs: Bad value for 'mpol'
[  126.670036][ T4941] loop4: detected capacity change from 0 to 40427
[  126.789091][ T4941] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  126.796871][ T4941] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  126.809871][ T4941] F2FS-fs (loop4): invalid crc value
[  127.836865][ T4941] F2FS-fs (loop4): Found nat_bits in checkpoint
[  127.888388][ T4941] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  127.895524][ T4941] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  128.573527][   T26] audit: type=1326 audit(1774644986.052:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  128.638971][ T4963] lo speed is unknown, defaulting to 1000
[  128.647802][ T4964] device syzkaller0 entered promiscuous mode
[  128.702166][   T26] audit: type=1326 audit(1774644986.052:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.154143][ T4946] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  129.259361][ T4963] lo speed is unknown, defaulting to 1000
[  129.277553][   T26] audit: type=1326 audit(1774644986.072:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.299666][   T26] audit: type=1326 audit(1774644986.072:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.324724][   T26] audit: type=1326 audit(1774644986.072:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.347874][   T26] audit: type=1326 audit(1774644986.072:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.376782][   T26] audit: type=1326 audit(1774644986.072:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.400077][   T26] audit: type=1326 audit(1774644986.092:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.423164][   T26] audit: type=1326 audit(1774644986.092:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.456563][   T26] audit: type=1326 audit(1774644986.092:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4918 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa211a5799 code=0x7ffc0000
[  129.501122][ T4963] lo speed is unknown, defaulting to 1000
[  129.518280][ T4963] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  129.531410][ T4963] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  129.642836][ T4963] lo speed is unknown, defaulting to 1000
[  129.688475][ T4963] lo speed is unknown, defaulting to 1000
[  129.726092][ T4971] device syzkaller0 entered promiscuous mode
[  129.736431][ T4963] lo speed is unknown, defaulting to 1000
[  129.756263][ T4963] lo speed is unknown, defaulting to 1000
[  129.762930][ T4963] lo speed is unknown, defaulting to 1000
[  130.455615][ T4990] capability: warning: `syz.2.183' uses 32-bit capabilities (legacy support in use)
[  130.933220][ T4988] program syz.2.183 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  132.094218][ T5001] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  132.188070][ T4989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  132.677317][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.683911][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.897778][ T5011] netlink: 'syz.1.190': attribute type 10 has an invalid length.
[  133.580340][ T5034] loop4: detected capacity change from 0 to 16
[  133.640680][ T5034] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  134.002301][ T5043] loop2: detected capacity change from 0 to 40427
[  134.090683][ T5046] loop4: detected capacity change from 0 to 256
[  134.506738][ T5043] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  134.514618][ T5043] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  134.750321][ T5043] F2FS-fs (loop2): invalid crc value
[  134.884166][ T5043] F2FS-fs (loop2): Found nat_bits in checkpoint
[  134.942593][ T5043] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  134.949808][ T5043] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  138.315949][ T5066] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  139.363450][ T4232] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  139.603736][ T4232] usb 3-1: Using ep0 maxpacket: 16
[  139.963491][ T4232] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.003697][ T4232] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  141.253688][ T4232] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  141.264101][ T4232] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.275470][ T4232] usb 3-1: Product: syz
[  141.279655][ T4232] usb 3-1: Manufacturer: syz
[  141.287103][ T4232] usb 3-1: SerialNumber: syz
[  141.299630][ T5093] netlink: 12 bytes leftover after parsing attributes in process `syz.4.209'.
[  141.995779][ T5094] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  142.387153][ T5093] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  142.396231][ T5093] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  142.405023][ T5093] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  142.413748][ T5093] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  142.423679][ T4232] usb 3-1: can't set config #1, error -71
[  142.439804][ T4232] usb 3-1: USB disconnect, device number 6
[  142.464489][ T5093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.209'.
[  142.541797][ T5096] netlink: 4 bytes leftover after parsing attributes in process `syz.4.209'.
[  142.570421][ T5096] netlink: 4 bytes leftover after parsing attributes in process `syz.4.209'.
[  142.751902][ T5102] device syzkaller0 entered promiscuous mode
[  145.396795][ T5129] loop4: detected capacity change from 0 to 256
[  147.490728][ T5137] loop0: detected capacity change from 0 to 40427
[  147.603661][ T5137] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  147.611387][ T5137] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  147.624958][ T5137] F2FS-fs (loop0): invalid crc value
[  147.640126][ T5138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.224'.
[  147.695526][ T5137] F2FS-fs (loop0): Found nat_bits in checkpoint
[  147.757089][ T5137] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  147.765634][ T5137] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  148.577832][ T5153] device syzkaller0 entered promiscuous mode
[  149.803670][ T5165] loop2: detected capacity change from 0 to 1024
[  149.897905][ T5166] loop9: detected capacity change from 0 to 7
[  149.914434][ T5166] Dev loop9: unable to read RDB block 7
[  149.920788][ T5166]  loop9: AHDI p1 p2 p3
[  149.925129][ T5166] loop9: partition table partially beyond EOD, truncated
[  149.935798][ T5166] loop9: p1 start 1601398130 is beyond EOD, truncated
[  149.942665][ T5166] loop9: p2 start 1702059890 is beyond EOD, truncated
[  149.985192][ T5165] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  150.254198][ T5165] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none.
[  150.604717][ T5177] loop0: detected capacity change from 0 to 4096
[  150.712731][ T5180] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  151.849131][ T5172] loop1: detected capacity change from 0 to 32768
[  152.254828][ T5183] NILFS (loop0): nilfs_sufile_do_free: segment 9 is already clean
[  152.277824][ T5172] XFS (loop1): Mounting V5 Filesystem
[  153.414093][ T5172] XFS (loop1): log mount failed
[  153.983462][ T4232] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  154.179393][ T5214] device syzkaller0 entered promiscuous mode
[  154.504821][ T4232] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  154.519186][ T4232] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  154.562353][ T4232] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  155.163544][ T4232] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  155.175332][ T4232] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  155.393637][ T4232] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  155.402915][ T4232] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  155.411360][ T4232] usb 3-1: Product: syz
[  155.415963][ T4232] usb 3-1: Manufacturer: syz
[  155.442852][ T5212] loop1: detected capacity change from 0 to 32768
[  155.484419][ T4232] cdc_wdm 3-1:1.0: skipping garbage
[  155.493572][ T4232] cdc_wdm 3-1:1.0: skipping garbage
[  156.030162][ T5212] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.241 (5212)
[  156.065124][ T4232] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  156.076327][ T5212] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  156.101423][ T4232] cdc_wdm 3-1:1.0: Unknown control protocol
[  156.113553][ T5212] BTRFS info (device loop1): setting nodatasum
[  156.119745][ T5212] BTRFS info (device loop1): force zlib compression, level 3
[  156.136620][ T4232] usb 3-1: USB disconnect, device number 7
[  156.152672][ T5212] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[  156.174225][ T5224] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  156.197594][ T5212] BTRFS info (device loop1): use lzo compression, level 0
[  156.281124][ T5212] BTRFS info (device loop1): turning on flush-on-commit
[  156.319862][ T5212] BTRFS info (device loop1): enabling auto defrag
[  156.340723][ T5212] BTRFS info (device loop1): max_inline at 4096
[  156.361019][ T5212] BTRFS info (device loop1): using free space tree
[  156.382719][ T5212] BTRFS info (device loop1): has skinny extents
[  156.418428][ T5240] device syzkaller0 entered promiscuous mode
[  157.337456][ T5256] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  157.525780][ T5212] BTRFS error (device loop1): open_ctree failed: -12
[  157.758152][ T5272] loop4: detected capacity change from 0 to 40427
[  157.780910][ T4175] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (4175)
[  157.903574][ T5272] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  157.911616][ T5272] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  157.943797][ T5272] F2FS-fs (loop4): invalid crc value
[  158.903015][ T5272] F2FS-fs (loop4): Found nat_bits in checkpoint
[  158.950241][ T5288] loop0: detected capacity change from 0 to 32768
[  158.993787][ T5284] loop2: detected capacity change from 0 to 2048
[  158.998623][ T5272] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  159.007282][ T5272] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  159.015046][ T5291] loop3: detected capacity change from 0 to 1024
[  159.153073][ T5291] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  159.220154][ T5284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  159.768519][ T5288] XFS (loop0): Mounting V5 Filesystem
[  159.785024][ T5291] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none.
[  159.813691][    C0] vkms_vblank_simulate: vblank timer overrun
[  160.071396][ T5288] XFS (loop0): Ending clean mount
[  160.336578][ T4192] XFS (loop0): Unmounting Filesystem
[  162.191175][ T5323] device syzkaller0 entered promiscuous mode
[  162.678818][ T5327] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  163.206055][ T5330] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  163.253706][ T5333] tmpfs: Unknown parameter 'usrquota'
[  163.264391][ T5334] device syzkaller0 entered promiscuous mode
[  164.439222][ T5274] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  164.743697][ T5274] usb 3-1: Using ep0 maxpacket: 16
[  164.894224][ T5274] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  164.926821][ T5274] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  165.154423][ T5274] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  165.182548][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.195317][ T5274] usb 3-1: Product: syz
[  165.201109][ T5274] usb 3-1: Manufacturer: syz
[  165.212838][ T5274] usb 3-1: SerialNumber: syz
[  165.231092][ T5352] device syzkaller0 entered promiscuous mode
[  166.282701][ T5274] usb 3-1: 0:2 : does not exist
[  168.583751][ T5274] usb 3-1: USB disconnect, device number 8
[  169.320767][ T5376] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  169.453792][ T5271] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  169.713525][ T5271] usb 2-1: Using ep0 maxpacket: 32
[  169.853994][ T5271] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  170.010820][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.203701][ T5271] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  170.258274][ T5391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.282'.
[  170.559312][ T5389] loop2: detected capacity change from 0 to 40427
[  170.606206][ T5389] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  170.614082][ T5389] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  170.642097][ T5389] F2FS-fs (loop2): invalid crc value
[  170.709619][ T5271] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  170.719044][ T5271] usb 2-1: Product: syz
[  170.724855][ T5271] usb 2-1: Manufacturer: syz
[  170.729528][ T5271] usb 2-1: SerialNumber: syz
[  170.737828][ T5271] usb 2-1: config 0 descriptor??
[  170.740603][ T5389] F2FS-fs (loop2): Found nat_bits in checkpoint
[  170.763909][ T5368] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  170.812079][ T5389] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  170.819438][ T5389] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  171.175945][ T5368] fuse: Unknown parameter 'group_id00000000000000000000'
[  171.298312][ T5410] loop4: detected capacity change from 0 to 32768
[  171.317515][ T5271] usb 2-1: USB disconnect, device number 3
[  171.398854][ T5410] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.283 (5410)
[  171.448677][ T5410] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  171.457397][ T5410] BTRFS info (device loop4): using free space tree
[  171.464064][ T5410] BTRFS info (device loop4): has skinny extents
[  171.941783][ T5431] loop3: detected capacity change from 0 to 40427
[  172.002877][ T5410] BTRFS info (device loop4): enabling ssd optimizations
[  172.045383][ T5439] 9pnet: Insufficient options for proto=fd
[  172.126274][ T5431] F2FS-fs (loop3): invalid crc value
[  172.205704][ T5431] F2FS-fs (loop3): Found nat_bits in checkpoint
[  172.246553][ T5431] F2FS-fs (loop3): Start checkpoint disabled!
[  172.288853][ T5431] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  172.404627][ T5449] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  172.770735][   T26] kauditd_printk_skb: 46 callbacks suppressed
[  172.770745][   T26] audit: type=1800 audit(1774645030.302:60): pid=5431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.284" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  173.146380][   T26] audit: type=1800 audit(1774645030.432:61): pid=5453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.284" name="bus" dev="loop3" ino=10 res=0 errno=0
[  173.303597][ T4279] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  173.408478][ T4675] attempt to access beyond end of device
[  173.408478][ T4675] loop3: rw=2049, want=40976, limit=40427
[  173.547507][ T4279] usb 1-1: Using ep0 maxpacket: 16
[  173.664297][ T4279] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  173.715110][ T4279] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  173.830994][ T5445] loop1: detected capacity change from 0 to 32768
[  173.908087][ T4279] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  173.972163][ T4279] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.980427][ T4279] usb 1-1: Product: syz
[  174.275941][ T5445] XFS (loop1): Mounting V5 Filesystem
[  174.333466][ T4279] usb 1-1: Manufacturer: syz
[  174.338135][ T4279] usb 1-1: SerialNumber: syz
[  174.458540][ T5445] XFS (loop1): Ending clean mount
[  174.664030][ T4279] usb 1-1: 0:2 : does not exist
[  175.216774][ T4279] usb 1-1: USB disconnect, device number 4
[  175.454271][ T4179] udevd[4179]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  175.703512][ T4279] Bluetooth: hci2: command 0x0406 tx timeout
[  175.709686][ T4279] Bluetooth: hci0: command 0x0406 tx timeout
[  175.732085][ T4279] Bluetooth: hci4: command 0x0406 tx timeout
[  175.763600][ T4279] Bluetooth: hci1: command 0x0406 tx timeout
[  175.775232][ T4279] Bluetooth: hci3: command 0x0406 tx timeout
[  175.908295][ T5535] device syzkaller0 entered promiscuous mode
[  176.560861][ T5544] loop0: detected capacity change from 0 to 131072
[  176.738768][ T5548] loop3: detected capacity change from 0 to 256
[  179.121463][ T5544] fscrypt: Error allocating hmac(sha512): -2
[  179.127555][ T5544] F2FS-fs (loop0): Error processing option "test_dummy_encryption" [-2]
[  179.440003][ T5560] loop3: detected capacity change from 0 to 512
[  179.541568][ T5560] EXT4-fs error (device loop3): ext4_iget_extra_inode:4566: inode #15: comm syz.3.301: corrupted in-inode xattr
[  179.581822][ T5560] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.301: couldn't read orphan inode 15 (err -117)
[  179.712722][ T5560] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,,errors=continue. Quota mode: none.
[  180.601940][ T5559] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.301: dx entry: limit 0 != root limit 125
[  180.903700][ T5559] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.301: Corrupt directory, running e2fsck is recommended
[  181.123299][ T5584] loop0: detected capacity change from 0 to 40427
[  181.282225][ T5580] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  181.349043][ T4185] XFS (loop1): Unmounting Filesystem
[  181.381751][ T5590] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'.
[  181.417291][ T5584] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  181.425109][ T5584] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  181.435682][ T5584] F2FS-fs (loop0): invalid crc value
[  181.485016][ T5584] F2FS-fs (loop0): Found nat_bits in checkpoint
[  181.538991][ T5584] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  181.546390][ T5584] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  181.572751][ T5592] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  181.693689][ T5271] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  182.297867][ T5606] device syzkaller0 entered promiscuous mode
[  182.413425][ T5271] usb 3-1: Using ep0 maxpacket: 16
[  182.533472][ T5271] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  182.575692][ T5271] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  182.667037][ T5615] 9pnet: Insufficient options for proto=fd
[  182.783649][ T5271] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  182.792721][ T5271] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.813436][ T5271] usb 3-1: Product: syz
[  182.817619][ T5271] usb 3-1: Manufacturer: syz
[  182.822218][ T5271] usb 3-1: SerialNumber: syz
[  182.913465][   T21] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  183.135764][ T5625] netlink: 68 bytes leftover after parsing attributes in process `syz.1.312'.
[  183.195799][ T5271] usb 3-1: 0:2 : does not exist
[  183.273687][   T21] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  183.386407][   T21] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253
[  183.656085][ T5271] usb 3-1: USB disconnect, device number 9
[  183.833717][   T21] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  183.854465][   T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.862473][   T21] usb 5-1: Product: syz
[  184.041518][   T21] usb 5-1: Manufacturer: syz
[  184.046472][   T21] usb 5-1: SerialNumber: syz
[  184.052792][   T21] usb 5-1: config 0 descriptor??
[  184.495002][   T21] gspca_main: sunplus-2.14.0 probing 055f:c630
[  184.560203][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  184.745208][ T5645] loop0: detected capacity change from 0 to 128
[  185.308722][   T21] gspca_sunplus: reg_r err -71
[  185.778222][   T21] sunplus: probe of 5-1:0.0 failed with error -71
[  185.795087][   T21] usb 5-1: USB disconnect, device number 3
[  185.995458][ T5653] loop0: detected capacity change from 0 to 32768
[  186.031925][ T5655] device syzkaller1 entered promiscuous mode
[  186.049704][ T5653] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.319 (5653)
[  186.106112][ T5653] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  186.115401][ T5653] BTRFS info (device loop0): using free space tree
[  186.121920][ T5653] BTRFS info (device loop0): has skinny extents
[  186.229839][ T5660] device syzkaller0 entered promiscuous mode
[  186.418014][ T5663] loop3: detected capacity change from 0 to 40427
[  186.677202][ T5663] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  186.685173][ T5663] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  186.754284][ T5677] netlink: 68 bytes leftover after parsing attributes in process `syz.4.324'.
[  186.795575][ T5663] F2FS-fs (loop3): invalid crc value
[  187.305526][ T5673] loop1: detected capacity change from 0 to 256
[  187.605613][ T5690] netlink: 4 bytes leftover after parsing attributes in process `syz.4.326'.
[  187.647700][ T5663] F2FS-fs (loop3): Found nat_bits in checkpoint
[  187.723489][ T5653] BTRFS info (device loop0): enabling ssd optimizations
[  187.846818][ T5663] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  187.854075][ T5663] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  190.715934][ T5720] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  191.447150][ T5726] device syzkaller0 entered promiscuous mode
[  193.448871][ T5735] lo speed is unknown, defaulting to 1000
[  193.456030][ T5735] lo speed is unknown, defaulting to 1000
[  193.548490][ T5735] lo speed is unknown, defaulting to 1000
[  193.599915][ T5735] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  194.111774][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  194.122466][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  194.464531][ T5735] lo speed is unknown, defaulting to 1000
[  194.514809][ T5735] lo speed is unknown, defaulting to 1000
[  194.521403][ T5735] lo speed is unknown, defaulting to 1000
[  194.569607][ T5754] device syzkaller0 entered promiscuous mode
[  194.631258][ T5735] lo speed is unknown, defaulting to 1000
[  194.699418][ T5735] lo speed is unknown, defaulting to 1000
[  194.740158][ T5760] device syzkaller0 entered promiscuous mode
[  194.916267][ T5765] device syzkaller0 entered promiscuous mode
[  195.153669][ T5775] netlink: 4 bytes leftover after parsing attributes in process `syz.1.343'.
[  195.225525][ T5777] 9pnet: Insufficient options for proto=fd
[  195.448153][ T5782] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  195.571581][ T5782] device syzkaller0 entered promiscuous mode
[  195.837667][ T5784] loop4: detected capacity change from 0 to 40427
[  195.998798][ T5784] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  196.006788][ T5784] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  196.048512][ T5784] F2FS-fs (loop4): invalid crc value
[  196.055404][ T5796] loop2: detected capacity change from 0 to 256
[  196.217484][ T5784] F2FS-fs (loop4): Found nat_bits in checkpoint
[  196.355469][ T5784] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  196.362663][ T5784] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  196.884924][ T5770] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  197.769209][ T5816] device syzkaller0 entered promiscuous mode
[  197.789434][ T5832] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  197.815605][ T5832] siw: device registration error -23
[  197.959730][ T5839] 9pnet: Insufficient options for proto=fd
[  198.003991][ T5837] device syzkaller0 entered promiscuous mode
[  199.830287][ T5868] loop2: detected capacity change from 0 to 256
[  201.654625][   T26] audit: type=1800 audit(1774645059.192:62): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.362" name="file1" dev="loop2" ino=1048624 res=0 errno=0
[  201.812433][ T5882] device syzkaller0 entered promiscuous mode
[  202.075276][ T5887] loop3: detected capacity change from 0 to 40427
[  202.156390][ T5887] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  202.164235][ T5887] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  202.174072][ T5887] F2FS-fs (loop3): invalid crc value
[  202.842402][ T5887] F2FS-fs (loop3): Found nat_bits in checkpoint
[  202.957472][ T5902] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  202.965057][ T5887] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  202.972092][ T5887] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  203.837960][ T5904] loop0: detected capacity change from 0 to 40427
[  204.686261][ T5915] loop4: detected capacity change from 0 to 256
[  206.373077][ T5904] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  206.381022][ T5904] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  206.413721][ T5904] F2FS-fs (loop0): invalid crc value
[  206.482519][ T5904] F2FS-fs (loop0): Found nat_bits in checkpoint
[  206.502479][ T5921] device syzkaller0 entered promiscuous mode
[  206.581056][ T5904] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  206.588211][ T5904] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  207.363438][ T5271] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  207.643614][ T5271] usb 2-1: Using ep0 maxpacket: 32
[  207.763753][ T5271] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  207.800399][ T5271] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB7, skipping
[  208.003638][ T5271] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  208.030576][ T5271] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.056622][ T5271] usb 2-1: Product: syz
[  208.069434][ T5271] usb 2-1: Manufacturer: syz
[  208.081749][ T5271] usb 2-1: SerialNumber: syz
[  208.109119][ T5271] usb 2-1: config 0 descriptor??
[  208.373745][ T5271] usb 2-1: USB disconnect, device number 4
[  208.683553][ T4757] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  208.719453][ T5944] device syzkaller0 entered promiscuous mode
[  208.933473][ T4757] usb 1-1: Using ep0 maxpacket: 16
[  209.043063][ T5960] device syzkaller0 entered promiscuous mode
[  209.071339][ T5957] device syzkaller0 entered promiscuous mode
[  209.213596][ T4757] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  209.221641][ T4757] usb 1-1: config 0 has no interface number 0
[  209.283440][ T4757] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.303943][ T4757] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.317968][ T5966] device syzkaller0 entered promiscuous mode
[  209.348313][ T4757] usb 1-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  209.404550][ T4757] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.487244][ T4757] usb 1-1: config 0 descriptor??
[  209.561369][ T5969] device syzkaller0 entered promiscuous mode
[  209.853915][ T5978] siw: device registration error -23
[  210.192932][ T5987] device syzkaller0 entered promiscuous mode
[  211.086360][ T4757] holtek_mouse 0003:04D9:A081.0003: item fetching failed at offset 5/8
[  211.095438][ T4757] holtek_mouse 0003:04D9:A081.0003: hid parse failed: -22
[  211.102583][ T4757] holtek_mouse: probe of 0003:04D9:A081.0003 failed with error -22
[  211.254230][ T5995] device syzkaller0 entered promiscuous mode
[  211.388007][ T6003] device syzkaller0 entered promiscuous mode
[  211.544267][ T6010] device syzkaller0 entered promiscuous mode
[  211.713196][ T6015] device syzkaller0 entered promiscuous mode
[  212.061471][ T6032] siw: device registration error -23
[  213.593917][ T6043] device syzkaller0 entered promiscuous mode
[  214.268430][ T6056] device syzkaller0 entered promiscuous mode
[  214.514809][ T4238] usb 1-1: USB disconnect, device number 5
[  214.748692][ T6074] device syzkaller0 entered promiscuous mode
[  214.850115][ T6084] siw: device registration error -23
[  217.352232][ T6132] device syzkaller0 entered promiscuous mode
[  217.583551][    T7] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  217.696845][ T6101] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  217.799955][ T6145] device syzkaller0 entered promiscuous mode
[  217.883486][    T7] usb 1-1: Using ep0 maxpacket: 16
[  217.916383][ T6147] device syzkaller0 entered promiscuous mode
[  217.928292][ T6149] siw: device registration error -23
[  217.997150][ T6151] device syzkaller0 entered promiscuous mode
[  218.123524][    T7] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  218.246522][    T7] usb 1-1: config 0 has no interface number 0
[  218.293461][    T7] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.343588][    T7] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.357273][ T6162] device syzkaller0 entered promiscuous mode
[  219.387650][    T7] usb 1-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  219.443421][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.493930][    T7] usb 1-1: config 0 descriptor??
[  219.653836][ T6170] device syzkaller0 entered promiscuous mode
[  219.969880][ T6173] device syzkaller0 entered promiscuous mode
[  219.977077][    T7] holtek_mouse 0003:04D9:A081.0004: item fetching failed at offset 5/8
[  220.014834][    T7] holtek_mouse 0003:04D9:A081.0004: hid parse failed: -22
[  220.062895][    T7] holtek_mouse: probe of 0003:04D9:A081.0004 failed with error -22
[  220.213696][ T6186] 9pnet: Insufficient options for proto=fd
[  220.656484][ T6191] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  221.033708][ T6194] siw: device registration error -23
[  221.148910][ T6201] device syzkaller0 entered promiscuous mode
[  222.583956][ T4761] usb 1-1: USB disconnect, device number 6
[  223.112140][ T6225] device syzkaller0 entered promiscuous mode
[  223.288192][ T6230] device syzkaller0 entered promiscuous mode
[  223.454104][ T6235] device syzkaller0 entered promiscuous mode
[  223.692161][ T6239] siw: device registration error -23
[  225.624638][ T6254] device syzkaller0 entered promiscuous mode
[  225.680000][ T6256] device syzkaller0 entered promiscuous mode
[  225.806030][ T6261] 9pnet: Insufficient options for proto=fd
[  225.867063][ T6263] device syzkaller0 entered promiscuous mode
[  226.734519][ T6267] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  226.825300][ T6273] device syzkaller0 entered promiscuous mode
[  227.277959][ T6283] device syzkaller0 entered promiscuous mode
[  227.759672][ T6294] siw: device registration error -23
[  228.935306][ T6308] device syzkaller0 entered promiscuous mode
[  228.935941][ T6310] 9pnet: Insufficient options for proto=fd
[  229.253983][ T6316] device syzkaller0 entered promiscuous mode
[  230.032623][ T6322] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  230.329366][ T6344] device syzkaller0 entered promiscuous mode
[  231.621728][ T6347] device syzkaller0 entered promiscuous mode
[  231.732586][ T6357] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  231.780598][ T6359] 9pnet: Insufficient options for proto=fd
[  231.829191][ T6354] siw: device registration error -23
[  232.949534][ T6387] device syzkaller0 entered promiscuous mode
[  234.269454][ T6397] device syzkaller0 entered promiscuous mode
[  234.339753][ T6393] device syzkaller0 entered promiscuous mode
[  235.123380][ T6405] siw: device registration error -23
[  235.222135][ T6402] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  235.239002][ T6407] 9pnet: Insufficient options for proto=fd
[  235.449282][ T6409] device syzkaller0 entered promiscuous mode
[  235.484286][ T6411] device syzkaller0 entered promiscuous mode
[  236.377414][ T6436] device syzkaller0 entered promiscuous mode
[  236.482541][ T6438] device syzkaller0 entered promiscuous mode
[  236.809720][ T6442] siw: device registration error -23
[  237.015878][ T6447] 9pnet: Insufficient options for proto=fd
[  237.517828][ T6455] device syzkaller0 entered promiscuous mode
[  237.575860][ T6459] device syzkaller0 entered promiscuous mode
[  237.663417][    T7] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  237.913393][    T7] usb 4-1: Using ep0 maxpacket: 16
[  238.231100][ T6463] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  238.608100][    T7] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  238.682649][    T7] usb 4-1: config 0 has no interface number 0
[  238.723072][    T7] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.768764][    T7] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  238.807470][    T7] usb 4-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  238.834925][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.902481][    T7] usb 4-1: config 0 descriptor??
[  239.086551][ T6477] device syzkaller0 entered promiscuous mode
[  239.349313][ T6481] device syzkaller0 entered promiscuous mode
[  240.891901][ T6492] 9pnet: Insufficient options for proto=fd
[  240.940297][ T6490] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  241.002956][ T6493] siw: device registration error -23
[  241.337954][ T6499] device syzkaller0 entered promiscuous mode
[  241.803497][    T7] usbhid 4-1:0.1: can't add hid device: -71
[  241.809540][    T7] usbhid: probe of 4-1:0.1 failed with error -71
[  241.845855][ T6519] device syzkaller0 entered promiscuous mode
[  241.910221][    T7] usb 4-1: USB disconnect, device number 7
[  242.207084][ T6525] device syzkaller0 entered promiscuous mode
[  242.335306][ T6528] device syzkaller0 entered promiscuous mode
[  243.264780][ T6531] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  243.656167][ T6539] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  243.724740][ T6539] siw: device registration error -23
[  243.880660][ T6542] 9pnet: Insufficient options for proto=fd
[  244.250995][ T6548] device syzkaller0 entered promiscuous mode
[  244.463579][ T4279] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  244.723601][ T4279] usb 5-1: Using ep0 maxpacket: 16
[  244.881029][ T6554] device syzkaller0 entered promiscuous mode
[  244.914297][ T4279] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  244.945885][ T4279] usb 5-1: config 0 has no interface number 0
[  244.951998][ T4279] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.043265][ T4279] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.085634][ T4279] usb 5-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  245.158761][ T4279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.214300][ T4279] usb 5-1: config 0 descriptor??
[  245.398534][ T6563] device syzkaller0 entered promiscuous mode
[  245.509585][ T6565] device syzkaller0 entered promiscuous mode
[  245.699272][ T6568] device syzkaller0 entered promiscuous mode
[  246.476130][ T6570] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  246.754716][ T6579] 9pnet: Insufficient options for proto=fd
[  247.213643][ T4279] usbhid 5-1:0.1: can't add hid device: -71
[  247.219749][ T4279] usbhid: probe of 5-1:0.1 failed with error -71
[  247.282880][ T4279] usb 5-1: USB disconnect, device number 4
[  247.353029][ T6589] device syzkaller0 entered promiscuous mode
[  247.705020][ T6592] device syzkaller0 entered promiscuous mode
[  248.080624][ T6597] device syzkaller0 entered promiscuous mode
[  248.374929][ T6601] device syzkaller0 entered promiscuous mode
[  248.584580][ T6603] device syzkaller0 entered promiscuous mode
[  248.756686][ T6608] device syzkaller0 entered promiscuous mode
[  249.040625][ T6613] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  249.090358][ T6613] siw: device registration error -23
[  249.274188][ T6620] 9pnet: Insufficient options for proto=fd
[  249.425576][ T6623] tipc: Started in network mode
[  249.451250][ T6623] tipc: Node identity ce369a914d1, cluster identity 4711
[  249.461864][ T6623] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  249.493789][ T6623] tipc: Resetting bearer <eth:syzkaller0>
[  249.516332][ T6622] tipc: Disabling bearer <eth:syzkaller0>
[  249.573391][ T4230] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  249.691708][ T6624] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  249.700206][ T6628] device syzkaller0 entered promiscuous mode
[  249.823408][ T4230] usb 4-1: Using ep0 maxpacket: 16
[  249.934851][ T6632] device syzkaller0 entered promiscuous mode
[  249.953470][ T4230] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  249.987329][ T4230] usb 4-1: config 0 has no interface number 0
[  250.006484][ T4230] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.049951][ T4230] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.122034][ T4230] usb 4-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  250.161727][ T4230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.217786][ T4230] usb 4-1: config 0 descriptor??
[  250.538499][ T6640] device syzkaller0 entered promiscuous mode
[  250.726928][ T4230] holtek_mouse 0003:04D9:A081.0005: item fetching failed at offset 5/8
[  250.761459][ T4230] holtek_mouse 0003:04D9:A081.0005: hid parse failed: -22
[  250.813565][ T4230] holtek_mouse: probe of 0003:04D9:A081.0005 failed with error -22
[  250.851297][ T6644] device syzkaller0 entered promiscuous mode
[  250.967678][ T6621] udc-core: couldn't find an available UDC or it's busy
[  251.010319][ T6645] device syzkaller0 entered promiscuous mode
[  251.090743][ T6621] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  251.653553][ T6655] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  251.729979][ T6655] siw: device registration error -23
[  252.227424][ T6662] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  252.289042][ T6666] device syzkaller0 entered promiscuous mode
[  252.328653][ T6662] tipc: Resetting bearer <eth:syzkaller0>
[  252.438127][ T6661] tipc: Disabling bearer <eth:syzkaller0>
[  252.563857][ T6672] device syzkaller0 entered promiscuous mode
[  252.745172][ T6675] device syzkaller0 entered promiscuous mode
[  252.893559][ T1109] usb 4-1: USB disconnect, device number 8
[  253.062200][ T6677] device syzkaller0 entered promiscuous mode
[  254.951343][ T6703] siw: device registration error -23
[  255.168198][ T6706] device syzkaller0 entered promiscuous mode
[  255.477450][ T6700] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  255.519689][ T6713] tipc: Started in network mode
[  255.546106][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  255.552414][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  255.582207][ T6713] tipc: Node identity 969bd07f602a, cluster identity 4711
[  255.612683][ T6713] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  255.667416][ T6713] tipc: Resetting bearer <eth:syzkaller0>
[  255.689507][ T6712] tipc: Disabling bearer <eth:syzkaller0>
[  255.761969][ T6716] device syzkaller0 entered promiscuous mode
[  255.916671][ T6723] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  255.947073][ T6723] device syzkaller0 entered promiscuous mode
[  257.560294][ T6737] device syzkaller0 entered promiscuous mode
[  257.627179][ T6738] device syzkaller0 entered promiscuous mode
[  257.899346][ T6748] device syzkaller0 entered promiscuous mode
[  258.003628][ T4230] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  258.021611][ T6750] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  258.203815][ T6750] siw: device registration error -23
[  258.351320][ T6755] tipc: Started in network mode
[  258.356672][ T4230] usb 1-1: Using ep0 maxpacket: 16
[  258.427723][ T6755] tipc: Node identity da14206adda7, cluster identity 4711
[  258.474657][ T6755] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  258.513694][ T4230] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  258.541446][ T4230] usb 1-1: config 0 has no interface number 0
[  258.559009][ T6766] device syzkaller0 entered promiscuous mode
[  258.586318][ T4230] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  258.687211][ T4230] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.716182][ T6770] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  258.758523][ T4230] usb 1-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  258.788780][ T6773] device syzkaller0 entered promiscuous mode
[  258.818590][ T4230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.874094][ T4230] usb 1-1: config 0 descriptor??
[  258.940110][ T6774] tipc: Resetting bearer <eth:syzkaller0>
[  259.046297][ T6774] tipc: Disabling bearer <eth:syzkaller0>
[  261.448263][ T6781] device syzkaller0 entered promiscuous mode
[  262.239057][ T6790] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  262.298264][ T4230] usbhid 1-1:0.1: can't add hid device: -71
[  262.313404][ T4230] usbhid: probe of 1-1:0.1 failed with error -71
[  262.341810][ T6793] device syzkaller0 entered promiscuous mode
[  262.360766][ T4230] usb 1-1: USB disconnect, device number 7
[  262.884547][ T6803] device syzkaller0 entered promiscuous mode
[  263.235722][ T6813] device syzkaller0 entered promiscuous mode
[  263.351343][ T6816] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  263.441889][ T6819] device syzkaller0 entered promiscuous mode
[  263.495286][ T6818] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  263.546779][ T6818] device syzkaller0 entered promiscuous mode
[  263.574920][ T6816] tipc: Resetting bearer <eth:syzkaller0>
[  263.651192][ T6815] tipc: Resetting bearer <eth:syzkaller0>
[  263.808145][ T6815] tipc: Disabling bearer <eth:syzkaller0>
[  263.906413][ T6824] device syzkaller0 entered promiscuous mode
[  264.374547][ T6837] device syzkaller0 entered promiscuous mode
[  265.472172][ T4230] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  265.513130][ T6845] device syzkaller0 entered promiscuous mode
[  265.753578][ T4230] usb 5-1: Using ep0 maxpacket: 16
[  265.795284][ T6851] siw: device registration error -23
[  265.860553][ T6856] device syzkaller0 entered promiscuous mode
[  265.953510][ T4230] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  265.985825][ T4230] usb 5-1: config 0 has no interface number 0
[  266.015799][ T4230] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.026902][ T4230] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  266.036914][ T4230] usb 5-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  266.046270][ T4230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.055851][ T4230] usb 5-1: config 0 descriptor??
[  266.625780][ T4230] holtek_mouse 0003:04D9:A081.0006: item fetching failed at offset 5/8
[  266.665090][ T4230] holtek_mouse 0003:04D9:A081.0006: hid parse failed: -22
[  266.710409][ T4230] holtek_mouse: probe of 0003:04D9:A081.0006 failed with error -22
[  266.992191][ T6829] udc-core: couldn't find an available UDC or it's busy
[  267.476075][ T6867] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  267.728032][ T6829] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  267.790552][ T6870] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  267.818278][ T6870] device syzkaller0 entered promiscuous mode
[  267.862016][ T6870] tipc: Resetting bearer <eth:syzkaller0>
[  267.947939][ T6869] tipc: Resetting bearer <eth:syzkaller0>
[  268.027098][ T6869] tipc: Disabling bearer <eth:syzkaller0>
[  268.237898][ T6875] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  268.375848][ T6881] device syzkaller0 entered promiscuous mode
[  268.513122][ T6886] device syzkaller0 entered promiscuous mode
[  269.208634][ T6892] device syzkaller0 entered promiscuous mode
[  269.224537][ T6898] siw: device registration error -23
[  269.249854][ T6894] device syzkaller0 entered promiscuous mode
[  270.322718][ T6915] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  270.434469][ T6913] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  270.448849][ T6913] device syzkaller0 entered promiscuous mode
[  270.721658][ T6913] tipc: Resetting bearer <eth:syzkaller0>
[  270.754602][ T6912] tipc: Resetting bearer <eth:syzkaller0>
[  270.817760][ T6912] tipc: Disabling bearer <eth:syzkaller0>
[  271.059112][ T6921] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  271.209390][ T6925] device syzkaller0 entered promiscuous mode
[  271.518475][ T6929] device syzkaller0 entered promiscuous mode
[  271.977715][ T6935] device syzkaller0 entered promiscuous mode
[  272.009256][ T6937] 9pnet: Could not find request transport: fd0x0000000000000003
[  272.088601][ T6942] siw: device registration error -23
[  272.152186][ T4238] usb 5-1: USB disconnect, device number 5
[  272.179802][ T6944] device syzkaller0 entered promiscuous mode
[  273.056636][ T6948] device syzkaller0 entered promiscuous mode
[  273.079508][ T6960] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  273.299973][ T6964] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  273.344256][ T6964] device syzkaller0 entered promiscuous mode
[  273.419209][ T6964] tipc: Resetting bearer <eth:syzkaller0>
[  273.498384][ T6968] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  273.551112][ T6963] tipc: Resetting bearer <eth:syzkaller0>
[  273.625892][ T6963] tipc: Disabling bearer <eth:syzkaller0>
[  273.661527][ T6968] device syzkaller0 entered promiscuous mode
[  273.758172][ T6975] 9pnet: Could not find request transport: fd0x0000000000000003
[  273.790917][ T6973] device syzkaller0 entered promiscuous mode
[  274.072273][ T6983] device syzkaller0 entered promiscuous mode
[  274.224719][ T6990] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  274.303684][ T6987] siw: device registration error -23
[  274.393420][ T4238] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  274.643383][ T4238] usb 3-1: Using ep0 maxpacket: 16
[  274.711527][ T6998] device syzkaller0 entered promiscuous mode
[  274.764161][ T4238] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  274.790300][ T4238] usb 3-1: config 0 has no interface number 0
[  274.820529][ T4238] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.879617][ T4238] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.937735][ T4238] usb 3-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  274.991364][ T4238] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.061662][ T4238] usb 3-1: config 0 descriptor??
[  276.055013][ T7008] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  276.560494][ T7014] 9pnet: Could not find request transport: fd0x0000000000000003
[  276.724039][ T7016] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  276.794570][ T7017] device syzkaller0 entered promiscuous mode
[  276.871899][ T7019] device syzkaller0 entered promiscuous mode
[  277.029810][ T7021] device syzkaller0 entered promiscuous mode
[  277.324873][ T7027] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  277.343502][ T4238] usbhid 3-1:0.1: can't add hid device: -71
[  277.349485][ T4238] usbhid: probe of 3-1:0.1 failed with error -71
[  277.399543][ T4238] usb 3-1: USB disconnect, device number 10
[  277.405683][ T7033] siw: device registration error -23
[  277.426310][ T7032] device syzkaller0 entered promiscuous mode
[  277.507648][ T7035] tipc: Started in network mode
[  277.520732][ T7035] tipc: Node identity e25237e05744, cluster identity 4711
[  277.570365][ T7035] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  279.062556][ T7038] device syzkaller0 entered promiscuous mode
[  279.144329][ T4757] tipc: Node number set to 3038132192
[  279.913387][ T7049] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  279.980340][ T7046] tipc: Resetting bearer <eth:syzkaller0>
[  280.009972][ T7046] tipc: Disabling bearer <eth:syzkaller0>
[  280.134215][ T7058] 9pnet: Insufficient options for proto=fd
[  280.328174][ T7061] device syzkaller0 entered promiscuous mode
[  280.384888][ T7063] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  280.520513][ T7067] device syzkaller0 entered promiscuous mode
[  281.030575][ T7077] device syzkaller0 entered promiscuous mode
[  281.043365][ T4238] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  282.673511][ T4238] usb 5-1: Using ep0 maxpacket: 16
[  282.793950][ T4238] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  282.807392][ T4238] usb 5-1: config 0 has no interface number 0
[  282.829257][ T7087] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  282.833933][ T4238] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.878394][ T7087] device syzkaller0 entered promiscuous mode
[  282.925729][ T4238] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.932553][ T7087] tipc: Resetting bearer <eth:syzkaller0>
[  282.962544][ T4238] usb 5-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  283.001546][ T4238] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.083385][ T4238] usb 5-1: config 0 descriptor??
[  283.090159][ T7086] tipc: Resetting bearer <eth:syzkaller0>
[  283.140099][ T7086] tipc: Disabling bearer <eth:syzkaller0>
[  283.202500][ T7089] device syzkaller0 entered promiscuous mode
[  283.445752][ T7094] 9pnet: Insufficient options for proto=fd
[  284.264472][ T7096] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  284.462390][ T7109] device syzkaller0 entered promiscuous mode
[  284.691636][ T7111] device syzkaller0 entered promiscuous mode
[  285.319469][ T7118] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  285.390853][ T7118] device syzkaller0 entered promiscuous mode
[  285.491627][ T7121] loop3: detected capacity change from 0 to 256
[  286.847984][   T26] audit: type=1800 audit(1774645144.382:63): pid=7121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.725" name="file1" dev="loop3" ino=1048630 res=0 errno=0
[  287.152053][ T7124] device syzkaller0 entered promiscuous mode
[  287.183510][ T4238] usbhid 5-1:0.1: can't add hid device: -71
[  287.189507][ T4238] usbhid: probe of 5-1:0.1 failed with error -71
[  287.221842][ T4238] usb 5-1: USB disconnect, device number 6
[  287.243571][ T7127] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.277066][ T7128] device syzkaller0 entered promiscuous mode
[  287.331849][ T7127] tipc: Resetting bearer <eth:syzkaller0>
[  287.372355][ T7130] 9pnet: Insufficient options for proto=fd
[  287.466016][ T7134] loop3: detected capacity change from 0 to 256
[  287.491300][ T7126] tipc: Resetting bearer <eth:syzkaller0>
[  287.745263][ T7126] tipc: Disabling bearer <eth:syzkaller0>
[  288.737806][ T7141] device syzkaller0 entered promiscuous mode
[  288.834870][ T7146] loop1: detected capacity change from 0 to 256
[  290.024730][ T7163] loop0: detected capacity change from 0 to 256
[  290.700980][   T26] audit: type=1800 audit(1774645148.232:64): pid=7163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.737" name="file1" dev="loop0" ino=1048639 res=0 errno=0
[  291.804111][ T7159] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  291.936951][ T7173] 9pnet: Insufficient options for proto=fd
[  292.066188][ T7176] device syzkaller0 entered promiscuous mode
[  293.112880][ T7187] loop0: detected capacity change from 0 to 256
[  294.858688][ T7184] loop3: detected capacity change from 0 to 40427
[  294.874442][   T26] audit: type=1800 audit(1774645152.272:65): pid=7187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.744" name="file1" dev="loop0" ino=1048642 res=0 errno=0
[  294.913391][   T26] audit: type=1800 audit(1774645152.432:66): pid=7189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.744" name="file1" dev="loop0" ino=1048642 res=0 errno=0
[  295.069664][ T7184] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  295.077505][ T7184] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  295.216136][ T7184] F2FS-fs (loop3): invalid crc value
[  295.541205][ T7184] F2FS-fs (loop3): Found nat_bits in checkpoint
[  295.554622][ T7196] device syzkaller0 entered promiscuous mode
[  295.591560][ T7184] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  295.598776][ T7184] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  297.117294][ T7227] device syzkaller0 entered promiscuous mode
[  297.182398][ T7230] siw: device registration error -23
[  297.387073][ T7235] loop1: detected capacity change from 0 to 256
[  297.549949][   T26] audit: type=1800 audit(1774645155.082:67): pid=7235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.752" name="file1" dev="loop1" ino=1048645 res=0 errno=0
[  297.894425][ T7236] device syzkaller0 entered promiscuous mode
[  298.520149][ T7250] loop2: detected capacity change from 0 to 40427
[  298.697850][ T7255] loop0: detected capacity change from 0 to 256
[  300.907521][ T7252] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  301.046232][ T7250] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  301.054043][ T7250] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  301.064932][ T7250] F2FS-fs (loop2): invalid crc value
[  301.130858][ T7250] F2FS-fs (loop2): Found nat_bits in checkpoint
[  301.230896][ T7250] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  301.238122][ T7250] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  301.795469][ T7267] loop0: detected capacity change from 0 to 256
[  303.756456][ T7270] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  303.783934][ T7270] device syzkaller0 entered promiscuous mode
[  303.833790][ T7272] device syzkaller0 entered promiscuous mode
[  303.881609][ T7270] tipc: Resetting bearer <eth:syzkaller0>
[  303.899561][ T7269] tipc: Resetting bearer <eth:syzkaller0>
[  303.924082][ T7269] tipc: Disabling bearer <eth:syzkaller0>
[  304.039956][ T7275] device syzkaller0 entered promiscuous mode
[  304.439262][ T7282] loop2: detected capacity change from 0 to 256
[  305.728689][ T7292] loop3: detected capacity change from 0 to 40427
[  305.735769][ T7293] device syzkaller0 entered promiscuous mode
[  305.805999][ T7292] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  305.813930][ T7292] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  305.825115][ T7292] F2FS-fs (loop3): invalid crc value
[  305.911034][ T7292] F2FS-fs (loop3): Found nat_bits in checkpoint
[  305.964130][ T7292] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  305.971227][ T7292] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  307.921548][ T7315] loop0: detected capacity change from 0 to 256
[  308.249659][ T7304] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  308.674582][ T7323] device syzkaller0 entered promiscuous mode
[  309.020390][ T7332] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  309.068590][ T7332] device syzkaller0 entered promiscuous mode
[  309.271182][ T7333] tipc: Resetting bearer <eth:syzkaller0>
[  309.355986][ T7331] tipc: Resetting bearer <eth:syzkaller0>
[  309.376029][ T7331] tipc: Disabling bearer <eth:syzkaller0>
[  310.801617][ T7347] loop3: detected capacity change from 0 to 40427
[  310.808641][ T7342] device syzkaller0 entered promiscuous mode
[  310.866318][ T7347] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  310.874085][ T7347] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  310.883169][ T7347] F2FS-fs (loop3): invalid crc value
[  311.025702][ T7347] F2FS-fs (loop3): Found nat_bits in checkpoint
[  311.083550][ T7347] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  311.090642][ T7347] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  311.233782][ T4761] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  311.973371][ T4761] usb 3-1: Using ep0 maxpacket: 16
[  312.107787][ T4761] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.191154][ T7366] loop0: detected capacity change from 0 to 256
[  313.778692][ T4761] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  313.863421][ T4761] usb 3-1: string descriptor 0 read error: -71
[  313.869671][ T4761] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  313.909262][ T4761] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.943456][ T4761] usb 3-1: can't set config #1, error -71
[  313.974225][ T4761] usb 3-1: USB disconnect, device number 11
[  314.234540][ T7374] loop0: detected capacity change from 0 to 256
[  316.994146][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  317.007323][ T7399] netlink: 68 bytes leftover after parsing attributes in process `syz.2.799'.
[  317.029586][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  317.705016][ T7400] loop4: detected capacity change from 0 to 256
[  319.542404][ T7405] loop2: detected capacity change from 0 to 40427
[  319.606737][ T7405] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  319.614542][ T7405] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  319.624343][ T7405] F2FS-fs (loop2): invalid crc value
[  319.637754][ T7410] device syzkaller0 entered promiscuous mode
[  319.755861][ T7405] F2FS-fs (loop2): Found nat_bits in checkpoint
[  319.812655][ T7405] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  319.819785][ T7405] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  319.933382][ T4233] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  320.463670][ T4233] usb 1-1: Using ep0 maxpacket: 16
[  320.523409][ T4279] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  320.604186][ T4233] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  320.640417][ T4233] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  320.722218][ T7436] loop2: detected capacity change from 0 to 256
[  320.863668][ T4233] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  320.872768][ T4233] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.917654][ T4233] usb 1-1: Product: syz
[  320.921861][ T4233] usb 1-1: Manufacturer: syz
[  320.927030][ T4279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  320.957675][ T4279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.981816][ T4233] usb 1-1: SerialNumber: syz
[  321.004409][ T4279] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  321.021128][ T4279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.082705][ T4279] usb 5-1: config 0 descriptor??
[  321.150941][ T4279] hub 5-1:0.0: USB hub found
[  321.356160][ T4233] usb 1-1: 0:2 : does not exist
[  321.383797][ T4279] hub 5-1:0.0: 1 port detected
[  321.439318][ T4233] usb 1-1: USB disconnect, device number 8
[  321.613408][ T1109] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  321.695561][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  321.873591][ T1109] usb 3-1: Using ep0 maxpacket: 16
[  321.915460][ T7447] loop0: detected capacity change from 0 to 128
[  321.993566][ T1109] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  322.011933][ T1109] usb 3-1: config 0 has no interface number 0
[  322.039440][ T1109] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.145140][ T7420] netlink: 'syz.4.805': attribute type 6 has an invalid length.
[  322.160463][ T1109] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.171357][ T1109] usb 3-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  322.181824][ T1109] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.827534][ T4279] usb 5-1: USB disconnect, device number 7
[  322.834392][ T1109] usb 3-1: config 0 descriptor??
[  324.448296][ T7464] loop1: detected capacity change from 0 to 256
[  326.452834][ T7463] loop3: detected capacity change from 0 to 40427
[  326.556251][ T7463] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  326.564082][ T7463] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  326.593548][ T7463] F2FS-fs (loop3): invalid crc value
[  326.612131][ T7417] ODEBUG: Out of memory. ODEBUG disabled
[  326.688870][ T7463] F2FS-fs (loop3): Found nat_bits in checkpoint
[  326.764731][ T7463] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  326.771762][ T7463] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  327.617084][ T7473] device syzkaller0 entered promiscuous mode
[  327.633568][ T1109] usbhid 3-1:0.1: can't add hid device: -71
[  327.639568][ T1109] usbhid: probe of 3-1:0.1 failed with error -71
[  327.672169][ T1109] usb 3-1: USB disconnect, device number 12
[  328.203355][ T7491] loop3: detected capacity change from 0 to 16
[  328.844763][ T1109] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  329.450726][ T7499] loop3: detected capacity change from 0 to 1024
[  329.496299][ T7499] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  329.523552][ T1109] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  329.553719][ T1109] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.578645][ T1109] usb 3-1: Product: syz
[  329.583516][ T1109] usb 3-1: Manufacturer: syz
[  329.588531][ T1109] usb 3-1: SerialNumber: syz
[  329.641911][ T7499] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,delalloc,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,bsdgroups,max_batch_time=0x00000000000003fe,user_xattr,noinit_itable,,errors=continue. Quota mode: none.
[  330.043663][ T7507] loop4: detected capacity change from 0 to 40427
[  330.094699][ T7509] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  330.803242][ T7507] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  330.811156][ T7507] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  330.822500][ T7507] F2FS-fs (loop4): invalid crc value
[  330.870697][ T7507] F2FS-fs (loop4): Found nat_bits in checkpoint
[  331.148072][ T7507] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  331.155185][ T7507] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  331.381720][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  332.133143][ T7527] loop3: detected capacity change from 0 to 256
[  332.622910][ T7531] loop0: detected capacity change from 0 to 512
[  332.675510][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  332.729100][ T7534] loop4: detected capacity change from 0 to 64
[  332.778996][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -71
[  332.828794][ T7534] MINIX-fs: mounting file system with errors, running fsck is recommended
[  332.851611][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71
[  332.859666][ T7531] EXT4-fs error (device loop0): ext4_iget_extra_inode:4566: inode #15: comm syz.0.834: corrupted in-inode xattr
[  332.886115][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71
[  332.933541][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71
[  332.971268][ T7540] device syzkaller0 entered promiscuous mode
[  332.983518][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71
[  332.996790][ T7531] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.834: couldn't read orphan inode 15 (err -117)
[  333.024034][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71
[  333.035804][ T7531] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,,errors=continue. Quota mode: none.
[  333.093889][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71
[  333.114678][ T7531] EXT4-fs warning (device loop0): dx_probe:893: inode #2: comm syz.0.834: dx entry: limit 0 != root limit 125
[  333.155647][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001018. ret = -71
[  333.177746][ T7531] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.834: Corrupt directory, running e2fsck is recommended
[  333.317027][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  333.329021][ T1109] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  333.344037][ T1109] lan78xx: probe of 3-1:1.0 failed with error -71
[  333.663496][ T1109] usb 3-1: USB disconnect, device number 13
[  333.690867][ T7548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.834'.
[  334.053341][ T1109] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  335.185665][ T7559] loop0: detected capacity change from 0 to 40427
[  335.249502][ T7559] F2FS-fs (loop0): invalid crc value
[  335.269363][ T7563] loop1: detected capacity change from 0 to 40427
[  335.279994][ T7559] F2FS-fs (loop0): Found nat_bits in checkpoint
[  335.315643][ T7559] F2FS-fs (loop0): Start checkpoint disabled!
[  335.331433][ T7563] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  335.339252][ T7563] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  335.347270][ T7559] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  335.373600][ T1109] usb 3-1: unable to get BOS descriptor or descriptor too short
[  335.383296][ T7563] F2FS-fs (loop1): invalid crc value
[  335.395993][ T7563] F2FS-fs (loop1): Found nat_bits in checkpoint
[  335.425323][   T26] audit: type=1800 audit(1774645192.962:68): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.842" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  335.453549][ T1109] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  335.852225][ T7563] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  335.859393][ T7563] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  336.033582][ T1109] usb 3-1: string descriptor 0 read error: -71
[  336.087297][ T7580] loop3: detected capacity change from 0 to 256
[  337.305131][ T1109] usb 3-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=58.89
[  337.459809][ T1109] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.491918][   T26] audit: type=1800 audit(1774645193.052:69): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.842" name="bus" dev="loop0" ino=10 res=0 errno=0
[  337.653694][ T1109] usb 3-1: can't set config #8, error -71
[  337.723082][ T1109] usb 3-1: USB disconnect, device number 14
[  339.009462][  T432] attempt to access beyond end of device
[  339.009462][  T432] loop0: rw=2049, want=40976, limit=40427
[  339.785857][ T7607] loop4: detected capacity change from 0 to 256
[  339.817126][ T7609] loop0: detected capacity change from 0 to 2048
[  339.883711][ T7609] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  339.923906][ T4230] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  339.938323][ T7607] FAT-fs (loop4): Directory bread(block 64) failed
[  339.970987][ T7607] FAT-fs (loop4): Directory bread(block 65) failed
[  339.999096][ T7607] FAT-fs (loop4): Directory bread(block 66) failed
[  340.013358][ T4279] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  340.047407][ T7607] FAT-fs (loop4): Directory bread(block 67) failed
[  340.083175][ T7607] FAT-fs (loop4): Directory bread(block 68) failed
[  340.110264][ T7607] FAT-fs (loop4): Directory bread(block 69) failed
[  340.136997][ T7607] FAT-fs (loop4): Directory bread(block 70) failed
[  340.172715][ T7607] FAT-fs (loop4): Directory bread(block 71) failed
[  340.201886][ T7607] FAT-fs (loop4): Directory bread(block 72) failed
[  340.213346][ T4230] usb 4-1: Using ep0 maxpacket: 16
[  340.313724][ T7607] FAT-fs (loop4): Directory bread(block 73) failed
[  340.362636][ T7619] loop0: detected capacity change from 0 to 40427
[  340.407862][ T7619] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  340.415713][ T7619] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  340.426487][ T4279] usb 2-1: Using ep0 maxpacket: 16
[  340.441440][ T7619] F2FS-fs (loop0): invalid crc value
[  340.493422][ T4230] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  340.512186][ T4230] usb 4-1: config 0 has no interface number 0
[  340.534948][ T7619] F2FS-fs (loop0): Found nat_bits in checkpoint
[  340.555455][ T4279] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  340.574971][ T4279] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  340.593502][ T7619] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  340.600573][ T7619] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  340.709453][ T4230] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.743700][ T4230] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.869138][ T7625] loop2: detected capacity change from 0 to 40427
[  340.919902][ T4230] usb 4-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  340.942414][ T7625] F2FS-fs (loop2): invalid crc value
[  340.963479][ T4279] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  340.981303][ T7625] F2FS-fs (loop2): Found nat_bits in checkpoint
[  341.009492][ T4230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.017949][ T4279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.031794][ T7625] F2FS-fs (loop2): Start checkpoint disabled!
[  341.057803][ T4279] usb 2-1: Product: syz
[  341.058593][ T4230] usb 4-1: config 0 descriptor??
[  341.062073][ T7625] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  341.075293][ T4279] usb 2-1: Manufacturer: syz
[  341.079911][ T4279] usb 2-1: SerialNumber: syz
[  341.181250][   T26] audit: type=1800 audit(1774645198.712:70): pid=7625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.863" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  341.803491][ T4279] usb 2-1: 0:2 : does not exist
[  341.844279][ T4279] usb 2-1: USB disconnect, device number 5
[  341.901528][   T26] audit: type=1800 audit(1774645198.882:71): pid=7631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.863" name="bus" dev="loop2" ino=10 res=0 errno=0
[  342.573873][  T432] attempt to access beyond end of device
[  342.573873][  T432] loop2: rw=2049, want=40976, limit=40427
[  342.657407][ T4465] udevd[4465]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  342.808692][ T7639] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  344.317432][ T7654] lo speed is unknown, defaulting to 1000
[  344.432754][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.871'.
[  345.013440][ T4230] usbhid 4-1:0.1: can't add hid device: -71
[  345.019438][ T4230] usbhid: probe of 4-1:0.1 failed with error -71
[  345.295186][ T4230] usb 4-1: USB disconnect, device number 9
[  345.772535][ T7668] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  345.845813][ T7668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  345.857117][ T7668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  345.870644][ T7668] device bridge_slave_0 left promiscuous mode
[  345.878948][ T7668] bridge0: port 1(bridge_slave_0) entered disabled state
[  345.925576][ T7668] device bridge_slave_1 left promiscuous mode
[  345.949205][ T7668] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.001372][ T7668] bond0: (slave bond_slave_0): Releasing backup interface
[  347.029915][ T7668] bond0: (slave bond_slave_1): Releasing backup interface
[  347.135799][ T7668] team0: Port device team_slave_0 removed
[  347.198390][ T7668] team0: Port device team_slave_1 removed
[  347.208634][ T7668] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  347.222917][ T7668] batman_adv: batadv0: Removing interface: batadv_slave_0
[  347.234246][ T7668] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  347.241671][ T7668] batman_adv: batadv0: Removing interface: batadv_slave_1
[  347.273581][ T7676] device syzkaller0 entered promiscuous mode
[  347.413686][ T7696] netlink: 'syz.2.880': attribute type 8 has an invalid length.
[  347.470601][ T7698] device syzkaller0 entered promiscuous mode
[  347.493720][ T1109] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  347.633933][ T4279] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  347.733889][ T1109] usb 5-1: Using ep0 maxpacket: 16
[  347.853567][ T1109] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  347.877371][ T1109] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  347.893331][ T4279] usb 4-1: Using ep0 maxpacket: 16
[  348.016863][ T4279] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xD7, skipping
[  348.064281][ T1109] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  348.080289][ T1109] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.097477][ T1109] usb 5-1: Product: syz
[  348.108819][ T1109] usb 5-1: Manufacturer: syz
[  348.125227][ T1109] usb 5-1: SerialNumber: syz
[  348.213605][ T4279] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  348.231712][ T4279] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.277179][ T4279] usb 4-1: Product: syz
[  348.283667][ T4279] usb 4-1: Manufacturer: syz
[  348.288271][ T4279] usb 4-1: SerialNumber: syz
[  348.345011][ T4279] usb 4-1: config 0 descriptor??
[  348.425022][ T4279] appledisplay 4-1:0.0: Could not find int-in endpoint
[  348.460811][ T4279] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  348.473604][ T1109] usb 5-1: 0:2 : does not exist
[  348.510034][ T1109] usb 5-1: USB disconnect, device number 8
[  348.673482][ T4279] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  348.691369][ T7714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.886'.
[  349.584462][ T4238] usb 4-1: USB disconnect, device number 10
[  349.713696][ T4279] usb 2-1: Using ep0 maxpacket: 16
[  349.766537][ T7720] loop0: detected capacity change from 0 to 256
[  350.963473][ T4279] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  350.971561][ T4279] usb 2-1: config 0 has no interface number 0
[  351.043014][ T4279] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  351.110190][ T7718] loop4: detected capacity change from 0 to 40427
[  351.116778][ T4279] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  351.162000][ T4279] usb 2-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  351.188144][ T7718] F2FS-fs (loop4): build fault injection attr: rate: 174, type: 0x1ffff
[  351.237864][ T7724] device syzkaller0 entered promiscuous mode
[  351.243021][ T4279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.309695][ T4279] usb 2-1: config 0 descriptor??
[  351.608377][ T7729] device syzkaller0 entered promiscuous mode
[  351.927712][ T7733] device syzkaller0 entered promiscuous mode
[  352.814324][ T7743] loop4: detected capacity change from 0 to 128
[  353.028946][ T7748] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  354.722731][ T7746] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  354.873576][ T4279] usb 2-1: can't set config #0, error -71
[  354.885402][ T4279] usb 2-1: USB disconnect, device number 6
[  354.944759][ T7764] device syzkaller0 entered promiscuous mode
[  354.953877][ T7762] loop2: detected capacity change from 0 to 4096
[  355.130399][ T7773] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  355.681247][ T7776] NILFS (loop2): nilfs_sufile_do_free: segment 9 is already clean
[  355.793469][ T7779] device syzkaller0 entered promiscuous mode
[  356.090907][ T7784] device syzkaller0 entered promiscuous mode
[  357.819869][ T7817] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  357.832054][ T7817] device syzkaller0 entered promiscuous mode
[  357.873763][ T7817] tipc: Resetting bearer <eth:syzkaller0>
[  357.901249][ T7816] tipc: Resetting bearer <eth:syzkaller0>
[  357.916937][ T7816] tipc: Disabling bearer <eth:syzkaller0>
[  357.959029][ T7821] device syzkaller0 entered promiscuous mode
[  358.558253][ T7828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.917'.
[  358.670271][ T7830] program syz.3.918 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  358.818990][ T4233] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  358.882618][ T7835] device syzkaller0 entered promiscuous mode
[  360.133324][ T4233] usb 3-1: Using ep0 maxpacket: 16
[  360.166540][ T7845] device syzkaller0 entered promiscuous mode
[  360.253453][ T4233] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  360.291780][ T4233] usb 3-1: config 0 has no interface number 0
[  360.317726][ T4233] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  360.365615][ T4233] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.391933][ T4233] usb 3-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  360.428829][ T4233] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.439919][ T7852] binder: BINDER_SET_CONTEXT_MGR already set
[  360.457374][ T7852] binder: 7851:7852 ioctl 4018620d 200000000040 returned -16
[  360.486024][ T4233] usb 3-1: config 0 descriptor??
[  360.562663][ T7849] loop4: detected capacity change from 0 to 40427
[  360.657655][ T7849] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  360.665660][ T7849] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  360.676922][ T7849] F2FS-fs (loop4): invalid crc value
[  360.784725][ T7849] F2FS-fs (loop4): Found nat_bits in checkpoint
[  360.853734][ T7866] loop1: detected capacity change from 0 to 1024
[  360.909063][ T7849] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  360.916223][ T7849] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  361.553661][ T7866] EXT4-fs (loop1): quotafile must be on filesystem root
[  362.171737][ T7871] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  362.265809][ T7872] device syzkaller0 entered promiscuous mode
[  362.769856][ T7873] tipc: Resetting bearer <eth:syzkaller0>
[  362.831680][ T7870] tipc: Resetting bearer <eth:syzkaller0>
[  362.862997][ T7870] tipc: Disabling bearer <eth:syzkaller0>
[  362.883373][ T1109] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  363.140399][ T7876] device syzkaller0 entered promiscuous mode
[  364.022926][ T7890] device syzkaller0 entered promiscuous mode
[  364.054888][ T1109] usb 4-1: unable to read config index 0 descriptor/start: -71
[  364.062490][ T1109] usb 4-1: can't read configurations, error -71
[  364.068986][ T4233] usbhid 3-1:0.1: can't add hid device: -71
[  364.076582][ T4233] usbhid: probe of 3-1:0.1 failed with error -71
[  364.092547][ T4233] usb 3-1: USB disconnect, device number 15
[  364.112563][ T7888] device syz_tun left promiscuous mode
[  364.151171][ T7888] bridge0: port 3(syz_tun) entered disabled state
[  364.162510][ T7888] bond0: (slave bridge0): Releasing backup interface
[  364.170503][ T7888] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.177853][ T7888] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.219773][ T7886] loop2: detected capacity change from 0 to 40427
[  364.250221][ T7888] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  364.265250][ T7886] F2FS-fs (loop2): invalid crc value
[  364.278791][ T7888] device bridge_slave_0 left promiscuous mode
[  364.285248][ T7888] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.299958][ T7888] device bridge_slave_1 left promiscuous mode
[  364.307718][ T7888] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.318988][ T7886] F2FS-fs (loop2): Found nat_bits in checkpoint
[  364.354301][ T7886] F2FS-fs (loop2): Start checkpoint disabled!
[  364.376298][ T7898] binder: BINDER_SET_CONTEXT_MGR already set
[  364.394657][ T7886] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  364.399057][ T7898] binder: 7897:7898 ioctl 4018620d 200000000040 returned -16
[  364.416767][ T7888] bond0: (slave bond_slave_0): Releasing backup interface
[  364.502968][ T7888] bond0: (slave bond_slave_1): Releasing backup interface
[  364.547931][ T7901] loop1: detected capacity change from 0 to 32768
[  364.561757][   T26] audit: type=1800 audit(1774645222.092:72): pid=7886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.932" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  364.669421][ T7901] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.937 (7901)
[  364.699981][   T26] audit: type=1800 audit(1774645222.232:73): pid=7905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.932" name="bus" dev="loop2" ino=10 res=0 errno=0
[  364.778352][ T7888] team0: Port device team_slave_0 removed
[  364.875959][ T7901] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  364.884754][ T7901] BTRFS info (device loop1): using free space tree
[  364.891281][ T7901] BTRFS info (device loop1): has skinny extents
[  364.903113][ T7888] team0: Port device team_slave_1 removed
[  364.940491][ T7888] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  365.000879][ T7888] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.011767][ T7888] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  365.019450][ T7888] batman_adv: batadv0: Removing interface: batadv_slave_1
[  365.101328][ T4309] attempt to access beyond end of device
[  365.101328][ T4309] loop2: rw=2049, want=40976, limit=40427
[  365.204914][ T7901] BTRFS info (device loop1): enabling ssd optimizations
[  365.259710][ T7931] loop4: detected capacity change from 0 to 1024
[  365.313463][ T7931] EXT4-fs (loop4): quotafile must be on filesystem root
[  369.620882][ T7955] device syzkaller0 entered promiscuous mode
[  369.673351][ T4757] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  369.803345][ T4262] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  370.103426][ T4262] usb 1-1: Using ep0 maxpacket: 16
[  370.343527][ T4757] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  370.715510][ T4757] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  370.724622][ T4757] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  370.816618][ T4757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.826594][ T4757] usb 4-1: config 0 descriptor??
[  370.865286][ T4757] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  370.879965][ T4757] dvb-usb: bulk message failed: -22 (3/0)
[  370.901213][ T4757] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  370.913415][ T4262] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  371.734358][ T4262] usb 1-1: config 0 has no interface number 0
[  371.740490][ T4262] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.751473][ T4262] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.761725][ T4757] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  371.769603][ T4262] usb 1-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00
[  371.779116][ T4757] usb 4-1: media controller created
[  371.786270][ T4757] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  371.794699][ T4262] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.926517][ T7973] loop4: detected capacity change from 0 to 40427
[  371.954684][ T4262] usb 1-1: config 0 descriptor??
[  371.985017][ T4262] usb 1-1: can't set config #0, error -71
[  371.988342][ T7973] F2FS-fs (loop4): invalid crc value
[  371.994602][ T4757] dvb-usb: bulk message failed: -22 (6/0)
[  372.007606][ T7975] device syzkaller0 entered promiscuous mode
[  372.045680][ T7973] F2FS-fs (loop4): Found nat_bits in checkpoint
[  372.049758][ T4262] usb 1-1: USB disconnect, device number 9
[  372.058560][ T4757] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  372.080139][ T7973] F2FS-fs (loop4): Start checkpoint disabled!
[  372.212106][ T7982] loop1: detected capacity change from 0 to 1024
[  373.006281][ T7982] EXT4-fs (loop1): quotafile must be on filesystem root
[  373.427966][ T7973] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  373.560096][   T26] audit: type=1800 audit(1774645231.092:74): pid=7973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.950" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  374.546790][ T4757] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  374.743460][   T26] audit: type=1800 audit(1774645232.052:75): pid=7986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.950" name="bus" dev="loop4" ino=10 res=0 errno=0
[  374.771186][ T4757] dvb-usb: schedule remote query interval to 150 msecs.
[  374.793053][ T4757] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  374.827544][ T4757] usb 4-1: USB disconnect, device number 13
[  375.486399][ T4757] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  375.576543][  T432] attempt to access beyond end of device
[  375.576543][  T432] loop4: rw=2049, want=40976, limit=40427
[  375.761086][ T7994] device syzkaller0 entered promiscuous mode
[  376.887482][ T8004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'.
[  377.371500][ T8011] loop2: detected capacity change from 0 to 512
[  377.535345][ T8013] loop0: detected capacity change from 0 to 32768
[  377.616841][ T8013] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.963 (8013)
[  377.620795][ T8011] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #2: comm syz.2.962: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[  377.648328][ T8013] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  377.656996][ T8013] BTRFS info (device loop0): using free space tree
[  377.663524][ T8013] BTRFS info (device loop0): has skinny extents
[  377.696256][ T8021] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  377.736593][ T8011] EXT4-fs (loop2): get root inode failed
[  377.742264][ T8011] EXT4-fs (loop2): mount failed
[  378.425537][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  378.431934][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  378.508396][ T8041] loop1: detected capacity change from 0 to 40427
[  378.538704][ T8041] F2FS-fs (loop1): invalid crc value
[  378.551302][ T8041] F2FS-fs (loop1): Found nat_bits in checkpoint
[  378.682654][ T8051] loop2: detected capacity change from 0 to 256
[  378.762053][ T8041] F2FS-fs (loop1): Start checkpoint disabled!
[  378.825874][ T8041] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  378.883177][ T8013] BTRFS info (device loop0): enabling ssd optimizations
[  379.193457][   T26] audit: type=1800 audit(1774645236.712:76): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.969" name="file1" dev="loop2" ino=1048683 res=0 errno=0
[  379.791379][   T26] audit: type=1800 audit(1774645236.782:77): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.967" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  379.841106][   T26] audit: type=1800 audit(1774645237.372:78): pid=8055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.969" name="file1" dev="loop2" ino=1048683 res=0 errno=0
[  380.010656][ T8065] device syzkaller0 entered promiscuous mode
[  381.124097][ T8081] netlink: 8 bytes leftover after parsing attributes in process `syz.0.976'.
[  382.473642][ T8084] net_ratelimit: 1 callbacks suppressed
[  382.473653][ T8084] IPVS: sh: FWM 3 0x00000003 - no destination available
[  384.359311][ T8105] loop1: detected capacity change from 0 to 32768
[  384.476150][ T8110] loop3: detected capacity change from 0 to 1024
[  385.433699][ T8105] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.982 (8105)
[  385.447605][ T8110] EXT4-fs (loop3): quotafile must be on filesystem root
[  385.731605][ T8108] loop4: detected capacity change from 0 to 256
[  386.035084][ T8105] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  386.044039][ T8105] BTRFS info (device loop1): using free space tree
[  386.050615][ T8105] BTRFS info (device loop1): has skinny extents
[  386.545192][ T8141] netlink: 8 bytes leftover after parsing attributes in process `syz.0.989'.
[  387.953471][ T8155] loop0: detected capacity change from 0 to 256
[  388.112360][ T8155] FAT-fs (loop0): Directory bread(block 64) failed
[  389.143607][ T8155] FAT-fs (loop0): Directory bread(block 65) failed
[  389.193197][ T8155] FAT-fs (loop0): Directory bread(block 66) failed
[  389.214998][ T8105] BTRFS error (device loop1): open_ctree failed: -22
[  389.249773][ T8155] FAT-fs (loop0): Directory bread(block 67) failed
[  389.274132][ T8155] FAT-fs (loop0): Directory bread(block 68) failed
[  389.280692][ T8155] FAT-fs (loop0): Directory bread(block 69) failed
[  389.299690][ T4175] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by udevd (4175)
[  389.403708][ T8155] FAT-fs (loop0): Directory bread(block 70) failed
[  389.420612][ T8155] FAT-fs (loop0): Directory bread(block 71) failed
[  389.433042][ T8155] FAT-fs (loop0): Directory bread(block 72) failed
[  389.461777][ T8155] FAT-fs (loop0): Directory bread(block 73) failed
[  390.348599][ T8175] input: syz0 as /devices/virtual/input/input6
[  390.454728][ T4513] 
[  390.457076][ T4513] ======================================================
[  390.464071][ T4513] WARNING: possible circular locking dependency detected
[  390.471073][ T4513] syzkaller #0 Not tainted
[  390.475465][ T4513] ------------------------------------------------------
[  390.482460][ T4513] kworker/0:8/4513 is trying to acquire lock:
[  390.488498][ T4513] ffff888078520c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210
[  390.499526][ T4513] 
[  390.499526][ T4513] but task is already holding lock:
[  390.506871][ T4513] ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170
[  390.515895][ T4513] 
[  390.515895][ T4513] which lock already depends on the new lock.
[  390.515895][ T4513] 
[  390.526293][ T4513] 
[  390.526293][ T4513] the existing dependency chain (in reverse order) is:
[  390.535285][ T4513] 
[  390.535285][ T4513] -> #5 (rfkill_global_mutex){+.+.}-{3:3}:
[  390.543255][ T4513]        __mutex_lock_common+0x1e3/0x2400
[  390.548963][ T4513]        mutex_lock_nested+0x17/0x20
[  390.554236][ T4513]        rfkill_register+0x33/0x8a0
[  390.559553][ T4513]        hci_register_dev+0x452/0x970
[  390.564913][ T4513]        vhci_create_device+0x32c/0x5c0
[  390.570446][ T4513]        vhci_write+0x391/0x450
[  390.575278][ T4513]        vfs_write+0x745/0xd60
[  390.580023][ T4513]        ksys_write+0x152/0x260
[  390.584851][ T4513]        do_syscall_64+0x4c/0xa0
[  390.589770][ T4513]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  390.596171][ T4513] 
[  390.596171][ T4513] -> #4 (&data->open_mutex){+.+.}-{3:3}:
[  390.604178][ T4513]        __mutex_lock_common+0x1e3/0x2400
[  390.609888][ T4513]        mutex_lock_nested+0x17/0x20
[  390.615208][ T4513]        vhci_send_frame+0x88/0x100
[  390.620388][ T4513]        hci_send_frame+0x1a9/0x2e0
[  390.625563][ T4513]        hci_cmd_work+0x1b7/0x360
[  390.630565][ T4513]        process_one_work+0x85f/0x1010
[  390.636002][ T4513]        worker_thread+0xaa6/0x1290
[  390.641222][ T4513]        kthread+0x436/0x520
[  390.645794][ T4513]        ret_from_fork+0x1f/0x30
[  390.650725][ T4513] 
[  390.650725][ T4513] -> #3 ((work_completion)(&hdev->cmd_work)){+.+.}-{0:0}:
[  390.659999][ T4513]        process_one_work+0x7bb/0x1010
[  390.665447][ T4513]        worker_thread+0xaa6/0x1290
[  390.670625][ T4513]        kthread+0x436/0x520
[  390.675209][ T4513]        ret_from_fork+0x1f/0x30
[  390.680128][ T4513] 
[  390.680128][ T4513] -> #2 ((wq_completion)hci0#2){+.+.}-{0:0}:
[  390.688276][ T4513]        flush_workqueue+0x16c/0x13d0
[  390.693627][ T4513]        drain_workqueue+0xcf/0x380
[  390.698802][ T4513]        hci_dev_reset+0x16d/0x660
[  390.703897][ T4513]        sock_do_ioctl+0xfb/0x320
[  390.708898][ T4513]        sock_ioctl+0x4d2/0x710
[  390.713726][ T4513]        __se_sys_ioctl+0xfa/0x170
[  390.718812][ T4513]        do_syscall_64+0x4c/0xa0
[  390.723726][ T4513]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  390.730136][ T4513] 
[  390.730136][ T4513] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[  390.737771][ T4513]        __mutex_lock_common+0x1e3/0x2400
[  390.743486][ T4513]        mutex_lock_nested+0x17/0x20
[  390.748761][ T4513]        bg_scan_update+0x44/0x3b0
[  390.753857][ T4513]        process_one_work+0x85f/0x1010
[  390.759302][ T4513]        worker_thread+0xaa6/0x1290
[  390.764480][ T4513]        kthread+0x436/0x520
[  390.769050][ T4513]        ret_from_fork+0x1f/0x30
[  390.773969][ T4513] 
[  390.773969][ T4513] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[  390.783846][ T4513]        __lock_acquire+0x2c42/0x7d10
[  390.789209][ T4513]        lock_acquire+0x19e/0x400
[  390.794218][ T4513]        __flush_work+0x116/0x210
[  390.799251][ T4513]        __cancel_work_timer+0x3f4/0x560
[  390.804863][ T4513]        hci_request_cancel_all+0xcc/0x300
[  390.810650][ T4513]        hci_dev_do_close+0x4e/0x1030
[  390.816006][ T4513]        hci_rfkill_set_block+0x10a/0x190
[  390.821709][ T4513]        rfkill_set_block+0x1c6/0x420
[  390.827064][ T4513]        rfkill_epo+0x75/0x170
[  390.831807][ T4513]        rfkill_op_handler+0x76/0x220
[  390.837153][ T4513]        process_one_work+0x85f/0x1010
[  390.842588][ T4513]        worker_thread+0xaa6/0x1290
[  390.847762][ T4513]        kthread+0x436/0x520
[  390.852329][ T4513]        ret_from_fork+0x1f/0x30
[  390.857240][ T4513] 
[  390.857240][ T4513] other info that might help us debug this:
[  390.857240][ T4513] 
[  390.867440][ T4513] Chain exists of:
[  390.867440][ T4513]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[  390.867440][ T4513] 
[  390.883134][ T4513]  Possible unsafe locking scenario:
[  390.883134][ T4513] 
[  390.890561][ T4513]        CPU0                    CPU1
[  390.895900][ T4513]        ----                    ----
[  390.901328][ T4513]   lock(rfkill_global_mutex);
[  390.906152][ T4513]                                lock(&data->open_mutex);
[  390.913236][ T4513]                                lock(rfkill_global_mutex);
[  390.920507][ T4513]   lock((work_completion)(&hdev->bg_scan_update));
[  390.927159][ T4513] 
[  390.927159][ T4513]  *** DEADLOCK ***
[  390.927159][ T4513] 
[  390.935280][ T4513] 3 locks held by kworker/0:8/4513:
[  390.940536][ T4513]  #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010
[  390.950859][ T4513]  #1: ffffc900038bfd00 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010
[  390.961177][ T4513]  #2: ffffffff8d6c51a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_epo+0x43/0x170
[  390.970650][ T4513] 
[  390.970650][ T4513] stack backtrace:
[  390.976526][ T4513] CPU: 0 PID: 4513 Comm: kworker/0:8 Not tainted syzkaller #0
[  390.983958][ T4513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  390.993991][ T4513] Workqueue: events rfkill_op_handler
[  390.999440][ T4513] Call Trace:
[  391.002730][ T4513]  <TASK>
[  391.005647][ T4513]  dump_stack_lvl+0x188/0x250
[  391.010313][ T4513]  ? load_image+0x400/0x400
[  391.014794][ T4513]  ? show_regs_print_info+0x20/0x20
[  391.019979][ T4513]  ? print_circular_bug+0x12b/0x1a0
[  391.025154][ T4513]  check_noncircular+0x296/0x330
[  391.030069][ T4513]  ? look_up_lock_class+0x71/0x110
[  391.035160][ T4513]  ? add_chain_block+0x940/0x940
[  391.040073][ T4513]  ? lockdep_lock+0xf1/0x1f0
[  391.044645][ T4513]  ? __lock_acquire+0x12e8/0x7d10
[  391.049651][ T4513]  ? mark_lock+0x94/0x320
[  391.053956][ T4513]  ? _find_first_zero_bit+0xce/0xf0
[  391.059133][ T4513]  __lock_acquire+0x2c42/0x7d10
[  391.063967][ T4513]  ? add_lock_to_list+0x18d/0x280
[  391.068970][ T4513]  ? verify_lock_unused+0x140/0x140
[  391.074769][ T4513]  lock_acquire+0x19e/0x400
[  391.079251][ T4513]  ? __flush_work+0xfa/0x210
[  391.083820][ T4513]  ? __lock_acquire+0x7d10/0x7d10
[  391.088822][ T4513]  ? read_lock_is_recursive+0x10/0x10
[  391.094171][ T4513]  ? start_flush_work+0x776/0x820
[  391.099176][ T4513]  __flush_work+0x116/0x210
[  391.103659][ T4513]  ? __flush_work+0xfa/0x210
[  391.108224][ T4513]  ? flush_work+0x20/0x20
[  391.112528][ T4513]  ? try_to_grab_pending+0xfa/0x7f0
[  391.117707][ T4513]  ? mark_lock+0x94/0x320
[  391.122014][ T4513]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  391.128058][ T4513]  ? lock_chain_count+0x20/0x20
[  391.132893][ T4513]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  391.138768][ T4513]  ? _raw_spin_unlock+0x40/0x40
[  391.143594][ T4513]  ? __cancel_work_timer+0x36a/0x560
[  391.148857][ T4513]  __cancel_work_timer+0x3f4/0x560
[  391.153946][ T4513]  ? cancel_work_sync+0x20/0x20
[  391.158776][ T4513]  ? remove_wait_queue+0x120/0x120
[  391.163950][ T4513]  ? __cancel_work+0x1f9/0x2e0
[  391.168694][ T4513]  ? __cancel_work+0x27b/0x2e0
[  391.173437][ T4513]  ? cancel_work+0x20/0x20
[  391.177831][ T4513]  hci_request_cancel_all+0xcc/0x300
[  391.183097][ T4513]  hci_dev_do_close+0x4e/0x1030
[  391.187925][ T4513]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  391.193797][ T4513]  ? _raw_spin_unlock+0x40/0x40
[  391.198624][ T4513]  hci_rfkill_set_block+0x10a/0x190
[  391.203802][ T4513]  ? rcu_lock_release+0x20/0x20
[  391.208630][ T4513]  rfkill_set_block+0x1c6/0x420
[  391.213461][ T4513]  rfkill_epo+0x75/0x170
[  391.217683][ T4513]  rfkill_op_handler+0x76/0x220
[  391.222511][ T4513]  process_one_work+0x85f/0x1010
[  391.227442][ T4513]  ? worker_detach_from_pool+0x240/0x240
[  391.233052][ T4513]  ? lockdep_hardirqs_off+0x70/0x100
[  391.238315][ T4513]  ? _raw_spin_lock_irq+0xb7/0xf0
[  391.243318][ T4513]  ? _raw_spin_lock_irqsave+0x100/0x100
[  391.248841][ T4513]  ? wq_worker_running+0x97/0x170
[  391.253846][ T4513]  worker_thread+0xaa6/0x1290
[  391.258538][ T4513]  kthread+0x436/0x520
[  391.262587][ T4513]  ? rcu_lock_release+0x20/0x20
[  391.267420][ T4513]  ? kthread_blkcg+0xd0/0xd0
[  391.271988][ T4513]  ret_from_fork+0x1f/0x30
[  391.276388][ T4513]  </TASK>
[  391.279435][    C0] vkms_vblank_simulate: vblank timer overrun
[  391.410669][ T8181] loop0: detected capacity change from 0 to 256