last executing test programs:

1m50.979822828s ago: executing program 2 (id=38):
syz_open_dev$tty1(0xc, 0x4, 0x4)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000010c0)={0xc, {"a2e3ad21ed0d52f91b5d520987f70e06d038e7ff7fc6e5539b326d298b089b0708376d090890e0878f0e1ac6e7049b336c959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d074b0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
socket$qrtr(0x2a, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
setxattr$incfs_metadata(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x0, 0x0, 0x0)
lsetxattr(&(0x7f0000000440)='./file0\x00', &(0x7f0000000600)=@known='trusted.overlay.impure\x00', &(0x7f0000000640)='\x00', 0x1, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x15, 0x2, 0x0, "11010000001400000100b64c0000005c4b7c1500"})
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, 0x0, 0x0)
bind$qrtr(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(r1, 0x0, 0x44)
r2 = socket$igmp(0x2, 0x3, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = add_key$keyring(&(0x7f00000036c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$user(&(0x7f0000002640), &(0x7f0000002680)={'syz', 0x3}, &(0x7f00000026c0)="90165609df5c7f8bf72a67a92bb598feb2b3f54730b72e32de18e19a5c60c959925080b35e5440169cc1eac0af6b914fa7d26da46801b5dc0b9d5dc3eb57635bd0addb65a1d9ce9bd4121839e7b4116a0ded072d330e22114a10543908a73ae8fd716005998917bb7db70d878b208c011e85206e570270099d2af640000ebee7e9697f623400eb6a552e1bbcb051d94a742f4d9122713fcc85172576fe2d4c5eb97ff296723ac43def2626ccb8ec1071ec17eb6736c8475140b97d5f97d27f335d95aaae85d86178d7b0a41d6a48000503a13703c9a43adccec9e9e7636f7c6f3701b92721b7847d7162d73d5e0a1b80a945f82e9af120bc88f9b0ad62313fc706c88f0047ce5583ab940907c46d98070040b0de058dbe893e66f07d6d14dcac05caaefe1b78104fbaf33228d0d52d83b33a81364675fa1d1a23220a830d3573b1be3cae9ffb79a60dd84f4fd27ff8b95899c3aceeaead5b7fadc7062b1890b741def5f8adfeb84c49baa4445c40e581b4da0b37e3e74fde31c98be9bc3392676060ee863cc912bd37b039c7272a431ab9a1b9462a931bb3fea48ca8e6cb2077359aad1e657bf592fdb899b56fc403ce80747d332d758c1295dcedbae75567e295ac8b649fb224cfbdb26b466b67402d70cf0e8b43cc1b249981c7d59037118b7c0a2ae4a3e959d785db479aabd2ebafe881d14541be8fc7684efb38746bd31e9e128a38e21bb483e3bb1afa8d7083d57b2c7575f0f6f537852fa96eaabd8711237aabe51356acd9c6f7a8b633a33d9d5bbb3d49ba9f7703c9f3fcd3c56724ff1ba666499e5c426b6b10e242c9c8a387da26faa1a67cf8c71b8fef7ed7b63289d0aea2a3096e3aa586e657f2bbc416426a362526afdc3197642b5401a5269a77d1358e698c24fdeb9f1c8a3a544e823a39cd045788f2a61e5b9573241f8b8613c895075a20f82ff0c616dd735df7362e643dc8e12c878d3fa251f1a25daaad013fe17916bd453109c9a26478da74578568b51be26710bbc1f9b4f36b552a4e2996ef31438c2f367053b53e7826698285bbca9c4d55e3b6dfefab5145c7f731a52fda18438005fc7eee8e1ab42484ddbf36897ac100296cf53c611ab2cc0ca4e16b26dbfb4d526fcce8294c13b6abc28ab35b7e758a4d337ba2afde0c26b013749f15e35f003f1ce966a0315adee0e8ce4414d5003abf18ca641bbe4473088fa94f6a26426ffb00a45c2597b4ec70bd33c9808ca730c8f7790b7664c40798701c0d1935409fc02beb8b975425d7d3aa4eb2536bd4df8642170ec2260d488ac133f8757ca4520198b3f6aae446a41844deac8b42f609cd54af9e8e1c098bedaf770c5a3575dfe4d4d7f947964ee3422b62db4b185dfe0c2362d3558c21ab6ddbb7e5573b58ac79cef371337c1a96984408ca50365cd7a8e33514df5e244347e1b72068e801c94a76b3978860c00acac5b219ac0e45b80d18915bdc48020a8b67726cc2ee1a7324f82aa7a7a786190c3914b07ab11ec76877084eafffdd4bc8373f95de3f225fe325b856e94a8adf125ffbf6705b241d9007843762d8a5c6b2fe86e1cf4cb71bef42fc857f154bb5f7de0bd5c5df1739643385d3069442727381e1ad75669ffedda1bd70b32d97684435ccd84b62f0df16c4f4df876b198dfbd2c6f4189c093122f1ad28f104efd5eb119c59f31622214bc8b443e628bcfcd6a1158c4f2f4b644473da96f580d7cda22f19ad3280e551107c39024e483b747ebafd976ab4a581fcf8c37f5e8fe06f2ea71485eaaec34a52982988e5579ba61cac0c9dd1ab56550798a94bf153bb1b797645f5e84a1489568a1904892bbd6bb7cc059393c3cb8ae916e134bf5523776111cf2888a5552a2fe6f2de9a13fcb06735d004e2bd3e4efed8cabe8c272647cd4df20a312c940615c31463a82f118110b78fd60eb3db2a190ef6125216fd2aa372350f5b904de088e47e5da031e25859d84931b1c02c69a8311cae20194aed34fe343d2bebf0ed3159446d4fbf53477bb9d5e1bbaa6330fc002a9410e249f975c917daca19d6c849ec56c9e63678f8659461068036861e21ef25dadb9a152cba096a9619f760145cbd7e51faba886f3dbf3d32e3731fa67dfc07d056741f0f1fcc6d50033e942cc3140785a56bd76a3161a089018f01c5e3058fd36d2bfbb3eafa5998e0c7b524aab6373867fbdfa8cbf083a02b5e29f95d2d84609ad80e009619a850acf0c1d8ae4cea37c0e101915219f72664e151cff82358255ab5a995f56f00203a3f95e63133edaa1cb06b6e28856d5bf333f5df7cc85b9dc46839dc47c2d13be4546ce842ab6ad25b5421899115dff7fe750472d9b28b2604264aef916d88c4e3d08895e1b17fcbadfe6512257493137c4e4ad412eab02db7d99e66a776b0453ddfc8f33780378d6db6a8fcf8fcaae6278135c50b4672d5df32ec6fd6706a27e5986fea52a6c32b6e1d0c88ae9cb7dffcb9f53eb61a2e327f9222cca509978895d353366b71dc8f3c6f011be2e5c185ec0c6fb61e713cf98a9541c37cceba94a023b04c8d984975fc2928d2540087a8c72c2cf997854c2cb83fc882d8e49eb52010af3a76962fd2a9d64d8dbb94b112055172bed172cb48c7a1512f39679ee1d5282ca46722ab3e7df65bc542010dd1cb90959c7fdb7fdefed7cce4e46e7a56a507bc4c6995cde5c881d3f1a84d5664ffb0df56ff24df2a277fcb839a613e679c53a03459cc90263901d6b12562716b82221e876eab6f0cf3d3453260177fc53f11545f98274e585cc95baf1d364dbef91809e2022e9389a46be04b6e2e0c06777562bda98aa31306c18a464720a21be71202181c6e55e445b80b4187e3d9e3caeda62797fa877ef1d3da9d867aeb52", 0x801, r4)
keyctl$dh_compute(0x17, &(0x7f0000003780)={r5, r5, r5}, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[], 0x14}}, 0x0)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000080)=0x2, 0x4)

1m50.113539167s ago: executing program 2 (id=45):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000711229000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)={0x6, <r0=>0x0}, 0x8)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000cc0)={r0, 0x3, 0x8}, 0xc)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x90)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014001100b7030000000000698500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="a90300000000000000003200000008004001"], 0x1c}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
r7 = openat$cgroup_freezer_state(r6, &(0x7f0000000140), 0x2, 0x0)
r8 = openat$cgroup_procs(r6, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f00000000c0), 0x12)
write$cgroup_freezer_state(r7, &(0x7f0000000080)='THAWED\x00', 0x7)
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="00e789da34e04a1ffbfd4b2c2fb684c70b90bbb45efd97899a16f2df4fa2e8f06ac2c5352509e3c51d672eb3ec0dd3b1c96e980163890d2d0d1b8d3d62f6d77b0209e166e2ca4c35483d49316daf522556a16cab12d75a852bc680da7ea837480feb2060a1e20a59b7745235b33bc18c4ed0351cd285197b0241569048b5b416ba1c57217be5a338392f681617ee8c35bb21f0a9eed63b1226b18c4b455ab222d7ae1b5258d5643d70000000000000000000ae468a387d9e63008000000000000063a454d1ab8760076afc3752105f030c49caf2fdfe6bc9743a68593b576e2f2f6ab69e1b974ac90855b3250f8f73e16bc593730b88d7a3346b945e276875915040ce498f262cd8ce8191ee84e3ce5526a0a4bb707cc711a3311f27b3d50a86e15a57e26666aaa296b7ddc4c8f421cf9d76d344bf6522f5d1138659d3de84ce13b085a2ed9d66c93767378423521cc4ea440e0ac3b953e1ca1675a716a97a8bb29b90ffffff51eeab4747b94c35beac5fd2ed195e20ad1fcfbee59924e161280a8b78fe34b2fa3efa7c1d4268bf090000ecb4ece3234c232659fee3ff9e6d21e008a570bb490a65b84ea8b6d6e1df20458e59456822dbb8dbd7ce0f928d5fbd6414fe8ab5277f3fd5ce6be044993f93e697a69484cc0e65eca23c742443c84e21a440998c6c69c12c2db7aee2872c6e0671d639e8f6bece219dcd0f69b9867dfc3187c882c035809c81832d7416f90c734be30c2faf0c22bfc8d95dfc7b05ac96b838c932b35511628ae5a75b9dc9e967ef5edf311bbebd7ca803cea8f5b9ec5b0900227769f5350adae56f07284be80bd0279c9dfbaa9521d746dd6c44d670b68744d26e72389e6c61767725d2c692443bc949c28b1a374e541bd352ca2f3bf64d883862dc24d8e27d86b6e38bc269f110c3d57deeefa8fa022514bdc75f794094700cb8fa2b61310cbf9058bce5f2399055929e0fc732e0d5db926fe1b09a6893ff038d8099c229bda0801f8b8171dd73b4abac97f704a0942051bae38b00b69d7fa69d738f99f73b19082ec0c99442d97ddbf68a4822aa2a2673478f81f14fae4e03197f5da8b8d36d9b3467beee619b9d9882f7eabfb5a6d1b5d39ec6703d50d8abf4a102f61296f46e519e1617e34dc711020a54ec92971f7025d4c7a0e4f9b6dcca1a00ae9bbeb6f2e72d78ccac527c4a8c8f007e77b7fe095516907060a7f1570128de98254e60d32373ef40fb2ea6ab7cc92374e3eed77ca5cef0c71bbf2e3dc32d54ff4346c9c82313274ad31fb7118ede1d0209fb983c47e2cc5a08d8f3b96cd171c3b469edc7857f14433a2c95f1ce2f36e41d09a59d10858c3f29d2310000000000000000000000000000000000000000b0eac1950f898d1e3649cfa40d0d6549d34da1ced0cf2119cd734024077ff83afaeed177d20012166256f2c60030af505a8f031eff7f713c3c"], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")
creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x1000000, 0x1000f4)

1m48.0482891s ago: executing program 2 (id=54):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, 0x0, &(0x7f00000003c0))
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xea}}}, 0x24}}, 0x0)

1m46.870485215s ago: executing program 2 (id=63):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file2\x00', 0x2000000, &(0x7f0000000000)=ANY=[], 0x7e, 0x1cf, &(0x7f0000000200)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wMDIyMEDYTkvo7M0u1p9q6ztl0e+mRPL7aXejmgbT8/48mgAewMDAwHHBkZiiB8v//R9HNoAKlQxiY4OxQBiYGTSg7nIGRQQ/KTmBgYgiDslMZGBkioewsJHY+SL2eXlpmTqpecn5OCohhACIMQYQRiDBGd9/bRkaGFCT3IXupuLIqOzEnJ7UIicEClcMiRRaDUPi9dWRisEVyHyi+IjqaG0F8WNgYIIWfIQMTgyHUE8YMjAzBUHELBnZY2ECCBMn/UiwI85kx/E+RbzmoEUZYGYK65GnXoGLkVVYxMNDMg8QyWKjoHUyGHyi/EaO4b0ADgUiG2NtdpzGlng68w4YYA1E+/V/IyKCOVD6xIJUf+iW5BfrFlVW6mbmJ6anpqXlGRsZmBowMBqZG+uCCCELiKf84weUTF5L5rDjUsjGxMVQklpQUGUJINkYo3whCIpW4wdvy34D1MDEwlDB4MDAwKEPMABWbbHjKY0Y2iBomsFoQS4MZj/JRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSMglEwCkbBKCAByDMwgkdBCQCjALBqQAAAAP//K/hxXQ==")
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000480))
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000002000))
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8}, 0x8}, 0x90)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4)

1m39.371478499s ago: executing program 5 (id=80):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x2000480, &(0x7f0000000100), 0x5, 0x75b, &(0x7f0000000800)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnr2R7159cdV/wsP0lI1LVY8SGQ2s+m22U03aZJF9/OB1743M5s333kz897uDDMB9KzR9J9cxOGI+DCJGM6mJxExUM/1R5xcW+72ynIxTUmsrr7+e1Jf5tbKcjGaPpM6mBUej4gf3os4kttYb3VxaaZQLpfms/J4bfbCeHVx6ej52cJ0abo0d3xicvLYiedOHN+5QP/8eenQ9Y9eefrrk3+/+9jVD35M4mQcymY3x7FTRmM02yYD6Sa8y8s7XVmXJd1eAbYlPTT71o7yOBzD0VfPAQD/Z29HxCoA0GMS/T8A9JjG7wC3VpaLjdTdXyT21o2XImL/WvyN65trc/qza3b769dBh24ld10ZSSJiZAfqH42Iz79988s0xS5dhwRo5Z3LEXF2ZHTj+T/ZcM/CVj3TwTKj95Sd/2DvfJeOf55vNf7LrY9/osX4Z7DFsbsd9z/+c9d2oJq20vHfi033tt1uij8z0peVHqqP+QaSc+fLpfTc9nBEjMXAYFqe2KSOsZv/3Gw3r3n898fHb32R1p/+f2eJ3LX+wbs/M1WoFR4k5mY3Lkc80d8q/mS9/ZM249/THdbx6gvvf9ZuXhp/Gm8jbYx/d61eiXiqZfvfuaMt2fT+xPH67jDe2Cla+OaXT4fa1d/c/mlK6298F9gLafsPbR7/SNJ8v2Z163X8dGX4+3bz7h9/6/1/X/JGPb8vm3apUKvNT0TsS17bOP3Ync9m5QORLZ/GP/Zk6+N/s/0//U54tsP4+6//9tX2499dafxTW2r/rWeu3p7pa1d/Z+0/Wc+NZVM6Of91uoIPsu0AAAAAAAAAAAAAAAAAAAAAAAAAoFO5iDgUSS6/ns/l8vm1d3g/GkO5cqVaO3KusjA3FfV3ZY/EQK7xqMvhpuehTmTPw2+Uj91TfjYiHomITwYP1Mv5YqU81e3gAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBzsM37/1O/DnZ77QCAXbO/2ysAAOw5/T8A9B79PwD0Hv0/APQe/T8A9B79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvs9KlTaVr9a2W5mJanLi4uzFQuHp0qVWfyswvFfLEyfyE/XalMl0v5YmX2fn+vXKlcmIy5hUvjtVK1Nl5dXDozW1mYq505P1uYLp0pDexJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwNdXFpZlCuVyal5GRkVnPdPvMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDf8G8AAAD//7WFKeA=")
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000100)='./file2\x00', 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
fchmodat(r6, &(0x7f00000000c0)='./file1\x00', 0x0)

1m38.923797068s ago: executing program 2 (id=82):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x0, 0x0, 0x3f}})
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0)
readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0xe}], 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x100008b}, 0x0)
getpid()
sched_setscheduler(0xffffffffffffffff, 0x6, &(0x7f0000000080)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x5412, &(0x7f00000000c0)=0x13)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)

1m37.135127189s ago: executing program 5 (id=83):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x2100, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x0, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x15, 0x1, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
close_range(r0, 0xffffffffffffffff, 0x0)

1m36.668084766s ago: executing program 2 (id=86):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
dup2(r1, r2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, 0xffffffffffffffff, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0x5)
setresuid(0xee01, r3, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)

1m35.78281558s ago: executing program 5 (id=91):
add_key$keyring(&(0x7f00000021c0), &(0x7f0000002200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0xff2e)
r2 = syz_open_pts(r1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000300))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000004c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)

1m34.545386316s ago: executing program 5 (id=94):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file2\x00', 0x2000000, &(0x7f0000000000)=ANY=[], 0x7e, 0x1cf, &(0x7f0000000200)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wMDIyMEDYTkvo7M0u1p9q6ztl0e+mRPL7aXejmgbT8/48mgAewMDAwHHBkZiiB8v//R9HNoAKlQxiY4OxQBiYGTSg7nIGRQQ/KTmBgYgiDslMZGBkioewsJHY+SL2eXlpmTqpecn5OCohhACIMQYQRiDBGd9/bRkaGFCT3IXupuLIqOzEnJ7UIicEClcMiRRaDUPi9dWRisEVyHyi+IjqaG0F8WNgYIIWfIQMTgyHUE8YMjAzBUHELBnZY2ECCBMn/UiwI85kx/E+RbzmoEUZYGYK65GnXoGLkVVYxMNDMg8QyWKjoHUyGHyi/EaO4b0ADgUiG2NtdpzGlng68w4YYA1E+/V/IyKCOVD6xIJUf+iW5BfrFlVW6mbmJ6anpqXlGRsZmBowMBqZG+uCCCELiKf84weUTF5L5rDjUsjGxMVQklpQUGUJINkYo3whCIpW4wdvy34D1MDEwlDB4MDAwKEPMABWbbHjKY0Y2iBomsFoQS4MZj/JRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSMglEwCkbBKCAByDMwgkdBCQCjALBqQAAAAP//K/hxXQ==")
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000480))
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000002000))
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8}, 0x8}, 0x90)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4)

1m32.474650048s ago: executing program 5 (id=96):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x12)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000800)={0x0, 0x0, r6})
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$snddsp(r7, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)

1m28.267930029s ago: executing program 5 (id=106):
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="64697363617264000700000089bd47000000000000000000000000000000c0d7aecf05950ab7d689bb41012918d521428edf23582764292a5b70f182e5da325cc6a1e7be51ebcd00000000000000ef8a09f93326a37c6203a569725bb3f8902936d727b377c38328a16800639c2da42fb5a373d31b0e189df7a5b8963b40b15df6afce99b212e36055b1e7ae4e3f31a13f423dd3c5dda59616e2e5967e29ef9d303852c5dce92983e47ebdf0912e954f7a6653c738238b9adced9d82bd3c76b7142615e9de"], 0x1, 0xee2, &(0x7f0000001e80)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiPhjekBUQhQJcao4UHGhVEqRigSqVKGe2p5a9dYT6oVKVSoF9dBGSlzFeW+9O97XXY/tWXv395M+v33zZuf7xruYmcns2wCMrMbaz+PHF4oQ3v3snUdffqr45Nqyu1prHFr7WcReM4Qw0dYvStv7Ii64cumlU93aIhxd+5n64bGLrefOhBBWwqHweWiGj5aWv/rwvUcOf/z69C1vnX/mlR3a/ZbyfgAAwDC68Kflv933jz8+MH/5wsGTYaq1PB2fN2N/Jh73H4kHyul4uRE6+0VbtJssrTcWo1Fab6y03ngpz3gm30RpOxOZ9SZ75BtrW9ZtPwEAAGAvSue1zVA0Fjv6jcbi4vXz/mu+mJssFp87u3zm3IAKBQAAACr796trN90KIYQQQgghhBBiiGN1btBXIAAAAIBRU54vbIOV7Z2pq7W1Zn/5Lz7c6P582AZ1v//l31v5P3jNXxwAAKob1qPJtF/pODrNY1CeR3Cs9LzNHv83StsZ32SduXkF98p8g7k6y7/X3SpX/2Zfx0HJ1V+eD3O3ytVfnqdzt8rVP1VzHVXl6p+uuY6qcvXvq7mOqnL176+5jqpy9c/UXEdVufpna66jqlz9N9RcR1W5+g/UXEdVufr3ym21ufqbNddRVa7++ZrrqCpX/40111FVrv6baq6jqlz9N9dcx6DcGdv0eziYWW+myzndXjnHAwAAgFH3X/P/CSGEEEIIIYQQQx+vDvoCBAAAADBw6XMB6VPvq1EaH+sxPt4+Pr2+Qhqf6PH8yR7jUz3GAQAAgBB++8aZ294u1ue72+p8eGneqH3hk6uhwjxG5fkIN5t/q/OebTX/Xpm3DAAAgNFSfO/zq/c/+v4L85cvHDzZdvZ7NZ7vpnlAx+O1gU9jP90XMFvqF+kc+mRnnkZmvfL1gRty23t8izsKAAAAIyydvzdD0VhsO+9uhkZjcXH9fHwhTBRnzi6fPhL76ftZ/jA3MXVt+UM11w0AAAD0b/18v/v5f/oe34UwWSw+d3b5zLnr/dnW8olG+3WBufXlRft1gWZp+dHM8mOxn76/8wdz+9aWL5764fJT273zAAAAMCLOvXj+mSeXl0//yAMPPPCg9WDQf5kAAIDt9uWX70z8+Njs765//n99/rv0+f9Dsd+Mc/v9Oa6Q7hNInwPY8Hn9JzrzzOXWe75zvWZpvbEYU6W6p9u2E9bmG+x83nwuX7NzO5OZfDOlfLOlfOV5CsZL6xdd5hIMXeYnTOvNlZaX52EcL+UoSvnv7pILAAAAkqUXnn1+6dyL5x88++yTT59++vRzx46e+O6JE0ce+s5DS2v39S+1390PAAAA7EXrN/0OuhIAAAAAAAAAAAAAAAAAAAAYXXV8ndig9xEAAABG3b9eDSGsCJGJ9AWDg65D7OZYnRp8DcMdwX+HQgghhBBi67G6Wv6meQAAAICddeXSS6fa2w1Wim3N19pa83pzNeZN7eyDf52/Fmm1iw93Xi/Zv63VMOrqfv/Lv1vzT3Ud/+C17c0/nR70/fev0bmBkx29ff3mvXfplwvt+W8f7zN/ef8f7zdjp8Ol/PeG/vKvvl/K/0RHr9Fv/vtK+ff3mX/D/j/fb8ZO98f8C7F/+J5+83fuYnqXpv3o9w3w7dL+PxX6zV/a/2afCUseiPkBYBT1fcCyx6SjhHQ8PRP7aX/j4WYo3/2w2eP/Rmk741uuvHO76Tjo1thvHa+vdOZNNlt/+r3MxvaGinWW7ZW7SnL1b9fruNNy9U/UXEdVufona66jqlz93c/ed59c/dM111FVrv6+L0QMWK7+vXJdOVf/TM11VJWrf7bmOqrK1b/Z/48PSq7+AzXXUVWu/rma66gqV3/Fy2q1y9U/X3MdVeXqv7HmOqrK1X9TzXVUlav/5prrGJQ7Yps7H07nn3NxLPWbpf5Ul9/lsF5bAAAAgL3mn+b/E0IIIYQQYuTjP6vXDboOIcTOxerqoK9AMEg7+2lmAHYrf/9Hm9d/tHn9R5vXn/8n3cNflPrJWI/x8R7jEz3GJ0vj5ffrVI/xm0rbXU3XNaObe4x/Le5BbvxAj+ff2mN8ocf4bT3Gb+8xfkePcQAAAEbDLbF1fggAAADD6+Vfffrmb+594tL85QsHT4bJDfPOH4n9qfhv62/Efnne+2Qi/pv/T2L/F7H9fWz/Xlrf/ScAAACw89L3xPj3fwAAABhe6XtKnf8DAADA8JqPrfN/AAAAGF43xtb5PwAAAAyxYrr74tim6wJ3x7bfef0AgN3v67G9M7YHY3tXbL8R23QccE9sv1lTfQDA9vn593964u1ifb7/Y6XxK3F5ajdYuX6loGh0zuS/L7b7Y/utPuspfx9Av/mTA33m2an8c1vMDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMj8baz+PHF4oQ3v3snUd/NvnmX64tu6u1xqG1n0XsNUMIE63npdH1/q/jilcuvXSqvb0a2yIcDUUoWsvDYxdbmWZCCCvhUPg8NMNHS8tfffjeI4c/fn36lrfOP/PKDv4KOvYPAAAAhtH/AgAA//8EMCKu")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
ftruncate(r1, 0x2088002)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad122bc192, 0x10, r0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

1m27.30882774s ago: executing program 4 (id=108):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)={0x128, 0x1, 0x3, 0x0, 0x0, 0x0, {0x1}, [@NFQA_VLAN={0x24, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x6}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0xffff}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x3}, @NFQA_EXP={0xe8, 0xf, 0x0, 0x1, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x4}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x80000001}, @CTA_EXPECT_NAT={0x44, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @loopback}}}]}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_TUPLE={0x88, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x3b}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x90)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x3)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r3, 0x0)
syz_clone3(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000600)=ANY=[@ANYBLOB="000028000000e97c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0xc, 0xb, &(0x7f0000000080)=@framed={{}, [@printk={@p, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe02}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, &(0x7f0000000040)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x78, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x0, 0x7f, [{{0x9, 0x4, 0x0, 0x60, 0x1, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x4, 0x9, 0x1, {0x22, 0xea8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x2, 0xff, 0x5}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0xc0, 0x5, 0x10}}]}}}]}}]}}, &(0x7f0000000ac0)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x250, 0x3, 0x9, 0x0, 0x20, 0x13}, 0x10d, &(0x7f00000006c0)={0x5, 0xf, 0x10d, 0x4, [@ssp_cap={0x10, 0x10, 0xa, 0x0, 0x1, 0x7, 0xf0f, 0x8, [0x0]}, @wireless={0xb, 0x10, 0x1, 0x0, 0x1a0, 0x1, 0x7, 0x0, 0x31}, @generic={0xd9, 0x10, 0x1, "f4d79a38e37d4e7c4c7534d99169d838eece42292159f08e85649d54fb9e34248a562eb137dc39e713d0dd0601f6fe16c4bb74d64b6bf2bcfa74ff1c599d9f36b5a729337c2a8059c7f014a5667b17a10ba1b05385c385cad7c72a2143fe5757051f21a90167fed44ad6defacecf9ea9b627c3f0ad48b4c83e2ef4b14a0e14b5068db39a6d00009b0e1b330cb7cd8552790cdf45844d49fe0e737a912e9bab80d54f305cec5f1d9be654557253c7d0bb98a166eb5c626363b0da449c65e34fb10630070fd8d9ce5fa89df5b55209dad735c1ab05b785"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "f5b491c844725dc24af9d40b683920ae"}]}, 0x2, [{0x97, &(0x7f0000000a00)=@string={0x97, 0x3, "0ad5d8ae9e684e0a30f070f53ff736341b964647c968a70f9defdc4d52a339aa5744189d3c3aa37795525848c9d380ee97a18b3c7d3cf26110e31346abe547703c2faa1f1df9072bfb8ae7e4b5da45347a01024123ccb891d3d94afe5d688315bca20b7d5ea81ec595133868f50d9933807c777a7b1d46b5ab56921870c8cbebbb3492f1837cb007c7a8dc8b76de13792656cd157e"}}, {0x52, &(0x7f0000000940)=@string={0x52, 0x3, "740c70c7925f359605fd6e13f9a49bb8cc6779ce4797d52e98864a8fafbda53f4d40023f491e5902ec4c3d5eca38e967f19b11bc1061f60d665955170155609086f888c862bf7c7e941e5111bd6fa778"}}]})
syz_usb_control_io$hid(r4, &(0x7f0000000cc0)={0x14, &(0x7f0000000b00)={0x40, 0x1, 0x15, {0x15, 0x10, "39ce6439f4cb2fb4d11525b29da0ddab807a02"}}, &(0x7f0000000b40)={0x0, 0x3, 0xdd, @string={0xdd, 0x3, "8b90a94589fe11f5090446964ca1a0f0ef83a5b1ff40df87377318e65315ce326d9dddb78edccf9c3a48e79552f12fea532cda2cba04aa57dbf6f156d32f53c27f04812e00d2e5764cf0631624e562eac0dc13c7aef152fc84f33502bcf839f187c9d3dcf756ffeb7157c34fc254da6c0600e0ba9ab1498ab6a2c6f67c23986d7a04545ab609bea6f24f3253e9c591488a0ff281fe1fbc1343256fbb92b2c0865736040d490134e408846ff7ea5af11d512257dadee93da597085f6bc85a69ea208734a933b7379044c7e4d352a3561b219346f507aa9f9bad8f55"}}, &(0x7f0000000c40)={0x0, 0x22, 0xf, {[@global=@item_012={0x1, 0x1, 0x5, 'F'}, @main=@item_4={0x3, 0x0, 0xa, "ca01bac8"}, @global=@item_012={0x1, 0x1, 0xa, 'O'}, @local=@item_4={0x3, 0x2, 0x7, "1c695bdb"}, @main]}}, &(0x7f0000000c80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x8b, 0x1, {0x22, 0x322}}}}, &(0x7f0000000f40)={0x18, &(0x7f0000000d00)={0x40, 0xb, 0xbc, "51cc112b07afb479e328384366dbb3a6d97aa84a61a9080261e7528b5ff043dbb543269732bb2caab4288323649dcd9f4e282cdf590011d62ec26c4a714aae47b545d7b2e764e016e942f341cb7ec48f369cea3733abceb88b730c805541f0a25ccc9466ceebc7d26b56c88354d76aba71aba9847735be3de4ff54c9a35c399cda151ea37866d26b996e680d85357c55155fd34b27fced5b6e9d373c71db93c20723db5dfaa8716b99a2750c147cb60f623fee8bab60e7eca8b304c8"}, &(0x7f0000000e00)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000e40)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000e80)={0x20, 0x1, 0x43, "0b96094efaca44642c7896832d67ab1af053e2178c796a777a1276c134d26fe691cb7e69e86a2909cfb1cc3a44cd800d07c713300a9d6cbc8f7eba66d4d97124b2b0b0"}, &(0x7f0000000f00)={0x20, 0x3, 0x1, 0x7f}})
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = io_uring_setup(0x19ad, &(0x7f0000000100)={0x0, 0xd8fa, 0x400, 0x0, 0x203})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0)

1m22.936221949s ago: executing program 4 (id=119):
add_key$keyring(&(0x7f00000021c0), &(0x7f0000002200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0xff2e)
r2 = syz_open_pts(r1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000300))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000004c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)

1m21.696297074s ago: executing program 4 (id=121):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x5452, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$TUNATTACHFILTER(r3, 0x400454d1, &(0x7f00000000c0)={0x0, 0x0})

1m17.360089615s ago: executing program 4 (id=130):
syz_mount_image$ext4(&(0x7f0000000440)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2, &(0x7f0000000000)={[{@grpjquota}, {@dioread_nolock}, {@nomblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=")
r0 = epoll_create1(0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$inet(r4, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)="ba", 0x1}], 0x1}}], 0x1, 0x80)
open(0x0, 0x0, 0x1e)
ftruncate(0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x810800, &(0x7f0000000a00)=ANY=[@ANYRES32, @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,utf8,uid=', @ANYRESDEC, @ANYBLOB=',noadinicb,fileset=20000000000000000002\b\x00\x00\x00rtad,uid=forget,noadinicb,\x00'], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)=0x5)
syz_open_dev$video(0x0, 0x0, 0x2000)

1m13.894104138s ago: executing program 4 (id=135):
socket(0x10, 0x80002, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x4)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000000)={0x16a67fe12d5b9e8, 0x0, 0x90, 0x1f, r0})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.memory_migrate\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x6)
capset(&(0x7f0000000000)={0x20080522, r0}, &(0x7f0000000040)={0x7, 0x1, 0x6, 0x0, 0x1, 0xff})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/consoles\x00', 0x0, 0x0)
ioctl$VHOST_VDPA_GET_CONFIG(0xffffffffffffffff, 0x8008af73, 0x0)
r3 = creat(&(0x7f0000001040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
socket(0xb, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000340)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000180)={r6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000002780)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={r7, 0x3, r5, 0x5})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002c40)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="db900a068365f073cddefd61f066300e182b21d980012030df55b82c41033d5aaeda00cd85256fe24f52fcc1b7cefebee3aa77e24111dde46fe516cf43c603b5455140f2aef1a0269c6f191cb878a404498b54320bc04f3c9a18d1f827bc397dbe4059f61c69ef2334edad3ae0bc294a964d95c5169b3fcb4288ec0bb261f18fb7597c305f3ba8d77f5e4920e72a756bba470489654caedea75245f4834f5a3e47300be5e56620c51637593a6fa4fbcef79b38517fdde8a498"], 0x24}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r8, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8000c, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffd}, 0x48)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge0\x00'})

1m12.487959823s ago: executing program 4 (id=140):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)

51.399636264s ago: executing program 0 (id=168):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = io_uring_setup(0x3eae, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

48.633612297s ago: executing program 0 (id=171):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000080)={[{@nossd_spread}, {@nodatasum}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0xfd14)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
fallocate(r1, 0x10, 0x5, 0x1b7c)

46.555676945s ago: executing program 0 (id=173):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)={0x128, 0x1, 0x3, 0x0, 0x0, 0x0, {0x1}, [@NFQA_VLAN={0x24, 0x13, 0x0, 0x1, [@NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x6}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0xffff}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x3}, @NFQA_EXP={0xe8, 0xf, 0x0, 0x1, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x4}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x80000001}, @CTA_EXPECT_NAT={0x44, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @loopback}}}]}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_TUPLE={0x88, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x3b}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00'}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)
r1 = getpid()
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x90)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x3)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r3, 0x0)
syz_clone3(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000600)=ANY=[@ANYBLOB="000028000000e97c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0xc, 0xb, &(0x7f0000000080)=@framed={{}, [@printk={@p, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe02}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, &(0x7f0000000040)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x78, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x0, 0x7f, [{{0x9, 0x4, 0x0, 0x60, 0x1, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x4, 0x9, 0x1, {0x22, 0xea8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x2, 0xff, 0x5}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0xc0, 0x5, 0x10}}]}}}]}}]}}, &(0x7f0000000ac0)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x250, 0x3, 0x9, 0x0, 0x20, 0x13}, 0x10d, &(0x7f00000006c0)={0x5, 0xf, 0x10d, 0x4, [@ssp_cap={0x10, 0x10, 0xa, 0x0, 0x1, 0x7, 0xf0f, 0x8, [0xc03f]}, @wireless={0xb, 0x10, 0x1, 0x0, 0x1a0, 0x1, 0x7, 0x0, 0x31}, @generic={0xd9, 0x10, 0x1, "f4d79a38e37d4e7c4c7534d99169d838eece42292159f08e85649d54fb9e34248a562eb137dc39e713d0dd0601f6fe16c4bb74d64b6bf2bcfa74ff1c599d9f36b5a729337c2a8059c7f014a5667b17a10ba1b05385c385cad7c72a2143fe5757051f21a90167fed44ad6defacecf9ea9b627c3f0ad48b4c83e2ef4b14a0e14b5068db39a6d00009b0e1b330cb7cd8552790cdf45844d49fe0e737a912e9bab80d54f305cec5f1d9be654557253c7d0bb98a166eb5c626363b0da449c65e34fb10630070fd8d9ce5fa89df5b55209dad735c1ab05b785"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "f5b491c844725dc24af9d40b683920ae"}]}, 0x2, [{0x97, &(0x7f0000000a00)=@string={0x97, 0x3, "0ad5d8ae9e684e0a30f070f53ff736341b964647c968a70f9defdc4d52a339aa5744189d3c3aa37795525848c9d380ee97a18b3c7d3cf26110e31346abe547703c2faa1f1df9072bfb8ae7e4b5da45347a01024123ccb891d3d94afe5d688315bca20b7d5ea81ec595133868f50d9933807c777a7b1d46b5ab56921870c8cbebbb3492f1837cb007c7a8dc8b76de13792656cd157e"}}, {0x0, 0x0}]})
syz_usb_control_io$hid(r4, &(0x7f0000000cc0)={0x14, &(0x7f0000000b00)={0x40, 0x1, 0x15, {0x15, 0x10, "39ce6439f4cb2fb4d11525b29da0ddab807a02"}}, &(0x7f0000000b40)={0x0, 0x3, 0xdd, @string={0xdd, 0x3, "8b90a94589fe11f5090446964ca1a0f0ef83a5b1ff40df87377318e65315ce326d9dddb78edccf9c3a48e79552f12fea532cda2cba04aa57dbf6f156d32f53c27f04812e00d2e5764cf0631624e562eac0dc13c7aef152fc84f33502bcf839f187c9d3dcf756ffeb7157c34fc254da6c0600e0ba9ab1498ab6a2c6f67c23986d7a04545ab609bea6f24f3253e9c591488a0ff281fe1fbc1343256fbb92b2c0865736040d490134e408846ff7ea5af11d512257dadee93da597085f6bc85a69ea208734a933b7379044c7e4d352a3561b219346f507aa9f9bad8f55"}}, &(0x7f0000000c40)={0x0, 0x22, 0xf, {[@global=@item_012={0x1, 0x1, 0x5, 'F'}, @main=@item_4={0x3, 0x0, 0xa, "ca01bac8"}, @global=@item_012={0x1, 0x1, 0xa, 'O'}, @local=@item_4={0x3, 0x2, 0x7, "1c695bdb"}, @main]}}, &(0x7f0000000c80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x8b, 0x1, {0x22, 0x322}}}}, &(0x7f0000000f40)={0x18, &(0x7f0000000d00)={0x40, 0xb, 0xbc, "51cc112b07afb479e328384366dbb3a6d97aa84a61a9080261e7528b5ff043dbb543269732bb2caab4288323649dcd9f4e282cdf590011d62ec26c4a714aae47b545d7b2e764e016e942f341cb7ec48f369cea3733abceb88b730c805541f0a25ccc9466ceebc7d26b56c88354d76aba71aba9847735be3de4ff54c9a35c399cda151ea37866d26b996e680d85357c55155fd34b27fced5b6e9d373c71db93c20723db5dfaa8716b99a2750c147cb60f623fee8bab60e7eca8b304c8"}, &(0x7f0000000e00)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000e40)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000e80)={0x20, 0x1, 0x43, "0b96094efaca44642c7896832d67ab1af053e2178c796a777a1276c134d26fe691cb7e69e86a2909cfb1cc3a44cd800d07c713300a9d6cbc8f7eba66d4d97124b2b0b0"}, &(0x7f0000000f00)={0x20, 0x3, 0x1, 0x7f}})
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = io_uring_setup(0x19ad, &(0x7f0000000100)={0x0, 0xd8fa, 0x400, 0x0, 0x203})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c831, 0xffffffffffffffff, 0x0)

42.31264971s ago: executing program 0 (id=180):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = io_uring_setup(0x3eae, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

40.139483423s ago: executing program 0 (id=183):
signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x17b, &(0x7f0000000740)="$eJzslL1OOkEUxc/M8oc/xiewsZBELFx2FzU2FDRWFiZ+EAsTiawEXcTAFkJi4RP4DBa+h7Y+hEEbbbDSes18AKMBNCZKjPdX3D2zc+funbvJAUEQf5b7u5d29Jx7sABMIoWEfv9o9XO4kX/7/+n0enWlcL5zeZNo28lBNaPo89+PAbjKWwh7Z9+eTunnBnhPb4JjTusCGGytd8GxpbUPhm2tDwxdE/m2vV8JfHuvFpSEcERwRfBEyL7vr3PGUDL6Y8Z+o9k6LAaBX/9G8dH8OnmOnNGf+b+6s3GM+bngcLXOgmFd62UkurNRIzHuPxXr17d++P4kSJD4baLvT9EFw6zhTzHDPzJh9TjTaLbmK9Vi2S/7R56XXXIWHGfRy0gjUnGE/yWlP00Y9f8NyY2zOE6KYVh3VeytPRUHOS6X/seRnlFr4f3xod2ofabPManS1oh0giCIsTENJj1T+nI0FG9t3I0SBEEQBEEQBEEQBPFlXgMAAP//ibN3Cw==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000003c80)={0x2020}, 0x2020)

39.640003956s ago: executing program 0 (id=184):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)

15.580893388s ago: executing program 3 (id=211):
syz_mount_image$ext4(&(0x7f0000000440)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2, &(0x7f0000000000)={[{@grpjquota}, {@dioread_nolock}, {@nomblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=")
r0 = epoll_create1(0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$inet(r4, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)="ba", 0x1}, {&(0x7f00000005c0)}], 0x2}}], 0x1, 0x80)
open(0x0, 0x0, 0x1e)
ftruncate(0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x810800, &(0x7f0000000a00)=ANY=[@ANYRES32, @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,utf8,uid=', @ANYRESDEC, @ANYBLOB=',noadinicb,fileset=20000000000000000002\b\x00\x00\x00rtad,uid=forget,noadinicb,\x00'], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)=0x5)
syz_open_dev$video(0x0, 0x0, 0x2000)

13.926344314s ago: executing program 3 (id=212):
syz_open_dev$swradio(&(0x7f0000001180), 0x0, 0x2)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000001280)={0xa, @sdr})

13.540100752s ago: executing program 3 (id=213):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = io_uring_setup(0x3eae, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

13.264735189s ago: executing program 3 (id=214):
socket(0x10, 0x80002, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x4)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000000)={0x16a67fe12d5b9e8, 0x0, 0x90, 0x1f, r0})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.memory_migrate\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x6)
capset(&(0x7f0000000000)={0x20080522, r0}, &(0x7f0000000040)={0x7, 0x1, 0x6, 0x0, 0x1, 0xff})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/consoles\x00', 0x0, 0x0)
ioctl$VHOST_VDPA_GET_CONFIG(0xffffffffffffffff, 0x8008af73, 0x0)
r3 = creat(&(0x7f0000001040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071121500000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
socket(0xb, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000340)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000180)={r6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000002780)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={r7, 0x3, r5, 0x5})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002c40)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="db900a068365f073cddefd61f066300e182b21d980012030df55b82c41033d5aaeda00cd85256fe24f52fcc1b7cefebee3aa77e24111dde46fe516cf43c603b5455140f2aef1a0269c6f191cb878a404498b54320bc04f3c9a18d1f827bc397dbe4059f61c69ef2334edad3ae0bc294a964d95c5169b3fcb4288ec0bb261f18fb7597c305f3ba8d77f5e4920e72a756bba470489654caedea75245f4834f5a3e47300be5e56620c51637593a6fa4fbcef79b38517fdde8a498"], 0x24}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r8, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8000c, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffd}, 0x48)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge0\x00'})

12.13608469s ago: executing program 3 (id=216):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000080)={[{@nossd_spread}, {@nodatasum}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0xfd14)
open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
fallocate(0xffffffffffffffff, 0x10, 0x5, 0x1b7c)

10.301303327s ago: executing program 3 (id=217):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr]}}, 0x0, 0x26}, 0x20)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
unshare(0x40000000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r1)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x64, r4, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}]}, 0x64}}, 0x20040001)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0x6e)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x4000001b})
socket(0x0, 0x0, 0x0)
epoll_pwait(r6, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0)
listen(r2, 0x0)
connect$unix(r1, &(0x7f0000000640)=@file={0x1}, 0x6e)
connect$unix(r1, &(0x7f0000000280)=@file={0x1}, 0x6e)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x1, &(0x7f0000001500)=@raw=[@exit], &(0x7f0000001680)='syzkaller\x00', 0x6, 0xad, &(0x7f00000016c0)=""/173}, 0x50)
r7 = fcntl$dupfd(r2, 0x0, r1)
listen(r7, 0xa0f)

5.02369579s ago: executing program 1 (id=223):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x4, [{0x0, 0x2}]}, @enum]}}, &(0x7f0000000080)=""/227, 0x3e, 0xe3}, 0x20)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, r0, 0x1, 0x1}, 0x48)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x4, @broadcast, 'wlan1\x00'}}, 0x1e)
sendmmsg(r1, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000940)='!A', 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b40)=[{0x0}], 0x1}}], 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000100)={0x28, 0x0, r3, 0x0, &(0x7f0000000180)="9c", 0x1})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r2, 0x3b82, &(0x7f0000000240)={0x18, r3, 0x1, 0x0, &(0x7f0000000080)=[{0x3cc5, 0x5e97}]})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000140)={0x28, 0x0, r3, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000})
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001280)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x6}, 0x90)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70300000000000085000000ae000000b7"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000480)='./file0\x00', 0x1008a, &(0x7f00000011c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x101}}, {@usrjquota, 0x22}, {@journal_checksum}, {@acl}, {@data_err_ignore}, {@grpjquota, 0x22}, {@dioread_nolock}, {@sb}, {@jqfmt_vfsv1}]}, 0xfe, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
lseek(r6, 0x0, 0x3)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0x1c, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a847", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, &(0x7f0000000000))
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e23, @loopback}}, 0x6, 0x1f, 0xfffffffe, 0x3, 0x20, 0x1, 0x6}, &(0x7f0000000000)=0x9c)

3.126215892s ago: executing program 1 (id=224):
socket(0x10, 0x80002, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x4)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000000)={0x16a67fe12d5b9e8, 0x0, 0x90, 0x1f, r0})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.memory_migrate\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x6)
capset(&(0x7f0000000000)={0x20080522, r0}, &(0x7f0000000040)={0x7, 0x1, 0x6, 0x0, 0x1, 0xff})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/consoles\x00', 0x0, 0x0)
ioctl$VHOST_VDPA_GET_CONFIG(0xffffffffffffffff, 0x8008af73, 0x0)
r3 = creat(&(0x7f0000001040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071121500000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
socket(0xb, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000340)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000180)={r6})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000002780)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={r7, 0x3, r5, 0x5})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002c40)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="db900a068365f073cddefd61f066300e182b21d980012030df55b82c41033d5aaeda00cd85256fe24f52fcc1b7cefebee3aa77e24111dde46fe516cf43c603b5455140f2aef1a0269c6f191cb878a404498b54320bc04f3c9a18d1f827bc397dbe4059f61c69ef2334edad3ae0bc294a964d95c5169b3fcb4288ec0bb261f18fb7597c305f3ba8d77f5e4920e72a756bba470489654caedea75245f4834f5a3e47300be5e56620c51637593a6fa4fbcef79b38517fdde8a498"], 0x24}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r8, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8000c, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffd}, 0x48)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge0\x00'})

2.177313186s ago: executing program 1 (id=225):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000080)={[{@nossd_spread}, {@nodatasum}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@acl}, {@nodiscard}]}, 0xfb, 0x50f9, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734d2FpAqhUbJJahw38Xptk4daqqwpVSPSNOuGBlURxcZek8ULdmxTYhQiYxPRCEFpg5R8KMIoimo+QK1ARFJAuEhxhMojoioKIFBoDVEQKSWJSBOkUM3ee2bvnLvz8GONl/5+knfOzP887zw859475wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP8Ph75y1d82iz/82/Oefu7Cicv2rrvw5WvOO/3xECZnH+/Iwh3919868fM7z71r731rbrvnyPkf7M3L5fEwUP3Tmd+5LtZ6ZGkI93aE0J0GVg5mgZ78/mCs712DIZwW5gK1ElP9WYm04fD9vhD2h7lArarv9YUwWAhc8MRDD95YTdzSF8KyEEIlbePZStZGXxo4qzcL9KeBbd1Z4FdvZGqB73ZmAThu8c1Qe9EfnKzPMDJ/uQavv54T1rE3Vzq8rpgYaZzvZ+sWuFMFvekDk8f1tJWqY0GU3h6HvNsWwbuttJ1v9rQVv0jl31DemAtVQufmqS0br5zZFR/pDGNjXY1qWqDn+alXv7TpaNKL5nUYOzByQl6HNz227M6uFZ969J6Vy1488KF9Lx1vN39U2KTF9EKrhPw1t2iex2jC58kiePuVviWN+tIVQtjy+d/7dLN4af4/0nz+H1/O8bazLnes9fWhbG4eHxmMiVeGsrk5AAAALBqLYa/ptrEHPlYoPlxJ6ivN/0fbO/4fD/nnk/lstIdCmJhN7BsO4YzZx7PAHbG5S4ZDeO9sarI+sC4JHArhnbOJFbWqkhJLYonRJPCToTwwkQQOx8BkEvhWDNycBK6LgYNJYFMMHEoC58ZAmK4fx+8P5eNoO9AXAxuyjXgwnoXwi6HYWrKtnqlVBQAAcILks8Oe+ruFcx2ON0OcXh7sa5UhnoHdMEMlqSGdwdamVQ1r6G5VQ2erGmrj3tN8+KWaO1rVXDoNo6M+w62//JvPhCZK8//x5vP/yjwd6Sgd/w9h/ezfmLszj8zU4hsm6zIAAAAAx2Hgf5//ZrN4af4/0d75/3GfSFchc3gk7obYOhzCeH0gq/YPy4HsqPdAHgAAAIDFoHY8vnYsfDq/zU7RTufT5fyTR5k/HvifmDd/76H7NzTrb2n+P9ne+f/99bdZJw7HXnxtOIQlhcAPYi+rgVmjMfDjj9cH8vEfjhvghlhVfmJCraobYokNMTCeBPY3KvHDWokz6gP5k1VrfF9tHNN5iUIAAAAATrq4OyAel4/n/7/vN2uualauNP/fcHTn/8/Og0un988MhLCqO4Su9IcBj/RnCwPGwGBHnnigP6urK63q2v4QzqkOLK3q+Xz9/+50jcEn+rKqYuCM9x149axq4pt9IawqBp783O0friZ2JYFa43/ZF8J7qqNNG//OkqzxnrTxry8J4d2FQK2qS5aEUG2sN63qoUp+HYO0qn+uhPC2QqBW1UcqIewOACxS8b/SzcUHd+6+euvGmZmpHQuYiPvw+8KW6ZmpsU3bZjZXGvRpc9LnumWMri2Pqd0r3zyTL1H02bvXD7aTrv1OcLzYVr4fv3TiYH4/fhfqmR3nmp66u2vTIX/g/eUmQuGbVKMhdy7wkPuLlcw9iaX6Y/7eMBCWXLlzasfYFzfu2rVjdfa33exrsr/xMFO2rVan26p/vr618fJouFpW4li31fJiJat2Xb591c7dV6+cvnzjpVOXTl2x+iNrxs8eXzv+0bNXVUc1nv1tMdTl81WdDPWN29sc1wkc6pndhUpOxqeGhITEYktsG1je9P/k0vx/e/P5f/zUiZ/8+foMjY7/j8TD/Nnjc4f5N8TA/naP/480OppfOzFgNAnsiYE9DvMDAADw1hAn+XFvZtwr/dMV33mxWbnS/H9Pe7//P0Hr/9eWrj+/0TL/K2KJ8Ubr/6fL/NfW/9/TaP3/dJn/2vr/+9+E9f+vrAWSTfIL6/8DAABvBSdv/f+Wy/unFwgoZWi5vH96gYBShpbL+Ld7gYCjXv//2f/8q/8OTZTm/ze3N/+3cD8AAACcOr78Z1f9TrN4af6/v735/8lf/y80Ov9/tFFgstHCgNb/AwAAYJFqtP7fyPX9FzcrV5r/H2xv/h9Pu+isyx1rfX0oW9MupGvavTJU+8kAAAAALA6dYWysp828dSujrjv2Np/KlwJtli56/k+OHN35/4fam//X/S7jpseW3dm14lOPvn7PymUvHvjQvpfmjv8DAAAAC6fd/RIAAAAAAAAAAAAAAMCb7/n/2Lu2Wbz0+/+wfvbxRr//j9f9i78veHtd7lhr6/X/8vsXfPKu3bNLFj4yFML7i4Gte7eeFvJr8y8vBh68aMU7qom9aYn7nzv3hWri4jTwiZWnv1ZNnJMENsRFEt+ZBuJVFV9bmgTi8or/ngbi9jiYBnrzwFeXZuPoSLfVTwezbdWRbqunB0MYLgRq2+rewayNjnSAtySB2gC/kAbiAP88D3SmvbprIOtVDAzGorcNZL0CAOCUFb8F9oQt0zNT4/ErfLw9s7v+NqpbsuzacrUdbTb/TL402WfvXj/YTror/S46d63xnlCpDmF16etqMUvH7ChPTC0tNt3bGwy51WpvnQ3KpY520/U2HlFfNqKxTdtmNve0HPja1lnWdLfMsro02Slm6ZzdpG3U0kZf2hhRm9umjS7H+51hbKwryfUHMTgS6rR6RbT7e/3iOn+NXgXFPFcc2ferZvWV5v8j7c3/K8VxvZZfDGBPvLLe3w1b5h8AAAAW1lfX/fob8d9nrn/4yWZ5S/P/0fbm/3EPVn4oONvbcShe/3/fcAizl9YfyQJ3xOYuGQ7hvbOpyVgiu6D++bHEeBa4I+4wWRFLbJisr2pJDBxMAj8ZygOHksDhGMj3UhwI+a6cvx8K4cOzqfX1JbbHEiNJ4NMxMJoExmJgPAksjYGJJPDy0jwwmQT+LQbCdP22untpvq0AAACORj7P6qm/G9J53sHuVhk6WmXob5Whs1WGSqsMjUYR7387ZuhJTl7pKGTqSWvtS2opZYgXwz/qfpUyhB/W50wLlpqO5x/UzjfoqM9w38e6K6GJ0vx/vL35f3/9bdb64Tj/n7v+Xxb4Qeze1+Kp46Mx8OOP1wfyHQOH42T3hlpVk3mJfNJ+QywxEQOjSWB7DEwkgQ3r88D+d9QH8pl2rfF9tcan8xKFAAAAAJx0cQdB3E0T5/+37fzKQLNypfn/RHvz/9jeQLGx62KtR5aGcG/HXG9qgZWDWSDuxxiMP49/12AIpxV2cNRKTPVnJXqThsP3+7JfqPemVX2vL/vxQbx/wRMPPXhjNXFLXwjLCntfam08W8na6EsDZ/Vmgf40sK07C8Q9P7XAdzuzABy32l7B+ILKT3WpGZm/XIPX31vlmqDp8Er7QOfJN99vrhZKaYdrvk+15uietqb7bzlhSm+PQ95ti/HdNuLdVvwilX9DeWMuVAmdm6e2bLxyZld8pPhL1pIFep6Lv1JtJ30CXod7jr23rVXSDownHx/j85eb/3XYEau76bFld3at+NSj96xc9uKBD+17qe1uNBB/KPzQNf86+KPC5l1olZC/5hbd58mkz5NF8d9A8u4e9bSFENa//PUbmsVL8//J9ub/3cntrF/HjblzOIQPFDbuI3Hz//Fw9jlYCGSfkm8rB7JD7v811PCTEwAAAE602u6O2v6C6fw2OyE8nSeX808eZf64v2Ji3vzt9rv/ry9a1ixemv9vaD7/X5J00/F/x/9ZII7/z+tU3xW9JH1gz3Htii5Vx4Jw/H9ep/q7zfH/eTn+7/j/fBz/b8Hx/3md6k9b6VvSdl+6Qggv/tEDTzeLl+b/29ub/1v/b/5F+2rr/21otP7f9kbr/+2x/h8AALCgGiw0l87zSqv3lTKkq/eVMrRcILDlEoPW/zvq9f9eOPPZ34QmSvP/Pe3N/+PLYaDY+mJZ/290fYOqbo6B7RYGBAAA4FTUaAcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb677/uF/NjeLP/zb855+7sKJy/auu/Dla847/fEQpmcf78jCHf3X3zrx8zvPvWvvfWtuu+fI+R+s5OV68tvfrcsda319KIT9hUcGY+KVoeqducAFn7xrd3c18chQCO8vBrbu3XpaNfGtoRCWFwMPXrTiHdXE3rTE/c+d+0I1cXEa+MTK01+rJs7JAx1pd/9xadbdjrS7Ny4NYbgQqHX3sqX1VdXa+NM80Jm28U+DWRsxMBiLfmMwayMGZmKJ6SUhrOoOoSut6uFKVlVXWtW/VLKqutKqvlwJ4ZwQQnda1XO9WVXd6cgf782qioEz3nfg1bOqif29IawqBp783O0fria+kARqjf9Fbwjvqb5k0sa/3ZM13pM2fktPCO8OIfSmJX7ZnZXoTUs83x3C2wqBWuOf7w5hd+AtIX741H2i7dx99daNMzNTOxYw0Zu31Re2TM9MjW3aNrO5kvSpkY5C+o1rj33sz7z6pU3V28/evX6wnXR3Xq5ntstreururj3Vex/71V+sZO75KNUf8/eGgbDkyp1TO8a+uHHXrh2rs7/tZl+T/e3Ko9m2Wr1YttXyYiWrdl2+fdXO3VevnL5846VTl05dsfoja8bPHl87/tGzV1VHNZ79PRFDvf3kD/XM7kIlJ+MDQEJCYrElOus+3cZP9Q/y0hf9uY72hMrsB3RpWlHM0jE7yhMx6HXHOOJj+Z7SckSrSxOHUpY182S5tj7L2tJkYq6WvizL7Pe60uSw2Fjn7CaN9zvD2FhXo+0wUn+3uHl/dhyb96l807WbBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRg9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHApAAD//7IeJCA=")
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0xfd14)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
fallocate(r1, 0x0, 0x5, 0x1b7c)

859.390001ms ago: executing program 1 (id=226):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000005c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000680)={{0x7}})

221.221306ms ago: executing program 1 (id=227):
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x74, 0x2}})
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000100))
write$char_usb(r0, &(0x7f0000000040)="e2", 0x1068)

0s ago: executing program 1 (id=229):
syz_mount_image$ext4(&(0x7f0000000440)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2, &(0x7f0000000000)={[{@grpjquota}, {@dioread_nolock}, {@nomblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=")
r0 = epoll_create1(0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$inet(r4, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000005c0)='0', 0x1}], 0x1}}], 0x1, 0x80)
open(0x0, 0x0, 0x1e)
ftruncate(0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', 0x810800, &(0x7f0000000a00)=ANY=[@ANYRES32, @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,utf8,uid=', @ANYRESDEC, @ANYBLOB=',noadinicb,fileset=20000000000000000002\b\x00\x00\x00rtad,uid=forget,noadinicb,\x00'], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)=0x5)
syz_open_dev$video(0x0, 0x0, 0x2000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.182' (ED25519) to the list of known hosts.
[  101.939833][  T925] cfg80211: failed to load regulatory.db
[  101.977400][ T5079] cgroup: Unknown subsys name 'net'
[  102.135417][ T5079] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  104.288992][ T5079] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  108.518426][ T5093] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.530899][ T5093] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.541142][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.551588][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.572039][ T5097] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  108.618058][ T5107] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  108.626208][ T5107] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  108.635788][ T5107] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  108.648778][ T5107] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  108.654618][ T5109] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  108.674057][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  108.675266][ T5111] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  108.683658][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.688991][ T5107] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  108.702977][ T5107] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  108.711936][ T5110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  108.714292][ T5111] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  108.720446][ T5110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  108.728253][ T5107] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  108.737011][ T5110] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  108.747408][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  108.753419][ T5110] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  108.758130][ T5107] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  108.768800][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  108.770758][ T5107] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  108.779244][ T5110] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  108.783988][ T5107] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  108.791625][ T5110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  108.805245][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  108.806584][ T5097] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  108.821042][ T5110] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  108.821051][ T5097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  108.821747][ T5097] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  108.849715][ T5107] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  108.858215][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  108.867134][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  110.295874][ T5090] chnl_net:caif_netlink_parms(): no params data found
[  110.327580][ T5096] chnl_net:caif_netlink_parms(): no params data found
[  110.389713][ T5094] chnl_net:caif_netlink_parms(): no params data found
[  110.560499][ T5095] chnl_net:caif_netlink_parms(): no params data found
[  110.728583][   T53] Bluetooth: hci0: command tx timeout
[  110.807939][   T53] Bluetooth: hci3: command tx timeout
[  110.823276][ T5101] chnl_net:caif_netlink_parms(): no params data found
[  110.888316][ T5104] Bluetooth: hci1: command tx timeout
[  110.894128][ T5104] Bluetooth: hci4: command tx timeout
[  110.900624][   T53] Bluetooth: hci5: command tx timeout
[  110.969758][   T53] Bluetooth: hci2: command tx timeout
[  110.980692][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.991282][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.999618][ T5096] bridge_slave_0: entered allmulticast mode
[  111.009499][ T5096] bridge_slave_0: entered promiscuous mode
[  111.022573][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.029981][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.038185][ T5096] bridge_slave_1: entered allmulticast mode
[  111.047943][ T5096] bridge_slave_1: entered promiscuous mode
[  111.084716][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.092777][ T5090] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.100810][ T5090] bridge_slave_0: entered allmulticast mode
[  111.109840][ T5090] bridge_slave_0: entered promiscuous mode
[  111.121694][ T5090] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.129405][ T5090] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.137816][ T5090] bridge_slave_1: entered allmulticast mode
[  111.146006][ T5090] bridge_slave_1: entered promiscuous mode
[  111.348992][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.356435][ T5094] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.363924][ T5094] bridge_slave_0: entered allmulticast mode
[  111.373288][ T5094] bridge_slave_0: entered promiscuous mode
[  111.453218][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.462725][ T5098] chnl_net:caif_netlink_parms(): no params data found
[  111.481464][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.489011][ T5094] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.496348][ T5094] bridge_slave_1: entered allmulticast mode
[  111.506636][ T5094] bridge_slave_1: entered promiscuous mode
[  111.519786][ T5090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.535835][ T5090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.554919][ T5095] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.562947][ T5095] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.570718][ T5095] bridge_slave_0: entered allmulticast mode
[  111.580376][ T5095] bridge_slave_0: entered promiscuous mode
[  111.595328][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.740629][ T5095] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.750040][ T5095] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.757531][ T5095] bridge_slave_1: entered allmulticast mode
[  111.765783][ T5095] bridge_slave_1: entered promiscuous mode
[  111.809107][ T5096] team0: Port device team_slave_0 added
[  111.869255][ T5094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.884196][ T5094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.972650][ T5096] team0: Port device team_slave_1 added
[  112.061016][ T5090] team0: Port device team_slave_0 added
[  112.094446][ T5101] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.101916][ T5101] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.109909][ T5101] bridge_slave_0: entered allmulticast mode
[  112.119324][ T5101] bridge_slave_0: entered promiscuous mode
[  112.199911][ T5094] team0: Port device team_slave_0 added
[  112.210619][ T5090] team0: Port device team_slave_1 added
[  112.218641][ T5101] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.226098][ T5101] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.234291][ T5101] bridge_slave_1: entered allmulticast mode
[  112.243648][ T5101] bridge_slave_1: entered promiscuous mode
[  112.258310][ T5095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.320362][ T5094] team0: Port device team_slave_1 added
[  112.424730][ T5095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.464493][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.473665][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.501171][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.636128][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.643579][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.672174][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.696338][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.704119][ T5098] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.712373][ T5098] bridge_slave_0: entered allmulticast mode
[  112.721096][ T5098] bridge_slave_0: entered promiscuous mode
[  112.732498][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.739844][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.766535][ T5094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.779210][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.786278][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.812246][   T53] Bluetooth: hci0: command tx timeout
[  112.820790][ T5090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.838873][ T5101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.855431][ T5095] team0: Port device team_slave_0 added
[  112.867574][ T5095] team0: Port device team_slave_1 added
[  112.888744][   T53] Bluetooth: hci3: command tx timeout
[  112.931922][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.939430][ T5098] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.946803][ T5098] bridge_slave_1: entered allmulticast mode
[  112.954804][ T5098] bridge_slave_1: entered promiscuous mode
[  112.966803][   T53] Bluetooth: hci5: command tx timeout
[  112.968032][ T5104] Bluetooth: hci4: command tx timeout
[  112.972332][   T53] Bluetooth: hci1: command tx timeout
[  113.012756][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.020104][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.046568][ T5094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.057689][   T53] Bluetooth: hci2: command tx timeout
[  113.065860][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.073128][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.099176][ T5090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.125913][ T5101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.165441][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.172684][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.198914][ T5095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.215627][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.222724][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.249781][ T5095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.425865][ T5098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.443337][ T5098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.493256][ T5094] hsr_slave_0: entered promiscuous mode
[  113.501034][ T5094] hsr_slave_1: entered promiscuous mode
[  113.547851][ T5096] hsr_slave_0: entered promiscuous mode
[  113.555173][ T5096] hsr_slave_1: entered promiscuous mode
[  113.562756][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.571209][ T5096] Cannot create hsr debugfs directory
[  113.653558][ T5098] team0: Port device team_slave_0 added
[  113.667299][ T5098] team0: Port device team_slave_1 added
[  113.680425][ T5101] team0: Port device team_slave_0 added
[  113.809085][ T5101] team0: Port device team_slave_1 added
[  113.886257][ T5090] hsr_slave_0: entered promiscuous mode
[  113.894065][ T5090] hsr_slave_1: entered promiscuous mode
[  113.905350][ T5090] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.913311][ T5090] Cannot create hsr debugfs directory
[  114.038716][ T5095] hsr_slave_0: entered promiscuous mode
[  114.048550][ T5095] hsr_slave_1: entered promiscuous mode
[  114.055624][ T5095] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.064352][ T5095] Cannot create hsr debugfs directory
[  114.095799][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.103567][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.130682][ T5098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.143408][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.150964][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.178003][ T5101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.193075][ T5101] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.200333][ T5101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.227770][ T5101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.315804][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.323318][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.351415][ T5098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.696305][ T5101] hsr_slave_0: entered promiscuous mode
[  114.707156][ T5101] hsr_slave_1: entered promiscuous mode
[  114.716056][ T5101] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.723855][ T5101] Cannot create hsr debugfs directory
[  114.893222][   T53] Bluetooth: hci0: command tx timeout
[  114.966671][   T53] Bluetooth: hci3: command tx timeout
[  114.970116][ T5098] hsr_slave_0: entered promiscuous mode
[  114.981509][ T5098] hsr_slave_1: entered promiscuous mode
[  114.989040][ T5098] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.997939][ T5098] Cannot create hsr debugfs directory
[  115.047180][   T53] Bluetooth: hci1: command tx timeout
[  115.047203][ T5104] Bluetooth: hci4: command tx timeout
[  115.047267][ T5104] Bluetooth: hci5: command tx timeout
[  115.126848][ T5104] Bluetooth: hci2: command tx timeout
[  115.747255][ T5096] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  115.775428][ T5096] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  115.813196][ T5096] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  115.829184][ T5096] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  115.990982][ T5090] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  116.017982][ T5090] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  116.037992][ T5090] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  116.062777][ T5090] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  116.199266][ T5095] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  116.262953][ T5095] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  116.331261][ T5095] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  116.346787][ T5095] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  116.394734][ T5101] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  116.432490][ T5101] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  116.447804][ T5101] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  116.465070][ T5101] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.775958][ T5098] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  116.799933][ T5098] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  116.843752][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.884219][ T5098] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  116.902994][ T5098] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  116.981441][ T5104] Bluetooth: hci0: command tx timeout
[  117.064098][ T5104] Bluetooth: hci3: command tx timeout
[  117.127090][ T5104] Bluetooth: hci1: command tx timeout
[  117.127121][ T5097] Bluetooth: hci5: command tx timeout
[  117.132588][ T5104] Bluetooth: hci4: command tx timeout
[  117.185265][ T5094] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  117.204403][ T5094] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  117.212008][ T5104] Bluetooth: hci2: command tx timeout
[  117.234539][ T5094] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  117.275866][ T5094] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  117.333375][ T5096] 8021q: adding VLAN 0 to HW filter on device team0
[  117.365536][ T5090] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.464615][  T780] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.472388][  T780] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.544964][  T780] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.552571][  T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.615617][ T5090] 8021q: adding VLAN 0 to HW filter on device team0
[  117.644612][ T5095] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.704531][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.711872][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.762118][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.769442][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.965453][ T5095] 8021q: adding VLAN 0 to HW filter on device team0
[  118.015877][ T5096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  118.099597][  T925] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.107690][  T925] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.175530][ T5101] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.229970][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.237350][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.395621][ T5098] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.514265][ T5101] 8021q: adding VLAN 0 to HW filter on device team0
[  118.578196][ T5098] 8021q: adding VLAN 0 to HW filter on device team0
[  118.642738][ T5159] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.650006][ T5159] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.739157][ T5159] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.746553][ T5159] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.872209][ T5095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  118.919693][ T5159] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.927090][ T5159] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.952126][ T5159] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.959478][ T5159] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.001459][ T5094] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.032643][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.265096][ T5094] 8021q: adding VLAN 0 to HW filter on device team0
[  119.375040][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.382428][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  119.504171][  T780] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.511669][  T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.651309][ T5090] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.701299][ T5095] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.900751][ T5096] veth0_vlan: entered promiscuous mode
[  120.033822][ T5096] veth1_vlan: entered promiscuous mode
[  120.280118][ T5095] veth0_vlan: entered promiscuous mode
[  120.469262][ T5095] veth1_vlan: entered promiscuous mode
[  120.631854][ T5096] veth0_macvtap: entered promiscuous mode
[  120.726076][ T5098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.798652][ T5096] veth1_macvtap: entered promiscuous mode
[  120.881576][ T5095] veth0_macvtap: entered promiscuous mode
[  120.927902][ T5095] veth1_macvtap: entered promiscuous mode
[  120.944333][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.037899][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.059068][ T5094] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.149648][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.216040][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.229305][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.246187][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.323027][ T5096] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.345537][ T5096] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.357830][ T5096] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.367981][ T5096] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.447617][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.460654][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.475926][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.564932][ T5095] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.578026][ T5095] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.587278][ T5095] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.596046][ T5095] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.764242][ T5090] veth0_vlan: entered promiscuous mode
[  121.792766][ T5098] veth0_vlan: entered promiscuous mode
[  121.815409][ T5101] veth0_vlan: entered promiscuous mode
[  121.997538][ T5098] veth1_vlan: entered promiscuous mode
[  122.006146][ T5090] veth1_vlan: entered promiscuous mode
[  122.035961][ T5101] veth1_vlan: entered promiscuous mode
[  122.254123][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.296885][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.312019][ T2482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.322992][ T2482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.353104][ T5094] veth0_vlan: entered promiscuous mode
[  122.451909][ T5090] veth0_macvtap: entered promiscuous mode
[  122.512845][ T5090] veth1_macvtap: entered promiscuous mode
[  122.524885][ T5101] veth0_macvtap: entered promiscuous mode
[  122.550299][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.552119][ T5101] veth1_macvtap: entered promiscuous mode
[  122.573777][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.583170][ T5094] veth1_vlan: entered promiscuous mode
[  122.596339][ T5098] veth0_macvtap: entered promiscuous mode
[  122.680283][ T5098] veth1_macvtap: entered promiscuous mode
[  122.760378][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.772247][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.844846][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.860936][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.874273][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.884935][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.910489][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_0
[  122.924972][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.935771][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.950459][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.961011][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.974601][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  122.985986][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  122.999062][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.043633][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.083531][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.104742][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.115332][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.125332][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.137158][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.147541][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.166805][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.182781][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.209487][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.223138][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  123.247446][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.257858][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.275672][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.294637][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.305175][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.322376][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.333598][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.344260][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.354241][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.366755][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.384235][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.412293][ T5203] Zero length message leads to an empty skb
[  123.436154][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.481126][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.491886][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.502970][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.513350][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.576602][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.601773][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  123.615350][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.634171][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.653969][ T5202] netlink: 'syz.3.4': attribute type 10 has an invalid length.
[  123.725660][ T5202] batman_adv: batadv0: Adding interface: team0
[  123.738402][ T5202] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.774321][ T5202] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  123.847605][ T5098] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.877423][ T5098] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.886209][ T5098] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.912279][ T5098] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.953632][ T5090] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.974154][ T5090] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.985082][ T5090] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.010376][ T5090] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.095192][ T5101] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.121783][ T5101] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.139937][ T5101] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.155713][ T5101] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.534120][ T5094] veth0_macvtap: entered promiscuous mode
[  124.606934][ T5094] veth1_macvtap: entered promiscuous mode
[  124.633391][ T5216] netlink: 'syz.3.10': attribute type 309 has an invalid length.
[  124.923403][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.949679][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.962818][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.998685][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.015991][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.041291][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.054255][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.065056][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.076727][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.087419][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.101238][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.193683][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.218297][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.240518][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.251160][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.276633][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.291260][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.326895][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.356643][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.392679][ T5094] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.431825][ T5094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.465489][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.492041][ T2482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.515990][ T2482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.570493][ T5094] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.581524][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.600318][ T5094] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.612057][ T5094] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.622403][ T5094] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.626622][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.632651][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  125.953474][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.980450][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.096938][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.115212][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.187698][ T5237] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  126.394498][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.422272][ T5237] netlink: 16 bytes leftover after parsing attributes in process `syz.1.17'.
[  126.438552][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.525441][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.582410][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.951960][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.042641][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.426382][ T5246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.19'.
[  127.729675][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.772509][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.732068][ T5277] netlink: 16 bytes leftover after parsing attributes in process `syz.3.27'.
[  129.042891][ T5265] loop0: detected capacity change from 0 to 8192
[  129.169994][ T5273] loop1: detected capacity change from 0 to 8192
[  130.350821][ T5294] netlink: 8 bytes leftover after parsing attributes in process `syz.5.34'.
[  130.648279][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  131.520341][ T5174] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  131.796572][ T5174] usb 6-1: Using ep0 maxpacket: 8
[  131.864177][ T5174] usb 6-1: config 135 has an invalid interface number: 230 but max is 0
[  131.912962][ T5174] usb 6-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  131.993872][ T5174] usb 6-1: config 135 has no interface number 0
[  132.037723][ T5174] usb 6-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  132.146833][ T5174] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  132.155956][ T5174] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.281650][ T5174] usb 6-1: Product: syz
[  132.300812][ T5174] usb 6-1: Manufacturer: syz
[  132.322801][ T5174] usb 6-1: SerialNumber: syz
[  132.743982][ T5158] usb 6-1: USB disconnect, device number 2
[  133.326815][ T5337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.49'.
[  133.433521][ T5326] loop2: detected capacity change from 0 to 8192
[  133.796216][ T5342] capability: warning: `syz.5.51' uses deprecated v2 capabilities in a way that may be insecure
[  134.135868][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  134.858568][ T5358] netlink: 4 bytes leftover after parsing attributes in process `syz.2.54'.
[  134.896910][ T5360] netlink: 48 bytes leftover after parsing attributes in process `syz.4.58'.
[  134.947210][ T5355] loop0: detected capacity change from 0 to 2048
[  135.048472][ T5362] syz.1.59[5362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  135.048768][ T5362] syz.1.59[5362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  135.146944][ T5370] loop4: detected capacity change from 0 to 512
[  135.173022][ T5370] =======================================================
[  135.173022][ T5370] WARNING: The mand mount option has been deprecated and
[  135.173022][ T5370]          and is ignored by this kernel. Remove the mand
[  135.173022][ T5370]          option from the mount to silence this warning.
[  135.173022][ T5370] =======================================================
[  135.186839][ T5355] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz.0.56: bad orphan inode 8192
[  135.207953][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.210256][ T5370] EXT4-fs: Ignoring removed i_version option
[  135.335115][ T5355] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.338595][ T5375] loop2: detected capacity change from 0 to 16
[  135.367029][ T5370] EXT4-fs error (device loop4): __ext4_iget:4906: inode #11: block 1: comm syz.4.61: invalid block
[  135.401792][ T5369] loop1: detected capacity change from 0 to 8192
[  135.427482][ T5370] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.61: couldn't read orphan inode 11 (err -117)
[  135.445717][ T5375] erofs: (device loop2): mounted with root inode @ nid 36.
[  135.531059][ T5370] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.789092][ T5378] syz.3.64[5378] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  135.789387][ T5378] syz.3.64[5378] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  136.221346][ T5380] overlay: ./file2 is not a directory
[  136.998771][ T5090] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.999045][ T5101] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.314075][ T5378] loop3: detected capacity change from 0 to 8192
[  137.327937][ T5159] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  137.593550][ T5159] usb 6-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  137.646627][ T5159] usb 6-1: config 1 interface 0 has no altsetting 0
[  137.690428][ T5159] usb 6-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  137.706765][ T5159] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.753645][ T5159] usb 6-1: Product: syz
[  137.776628][ T5159] usb 6-1: Manufacturer: ౴�徒阵ﴅ�ꓹ뢛柌칹�⻕蚘轊붯㾥�㼂ṉə䳬帽㣊柩鯱밑�෶奦���좈뽢繼Ẕᅑ澽碧
[  137.841796][ T5159] usb 6-1: SerialNumber: syz
[  138.300073][ T5393] loop4: detected capacity change from 0 to 8192
[  138.535914][ T5405] fuse: Invalid rootmode
[  139.489218][ T5408] loop3: detected capacity change from 0 to 4096
[  139.963884][ T5414] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  140.071557][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  140.091299][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  140.340626][    T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!!
[  140.395234][ T5159] usbhid 6-1:1.0: can't add hid device: -71
[  140.440980][ T5159] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  140.529272][ T5159] usb 6-1: USB disconnect, device number 3
[  140.929087][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  141.371287][   T29] audit: type=1326 audit(1720080600.619:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5427 comm="syz.5.78" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf20775bd9 code=0x0
[  141.440866][ T5430] loop1: detected capacity change from 0 to 512
[  141.512709][ T5430] EXT4-fs: Ignoring removed nomblk_io_submit option
[  141.607935][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  141.676562][ T5430] EXT4-fs: Mount option(s) incompatible with ext2
[  141.747215][    C1] sd 0:0:1:0: [sda] tag#5616 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  141.758116][    C1] sd 0:0:1:0: [sda] tag#5616 CDB: Read(6) 08 00 00 00 00 00 00 00 8b 00 00 01
[  142.089472][ T5432] loop3: detected capacity change from 0 to 32768
[  142.161153][ T5432] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section journal_v2: journal bucket 73183498273292546 past end of device (nbuckets 191310728265856)
[  142.161153][ T5432] journal_v2 (size 24):
[  142.161153][ T5432] Buckets:  73183498273292547-73183498273292547
[  142.161153][ T5432] 
[  142.167431][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  142.904862][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  142.905947][ T5438] loop5: detected capacity change from 0 to 2048
[  142.920399][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  142.984076][ T5436] loop1: detected capacity change from 0 to 2048
[  143.080226][ T5098] erofs: (device loop2): erofs_read_inode: bogus i_mode (0) @ nid 305
[  143.085756][ T5436] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  143.110846][ T5438] EXT4-fs error (device loop5): ext4_orphan_get:1420: comm syz.5.80: bad orphan inode 8192
[  143.211274][ T5098] erofs: (device loop2): erofs_read_inode: bogus i_mode (0) @ nid 305
[  143.278332][ T5438] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.914931][ T5446] overlay: ./file2 is not a directory
[  144.975319][ T5094] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.439251][ T5451] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  145.632709][   T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.019168][   T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.354774][   T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.584339][ T5461] loop3: detected capacity change from 0 to 4096
[  146.997822][ T5472] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  147.085569][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.106853][ T5159] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  147.399228][ T5159] usb 5-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  147.486535][ T5159] usb 5-1: config 1 interface 0 has no altsetting 0
[  147.557036][ T5159] usb 5-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  147.607742][ T5159] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.657785][ T5159] usb 5-1: Product: syz
[  147.661108][ T5476] loop5: detected capacity change from 0 to 16
[  147.662042][ T5159] usb 5-1: Manufacturer: ౴�徒阵ﴅ�ꓹ뢛柌칹�⻕蚘轊붯㾥�㼂ṉə䳬帽㣊柩鯱밑�෶奦���좈뽢繼Ẕᅑ澽碧
[  147.669376][   T51] bridge_slave_1: left allmulticast mode
[  147.777484][ T5476] erofs: (device loop5): mounted with root inode @ nid 36.
[  147.805431][ T5159] usb 5-1: SerialNumber: syz
[  147.806666][   T51] bridge_slave_1: left promiscuous mode
[  147.831572][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.967111][   T51] bridge_slave_0: left allmulticast mode
[  147.972873][   T51] bridge_slave_0: left promiscuous mode
[  148.027011][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.373789][   T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  148.401882][   T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  148.413720][   T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  148.424559][   T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  148.433856][   T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  148.442512][   T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  149.568859][ T5094] erofs: (device loop5): erofs_read_inode: bogus i_mode (0) @ nid 305
[  149.655751][ T5094] erofs: (device loop5): erofs_read_inode: bogus i_mode (0) @ nid 305
[  150.211294][ T5159] usbhid 5-1:1.0: can't add hid device: -71
[  150.247992][ T5159] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  150.327161][ T5159] usb 5-1: USB disconnect, device number 2
[  150.552257][ T5493] loop4: detected capacity change from 0 to 512
[  150.588278][ T5493] EXT4-fs: Ignoring removed nomblk_io_submit option
[  150.679072][ T5493] EXT4-fs: Mount option(s) incompatible with ext2
[  150.893027][ T5104] Bluetooth: hci4: command tx timeout
[  151.470781][ T5498] loop4: detected capacity change from 0 to 2048
[  151.516111][ T5495] loop0: detected capacity change from 0 to 8192
[  151.550197][ T5498] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  152.877690][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.937651][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.966891][ T5104] Bluetooth: hci4: command tx timeout
[  153.000596][   T51] bond0 (unregistering): Released all slaves
[  155.057398][ T5104] Bluetooth: hci4: command tx timeout
[  155.537603][ T5154] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  155.817132][ T5154] usb 5-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  155.821390][ T5546] loop1: detected capacity change from 0 to 512
[  155.846715][ T5154] usb 5-1: config 1 interface 0 has no altsetting 0
[  155.873430][ T5154] usb 5-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  155.906674][ T5154] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.914862][   T51] hsr_slave_0: left promiscuous mode
[  155.946712][ T5546] EXT4-fs: Ignoring removed nomblk_io_submit option
[  155.962382][ T5154] usb 5-1: Product: syz
[  155.986688][ T5154] usb 5-1: Manufacturer: ౴�徒阵ﴅ�ꓹ뢛柌칹�⻕蚘轊붯㾥�㼂ṉə䳬帽㣊柩鯱밑�෶奦���좈뽢繼Ẕᅑ澽碧
[  156.012291][   T51] hsr_slave_1: left promiscuous mode
[  156.013815][ T5546] EXT4-fs: Mount option(s) incompatible with ext2
[  156.054273][ T5154] usb 5-1: SerialNumber: syz
[  156.137575][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  156.176698][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  156.267745][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  156.305909][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  156.508338][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  156.519072][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  156.528315][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  156.593745][   T51] veth1_macvtap: left promiscuous mode
[  156.600440][   T51] veth0_macvtap: left promiscuous mode
[  156.606339][   T51] veth1_vlan: left promiscuous mode
[  156.612879][   T51] veth0_vlan: left promiscuous mode
[  156.673093][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  156.701704][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  156.709731][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  156.893733][ T5551] loop1: detected capacity change from 0 to 2048
[  157.077822][ T5551] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  157.145326][ T5104] Bluetooth: hci4: command tx timeout
[  157.285801][ T5532] loop0: detected capacity change from 0 to 32768
[  158.460578][ T5532] workqueue: Failed to create a rescuer kthread for wq "bcachefs": -EINTR
[  158.461257][ T5532] bcachefs (a46a46fb-710c-4d8a-8a40-d337fbcdfe7d): shutdown complete
[  158.817684][ T5104] Bluetooth: hci2: command tx timeout
[  159.026713][ T5154] usbhid 5-1:1.0: can't add hid device: -71
[  159.032827][ T5154] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  159.146845][ T5154] usb 5-1: USB disconnect, device number 3
[  159.545462][ T5573] binder_alloc: 5568: binder_alloc_buf, no vma
[  159.690950][ T5571] loop3: detected capacity change from 0 to 4096
[  159.861648][ T5577] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  160.906525][ T5104] Bluetooth: hci2: command tx timeout
[  161.198851][   T51] team0 (unregistering): Port device team_slave_1 removed
[  161.208641][ T5592] xt_hashlimit: overflow, try lower: 0/0
[  161.354503][   T51] team0 (unregistering): Port device team_slave_0 removed
[  162.515095][ T5596] loop1: detected capacity change from 0 to 32768
[  162.541454][ T5596] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section journal_v2: journal bucket 73183498273292546 past end of device (nbuckets 191310728265856)
[  162.541454][ T5596] journal_v2 (size 24):
[  162.541454][ T5596] Buckets:  73183498273292547-73183498273292547
[  162.541454][ T5596] 
[  162.968896][ T5104] Bluetooth: hci2: command tx timeout
[  162.986339][ T5600] netlink: 100 bytes leftover after parsing attributes in process `syz.1.126'.
[  164.712438][ T5611] loop4: detected capacity change from 0 to 512
[  164.800990][ T5611] EXT4-fs: Ignoring removed nomblk_io_submit option
[  164.836376][ T5611] EXT4-fs: Mount option(s) incompatible with ext2
[  165.046898][ T5104] Bluetooth: hci2: command tx timeout
[  165.182458][ T5621] binder_alloc: 5615: binder_alloc_buf, no vma
[  165.224043][  T780] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  165.484280][  T780] usb 1-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  165.517535][ T5622] loop4: detected capacity change from 0 to 2048
[  165.526315][ T5477] chnl_net:caif_netlink_parms(): no params data found
[  165.559798][ T5622] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  165.578753][  T780] usb 1-1: config 1 interface 0 has no altsetting 0
[  165.662471][  T780] usb 1-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  165.705790][  T780] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.757557][  T780] usb 1-1: Product: syz
[  165.761809][  T780] usb 1-1: Manufacturer: syz
[  165.766446][  T780] usb 1-1: SerialNumber: syz
[  165.800791][ T5386] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  166.814268][ T5614] loop1: detected capacity change from 0 to 32768
[  166.863708][ T5614] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.132 (5614)
[  167.397002][ T5477] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.547771][ T5477] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.585941][ T5477] bridge_slave_0: entered allmulticast mode
[  167.627675][ T5477] bridge_slave_0: entered promiscuous mode
[  167.756896][ T5614] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  167.847305][ T5614] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  167.908415][ T5614] BTRFS info (device loop1): using free-space-tree
[  167.963892][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  167.989083][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  168.111014][  T780] usbhid 1-1:1.0: can't add hid device: -71
[  168.133645][  T780] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  168.137438][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  168.170307][  T780] usb 1-1: USB disconnect, device number 2
[  168.197540][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  168.207297][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  168.266737][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  168.311632][ T5477] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.315277][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  168.346900][ T5477] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.409101][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  168.437839][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  168.477090][ T5477] bridge_slave_1: entered allmulticast mode
[  168.522584][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  168.554104][ T5477] bridge_slave_1: entered promiscuous mode
[  168.554166][ T5614] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  168.688644][ T5614] BTRFS error (device loop1): open_ctree failed
[  169.258807][ T5667] netlink: 100 bytes leftover after parsing attributes in process `syz.0.137'.
[  169.320963][ T5477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  169.553240][   T51] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.754624][ T5477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.079199][   T51] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.488128][   T51] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.620235][ T5690] loop1: detected capacity change from 0 to 4096
[  171.655424][ T5477] team0: Port device team_slave_0 added
[  171.800595][ T5553] chnl_net:caif_netlink_parms(): no params data found
[  171.820738][ T5692] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  172.159353][ T5695] loop0: detected capacity change from 0 to 512
[  172.180252][   T51] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.288118][ T5695] EXT4-fs: Ignoring removed nomblk_io_submit option
[  172.361928][ T5695] EXT4-fs: Mount option(s) incompatible with ext2
[  172.484056][ T5386] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  172.517930][ T5477] team0: Port device team_slave_1 added
[  173.076891][ T5477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.095608][ T5477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.141115][ T5699] loop0: detected capacity change from 0 to 2048
[  173.166515][ T5477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.185685][ T5699] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  173.519664][ T5477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.538696][ T5477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.578857][ T5477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.762373][ T5154] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  173.960617][ T5154] usb 2-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  174.011526][ T5154] usb 2-1: config 1 interface 0 has no altsetting 0
[  174.057475][ T5154] usb 2-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  174.100783][ T5154] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.126756][ T5154] usb 2-1: Product: syz
[  174.131016][ T5154] usb 2-1: Manufacturer: syz
[  174.135657][ T5154] usb 2-1: SerialNumber: syz
[  174.175602][ T5553] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.213026][ T5553] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.233132][ T5553] bridge_slave_0: entered allmulticast mode
[  174.284275][ T5553] bridge_slave_0: entered promiscuous mode
[  174.331380][ T5553] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.369634][ T5553] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.392084][ T5553] bridge_slave_1: entered allmulticast mode
[  174.426240][ T5553] bridge_slave_1: entered promiscuous mode
[  175.735817][ T5477] hsr_slave_0: entered promiscuous mode
[  175.774484][ T5715] loop3: detected capacity change from 0 to 32768
[  175.845661][ T5715] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.148 (5715)
[  175.872236][ T5477] hsr_slave_1: entered promiscuous mode
[  175.899727][ T5477] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.940222][ T5477] Cannot create hsr debugfs directory
[  175.986282][ T5715] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  176.015480][ T5553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.049876][ T5715] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  176.071737][   T51] bridge_slave_1: left allmulticast mode
[  176.079691][   T51] bridge_slave_1: left promiscuous mode
[  176.088708][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.127038][ T5715] BTRFS info (device loop3): using free-space-tree
[  176.183955][   T51] bridge_slave_0: left allmulticast mode
[  176.195329][   T51] bridge_slave_0: left promiscuous mode
[  176.228577][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.464620][ T5154] usbhid 2-1:1.0: can't add hid device: -71
[  176.517086][ T5154] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  176.567442][ T5154] usb 2-1: USB disconnect, device number 2
[  176.835883][ T5096] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.802258][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  178.855567][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  178.905456][   T51] bond0 (unregistering): Released all slaves
[  178.967936][ T5553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.353171][ T5553] team0: Port device team_slave_0 added
[  180.870399][ T5553] team0: Port device team_slave_1 added
[  181.338691][ T5760] loop3: detected capacity change from 0 to 4096
[  181.530845][ T5761] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  181.584664][ T5553] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.622351][ T5553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.732332][ T5553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.814346][ T5553] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.825309][   T53] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  181.840325][   T53] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  181.866829][ T5553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.871766][   T53] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  181.905407][ T5553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.937146][   T53] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  181.947252][   T53] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  181.967024][   T53] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  182.159482][   T51] hsr_slave_0: left promiscuous mode
[  182.187264][   T51] hsr_slave_1: left promiscuous mode
[  182.246740][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  182.266617][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.317989][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.325487][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.435937][   T51] veth1_macvtap: left promiscuous mode
[  182.456675][   T51] veth0_macvtap: left promiscuous mode
[  182.464364][   T51] veth1_vlan: left promiscuous mode
[  182.486787][   T51] veth0_vlan: left promiscuous mode
[  183.007777][ T5768] loop3: detected capacity change from 0 to 1024
[  183.642383][ T5775] loop1: detected capacity change from 0 to 512
[  183.658176][ T5775] EXT4-fs: Ignoring removed nomblk_io_submit option
[  183.674873][ T5775] EXT4-fs: Mount option(s) incompatible with ext2
[  184.087505][ T5104] Bluetooth: hci6: command tx timeout
[  184.140950][ T5777] loop1: detected capacity change from 0 to 2048
[  184.153658][ T5777] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  185.485400][   T51] team0 (unregistering): Port device team_slave_1 removed
[  185.570433][   T51] team0 (unregistering): Port device team_slave_0 removed
[  185.571200][ T5779] loop1: detected capacity change from 0 to 32768
[  185.606189][ T5779] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.160 (5779)
[  185.632098][ T5154] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  185.679336][ T5779] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  185.692108][ T5779] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  185.703176][ T5779] BTRFS info (device loop1): using free-space-tree
[  185.871558][ T5154] usb 4-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  185.896355][ T5154] usb 4-1: config 1 interface 0 has no altsetting 0
[  185.920053][ T5154] usb 4-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  185.954441][ T5154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.967547][ T5154] usb 4-1: Product: syz
[  185.971778][ T5154] usb 4-1: Manufacturer: syz
[  185.977127][ T5154] usb 4-1: SerialNumber: syz
[  186.176841][ T5104] Bluetooth: hci6: command tx timeout
[  186.341193][ T5095] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  187.429275][ T5154] usbhid 4-1:1.0: can't add hid device: -71
[  187.447447][ T5154] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  187.483106][ T5154] usb 4-1: USB disconnect, device number 2
[  188.246933][ T5104] Bluetooth: hci6: command tx timeout
[  188.399048][ T5553] hsr_slave_0: entered promiscuous mode
[  188.445608][ T5553] hsr_slave_1: entered promiscuous mode
[  189.668018][ T5825] loop0: detected capacity change from 0 to 4096
[  189.870476][ T5830] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  190.326706][ T5104] Bluetooth: hci6: command tx timeout
[  191.729579][   T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.890416][ T5841] loop1: detected capacity change from 0 to 512
[  191.931525][ T5841] EXT4-fs: Ignoring removed nomblk_io_submit option
[  191.993981][ T5841] EXT4-fs: Mount option(s) incompatible with ext2
[  192.062635][   T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.488646][ T5843] loop1: detected capacity change from 0 to 2048
[  192.512967][ T5843] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  192.615360][   T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.084793][   T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.141415][ T5477] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  193.180900][ T5763] chnl_net:caif_netlink_parms(): no params data found
[  193.334812][ T5847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.170'.
[  193.379989][ T5477] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  193.642827][ T5477] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  193.750173][ T5477] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  193.937128][   T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  194.179903][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.198522][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.226590][   T25] usb 2-1: New USB device found, idVendor=056a, idProduct=0061, bcdDevice= 0.00
[  194.235772][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.310446][   T25] usb 2-1: config 0 descriptor??
[  194.322504][ T5850] loop0: detected capacity change from 0 to 32768
[  194.323998][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.351666][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.359666][ T5763] bridge_slave_0: entered allmulticast mode
[  194.370918][ T5763] bridge_slave_0: entered promiscuous mode
[  194.384211][ T5850] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.171 (5850)
[  194.385486][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.445991][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.463826][ T5763] bridge_slave_1: entered allmulticast mode
[  194.476359][ T5763] bridge_slave_1: entered promiscuous mode
[  194.511697][ T5850] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  194.567070][ T5850] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  194.575951][ T5850] BTRFS info (device loop0): using free-space-tree
[  194.793131][   T25] wacom 0003:056A:0061.0001: unknown main item tag 0x0
[  194.803580][   T25] wacom 0003:056A:0061.0001: Unknown device_type for 'HID 056a:0061'. Assuming pen.
[  194.850358][   T25] wacom 0003:056A:0061.0001: hidraw0: USB HID v0.00 Device [HID 056a:0061] on usb-dummy_hcd.1-1/input0
[  194.944917][   T25] input: Wacom PenStation2 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0061.0001/input/input5
[  195.023249][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  195.083484][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  195.118481][   T29] audit: type=1804 audit(1720080654.389:3): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.171" name="/newroot/31/file1/bus" dev="loop0" ino=263 res=1 errno=0
[  195.186829][   T51] bridge_slave_1: left allmulticast mode
[  195.192568][   T51] bridge_slave_1: left promiscuous mode
[  195.225926][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.234922][   T25] usb 2-1: USB disconnect, device number 3
[  195.250538][   T51] bridge_slave_0: left allmulticast mode
[  195.284257][   T51] bridge_slave_0: left promiscuous mode
[  195.291922][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.582059][ T5101] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  196.561549][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.596327][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.623208][   T51] bond0 (unregistering): Released all slaves
[  196.696643][  T780] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  196.907679][  T780] usb 1-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  196.943099][  T780] usb 1-1: config 1 interface 0 has no altsetting 0
[  196.995009][  T780] usb 1-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  197.025677][  T780] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.051939][  T780] usb 1-1: Product: syz
[  197.067081][  T780] usb 1-1: SerialNumber: syz
[  197.091239][ T5763] team0: Port device team_slave_0 added
[  197.132880][ T5763] team0: Port device team_slave_1 added
[  197.334144][ T5884] loop3: detected capacity change from 0 to 4096
[  197.440460][ T5888] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  197.994917][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0
[  198.048803][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.112140][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.153950][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.176136][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.244388][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.195875][   T51] hsr_slave_0: left promiscuous mode
[  199.297251][   T51] hsr_slave_1: left promiscuous mode
[  199.389134][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  199.439582][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  199.521859][ T5896] loop3: detected capacity change from 0 to 512
[  199.549307][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  199.593559][ T5896] EXT4-fs: Ignoring removed nomblk_io_submit option
[  199.605879][  T780] usbhid 1-1:1.0: can't add hid device: -71
[  199.618500][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  199.646670][  T780] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  199.663143][ T5896] EXT4-fs: Mount option(s) incompatible with ext2
[  199.696120][  T780] usb 1-1: USB disconnect, device number 3
[  199.800894][   T51] veth1_macvtap: left promiscuous mode
[  199.825118][   T51] veth0_macvtap: left promiscuous mode
[  199.862334][   T51] veth1_vlan: left promiscuous mode
[  199.892913][   T51] veth0_vlan: left promiscuous mode
[  200.250540][ T5901] loop3: detected capacity change from 0 to 2048
[  200.282687][ T5901] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  200.396595][   T29] audit: type=1326 audit(1720080659.649:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5902 comm="syz.1.181" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf47d75bd9 code=0x0
[  200.929337][ T5154] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  201.137548][ T5154] usb 2-1: Using ep0 maxpacket: 32
[  201.153460][ T5154] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  201.166102][ T5154] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.185277][ T5154] usb 2-1: Product: syz
[  201.189994][ T5154] usb 2-1: Manufacturer: syz
[  201.195153][ T5154] usb 2-1: SerialNumber: syz
[  201.250684][ T5154] usb 2-1: config 0 descriptor??
[  201.559079][ T5154] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 004
[  201.907059][ T5911] loop0: detected capacity change from 0 to 16
[  201.932594][ T5911] erofs: (device loop0): mounted with root inode @ nid 36.
[  201.997781][ T5908] loop3: detected capacity change from 0 to 32768
[  202.034406][ T5104] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000]
[  202.036138][ T5908] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.182 (5908)
[  202.090591][   T51] team0 (unregistering): Port device team_slave_1 removed
[  202.101055][ T5911] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  202.118582][ T5908] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  202.134898][   T29] audit: type=1800 audit(1720080661.399:5): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.183" name="file3" dev="loop0" ino=89 res=0 errno=0
[  202.176622][ T5911] syz.0.183 (5911) used greatest stack depth: 20144 bytes left
[  202.205291][ T5908] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  202.227935][ T5908] BTRFS info (device loop3): using free-space-tree
[  202.286701][   T51] team0 (unregistering): Port device team_slave_0 removed
[  202.689018][   T29] audit: type=1804 audit(1720080661.959:6): pid=5908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.182" name="/newroot/49/file1/bus" dev="loop3" ino=263 res=1 errno=0
[  202.957200][ T5096] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  203.891529][ T5553] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  204.059099][ T5553] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  204.074413][ T5164] usb 2-1: USB disconnect, device number 4
[  204.181010][ T5763] hsr_slave_0: entered promiscuous mode
[  204.212960][ T5763] hsr_slave_1: entered promiscuous mode
[  204.242392][ T5763] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.265245][ T5763] Cannot create hsr debugfs directory
[  204.299879][ T5553] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  204.338756][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  204.345190][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  205.127496][ T5553] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  205.638394][ T5477] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.225318][ T5477] 8021q: adding VLAN 0 to HW filter on device team0
[  206.436649][ T5159] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  206.453152][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.460561][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.545810][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.554688][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.668561][ T5159] usb 4-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  206.734638][ T5159] usb 4-1: config 1 interface 0 has no altsetting 0
[  206.754465][ T5159] usb 4-1: string descriptor 0 read error: -22
[  206.774298][ T5159] usb 4-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  206.791882][ T5159] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.468225][ T5553] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.897430][ T5553] 8021q: adding VLAN 0 to HW filter on device team0
[  208.225924][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.233318][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.495167][ T5962] loop1: detected capacity change from 0 to 512
[  208.608472][ T5962] EXT4-fs: Ignoring removed nomblk_io_submit option
[  208.665308][ T5962] EXT4-fs: Mount option(s) incompatible with ext2
[  208.729368][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.736821][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.068279][ T5763] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  209.350449][ T5966] loop1: detected capacity change from 0 to 2048
[  209.462157][ T5966] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  209.681521][ T5763] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  209.793525][ T5763] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  209.854764][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  209.881747][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  209.891088][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  209.901830][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  209.915115][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  209.927202][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  210.136642][ T5763] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  210.566736][ T5159] usbhid 4-1:1.0: can't add hid device: -71
[  210.572861][ T5159] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  210.656713][ T5159] usb 4-1: USB disconnect, device number 3
[  210.850347][ T5977] loop3: detected capacity change from 0 to 16
[  210.908211][ T5977] erofs: (device loop3): mounted with root inode @ nid 36.
[  210.984311][   T53] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000]
[  211.006971][ T5977] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  211.035180][   T29] audit: type=1800 audit(1720080670.299:7): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.193" name="file3" dev="loop3" ino=89 res=0 errno=0
[  211.159872][ T5977] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  211.198763][ T5977] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  212.017061][   T53] Bluetooth: hci0: command tx timeout
[  212.895796][   T51] bridge_slave_1: left allmulticast mode
[  212.916671][   T51] bridge_slave_1: left promiscuous mode
[  212.922677][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.990322][   T51] bridge_slave_0: left allmulticast mode
[  213.012140][   T51] bridge_slave_0: left promiscuous mode
[  213.026019][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.415636][ T5984] loop3: detected capacity change from 0 to 32768
[  213.479561][ T5984] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.194 (5984)
[  213.617027][ T5984] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  213.659736][ T5984] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  213.726591][ T5984] BTRFS info (device loop3): using free-space-tree
[  213.971339][ T6015] loop1: detected capacity change from 0 to 1024
[  214.017702][ T5104] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  214.042707][ T5104] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  214.051535][ T5104] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  214.063745][ T5104] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  214.072447][ T5104] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  214.080935][ T5104] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  214.088663][ T5097] Bluetooth: hci0: command tx timeout
[  214.838584][ T5096] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  215.547550][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  215.665363][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  215.752612][   T51] bond0 (unregistering): Released all slaves
[  216.148003][ T5104] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  216.168631][ T5104] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  216.176836][ T5104] Bluetooth: hci4: command tx timeout
[  216.182566][ T5097] Bluetooth: hci0: command tx timeout
[  216.189325][ T5104] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  216.205870][ T5104] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  216.218329][ T5104] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  216.226219][ T5104] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  216.369766][ T6033] loop3: detected capacity change from 0 to 512
[  216.408928][ T6033] EXT4-fs: Invalid want_extra_isize 257
[  217.308964][   T51] hsr_slave_0: left promiscuous mode
[  217.396345][   T51] hsr_slave_1: left promiscuous mode
[  217.461639][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.502860][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.576416][ T6051] loop1: detected capacity change from 0 to 512
[  217.625735][ T6051] EXT4-fs: Ignoring removed nomblk_io_submit option
[  217.676692][ T6051] EXT4-fs: Mount option(s) incompatible with ext2
[  218.204827][ T6054] loop1: detected capacity change from 0 to 2048
[  218.235575][ T6054] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  218.246871][ T5104] Bluetooth: hci4: command tx timeout
[  218.252342][ T5104] Bluetooth: hci0: command tx timeout
[  218.329242][ T5104] Bluetooth: hci5: command tx timeout
[  219.198006][   T25] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  219.324729][   T51] team0 (unregistering): Port device team_slave_1 removed
[  219.412834][   T25] usb 4-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  219.458079][   T25] usb 4-1: config 1 interface 0 has no altsetting 0
[  219.480916][   T25] usb 4-1: string descriptor 0 read error: -22
[  219.488351][   T25] usb 4-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  219.510422][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.515158][   T51] team0 (unregistering): Port device team_slave_0 removed
[  220.326820][ T5104] Bluetooth: hci4: command tx timeout
[  220.408173][ T5104] Bluetooth: hci5: command tx timeout
[  221.234956][   T25] usbhid 4-1:1.0: can't add hid device: -71
[  221.263376][   T25] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  221.325999][   T25] usb 4-1: USB disconnect, device number 4
[  221.944041][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.955009][ T6088] loop1: detected capacity change from 0 to 32768
[  222.025763][ T5969] chnl_net:caif_netlink_parms(): no params data found
[  222.033003][ T6088] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.206 (6088)
[  222.161416][ T6088] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  222.217247][ T6088] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  222.257033][ T6088] BTRFS info (device loop1): using free-space-tree
[  222.407957][ T5104] Bluetooth: hci4: command tx timeout
[  222.487003][ T5104] Bluetooth: hci5: command tx timeout
[  222.849907][ T5763] 8021q: adding VLAN 0 to HW filter on device team0
[  222.942438][ T5095] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  223.275672][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.283104][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.568627][ T5969] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.575953][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.601607][ T5969] bridge_slave_0: entered allmulticast mode
[  223.612672][ T5969] bridge_slave_0: entered promiscuous mode
[  223.737923][ T5969] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.745274][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.789174][ T5969] bridge_slave_1: entered allmulticast mode
[  223.800238][ T5969] bridge_slave_1: entered promiscuous mode
[  223.815599][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.823012][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.105813][ T5969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.543696][ T5969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.569305][ T5104] Bluetooth: hci5: command tx timeout
[  225.205440][ T5969] team0: Port device team_slave_0 added
[  225.436651][ T5969] team0: Port device team_slave_1 added
[  226.012335][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_0
[  226.031004][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.067101][ T5969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.122196][ T5969] batman_adv: batadv0: Adding interface: batadv_slave_1
[  226.138624][ T5969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.196634][ T5969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.363958][ T6011] chnl_net:caif_netlink_parms(): no params data found
[  226.486970][ T6166] loop3: detected capacity change from 0 to 512
[  226.505977][ T6166] EXT4-fs: Ignoring removed nomblk_io_submit option
[  226.516963][ T6167] loop1: detected capacity change from 0 to 512
[  226.525092][ T6166] EXT4-fs: Mount option(s) incompatible with ext2
[  226.538792][ T6167] EXT4-fs: Invalid want_extra_isize 257
[  226.626513][ T5386] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  226.642915][ T6034] chnl_net:caif_netlink_parms(): no params data found
[  226.982805][ T6169] loop3: detected capacity change from 0 to 2048
[  226.990795][ T6169] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  227.325660][ T5386] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  227.794790][ T5969] hsr_slave_0: entered promiscuous mode
[  227.831787][ T5969] hsr_slave_1: entered promiscuous mode
[  227.876600][ T5969] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  227.902771][ T5969] Cannot create hsr debugfs directory
[  229.100122][ T6011] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.128304][ T6011] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.143595][ T6011] bridge_slave_0: entered allmulticast mode
[  229.183929][ T6011] bridge_slave_0: entered promiscuous mode
[  229.419300][ T6011] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.427579][ T5158] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  229.436269][ T6011] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.448829][ T6011] bridge_slave_1: entered allmulticast mode
[  229.472294][ T6011] bridge_slave_1: entered promiscuous mode
[  229.659221][ T5158] usb 2-1: config 1 interface 0 altsetting 96 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  229.697997][ T5158] usb 2-1: config 1 interface 0 has no altsetting 0
[  229.722293][ T5158] usb 2-1: string descriptor 0 read error: -22
[  229.727855][ T6034] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.757156][ T5158] usb 2-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.40
[  229.757743][ T6034] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.796054][ T5158] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.804855][ T6034] bridge_slave_0: entered allmulticast mode
[  229.839641][ T6034] bridge_slave_0: entered promiscuous mode
[  230.119203][   T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.219772][ T6034] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.237692][ T6034] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.245049][ T6034] bridge_slave_1: entered allmulticast mode
[  230.272994][ T6034] bridge_slave_1: entered promiscuous mode
[  230.451861][ T6011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.670016][   T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.959217][ T6011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  231.034725][ T6205] loop3: detected capacity change from 0 to 32768
[  231.071461][ T6205] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.216 (6205)
[  231.093910][ T6205] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  231.110009][ T6205] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  231.119727][ T6205] BTRFS info (device loop3): using free-space-tree
[  231.321936][   T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.335072][ T5158] usbhid 2-1:1.0: can't add hid device: -71
[  231.357135][ T5158] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  231.404919][ T5158] usb 2-1: USB disconnect, device number 5
[  231.413573][ T6034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  231.502556][ T6034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  231.675725][ T6011] team0: Port device team_slave_0 added
[  231.705888][ T5096] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  231.793781][   T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.020304][ T5104] Bluetooth: hci3: command 0x0406 tx timeout
[  232.025920][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[  232.121309][ T6011] team0: Port device team_slave_1 added
[  232.249668][    T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  232.325270][ T6034] team0: Port device team_slave_0 added
[  232.419182][ T6011] batman_adv: batadv0: Adding interface: batadv_slave_0
[  232.430521][ T6011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.462913][ T6011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  232.474821][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  232.509091][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  232.533681][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.546302][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  232.580162][    T8] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  232.600004][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.644315][    T8] usb 2-1: config 0 descriptor??
[  232.667178][ T6227] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  232.693395][ T6034] team0: Port device team_slave_1 added
[  232.737780][ T6011] batman_adv: batadv0: Adding interface: batadv_slave_1
[  232.757756][ T6011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.800617][ T6011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.079978][ T6034] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.098126][ T6034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.125321][ T6034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.159297][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.176947][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.184405][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.199857][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.208776][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.216214][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.224723][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.232717][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.245738][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.258303][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.265754][    T8] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  233.289090][    T8] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  233.323843][    T8] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  233.420821][ T6011] hsr_slave_0: entered promiscuous mode
[  233.436984][    T8] usb 2-1: USB disconnect, device number 6
[  233.453979][ T6011] hsr_slave_1: entered promiscuous mode
[  233.490590][ T6011] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  233.507828][ T6011] Cannot create hsr debugfs directory
[  233.537063][ T6034] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.551147][ T6034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.627436][ T6034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.986044][   T51] bridge_slave_1: left allmulticast mode
[  234.017465][   T51] bridge_slave_1: left promiscuous mode
[  234.023467][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.089557][   T51] bridge_slave_0: left allmulticast mode
[  234.095285][   T51] bridge_slave_0: left promiscuous mode
[  234.121374][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.180050][   T51] bridge_slave_1: left allmulticast mode
[  234.195768][   T51] bridge_slave_1: left promiscuous mode
[  234.202811][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.238448][   T51] bridge_slave_0: left allmulticast mode
[  234.246978][   T51] bridge_slave_0: left promiscuous mode
[  234.252959][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.365524][ T6253] loop1: detected capacity change from 0 to 512
[  234.382132][ T6253] EXT4-fs: Ignoring removed nomblk_io_submit option
[  234.416598][ T6253] EXT4-fs: Mount option(s) incompatible with ext2
[  234.472396][ T5386] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  234.813365][ T6256] loop1: detected capacity change from 0 to 2048
[  234.867035][ T6256] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  235.569464][ T6259] loop1: detected capacity change from 0 to 256
[  235.583418][ T6259] FAT-fs (loop1): Unrecognized mount option "00000000000000000000000" or missing value
[  235.756183][ T6259] loop1: detected capacity change from 0 to 2048
[  235.824728][ T6259] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  235.875490][ T6259] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  236.031518][   T29] audit: type=1800 audit(1720080695.299:8): pid=6259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.221" name="file1" dev="loop1" ino=1367 res=0 errno=0
[  236.261829][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  236.293960][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  236.314135][   T51] bond0 (unregistering): Released all slaves
[  236.565776][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  236.581982][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  236.594466][   T51] bond0 (unregistering): Released all slaves
[  237.012583][ T6265] loop1: detected capacity change from 0 to 512
[  237.031993][ T6034] hsr_slave_0: entered promiscuous mode
[  237.038169][ T6265] EXT4-fs: Invalid want_extra_isize 257
[  237.051230][ T6034] hsr_slave_1: entered promiscuous mode
[  237.064844][ T6034] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  237.072883][ T6034] Cannot create hsr debugfs directory
[  238.581496][   T51] hsr_slave_0: left promiscuous mode
[  238.601567][   T51] hsr_slave_1: left promiscuous mode
[  238.641080][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  238.673365][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  238.734255][   T51] hsr_slave_0: left promiscuous mode
[  238.807707][   T51] hsr_slave_1: left promiscuous mode
[  238.827091][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  238.834593][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  238.865612][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  238.885244][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  238.955340][   T51] veth1_macvtap: left promiscuous mode
[  238.961608][   T51] veth0_macvtap: left promiscuous mode
[  238.979679][   T51] veth1_vlan: left promiscuous mode
[  238.985204][   T51] veth0_vlan: left promiscuous mode
[  240.240852][   T51] team0 (unregistering): Port device team_slave_1 removed
[  240.370424][   T51] team0 (unregistering): Port device team_slave_0 removed
[  240.453161][   T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  240.477610][   T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  240.488797][   T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  240.500255][   T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  240.515343][   T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  240.528446][   T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  240.671413][ T6287] loop1: detected capacity change from 0 to 32768
[  240.688833][ T6287] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.225 (6287)
[  240.725777][ T6287] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  240.738551][ T6287] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  240.747852][ T6287] BTRFS info (device loop1): using free-space-tree
[  241.145603][ T5095] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  241.963049][ T6312] loop1: detected capacity change from 0 to 512
[  241.981934][ T6312] EXT4-fs: Ignoring removed nomblk_io_submit option
[  241.993963][ T6312] EXT4-fs: Mount option(s) incompatible with ext2
[  242.284838][ T6313] loop1: detected capacity change from 0 to 2048
[  242.319090][ T6313] udf: Unknown parameter 'ÿÿÿÿ00000000000000000000'
[  242.415520][   T51] team0 (unregistering): Port device team_slave_1 removed
[  242.496099][   T53] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  242.518265][   T53] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  242.526989][   T53] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  242.535967][   T51] team0 (unregistering): Port device team_slave_0 removed
[  242.546965][   T53] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  242.558402][   T53] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  242.585419][ T5104] Bluetooth: hci2: command tx timeout
[  242.585494][   T53] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  242.621010][ T6314] ==================================================================
[  242.629134][ T6314] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x36/0x210
[  242.636878][ T6314] Read of size 4 at addr ffff8880578549a4 by task syz-executor/6314
[  242.644856][ T6314] 
[  242.647177][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  242.657431][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  242.667497][ T6314] Call Trace:
[  242.670826][ T6314]  <TASK>
[  242.673766][ T6314]  dump_stack_lvl+0x116/0x1f0
[  242.678475][ T6314]  print_report+0xc3/0x620
[  242.682918][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.688574][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.694254][ T6314]  ? __phys_addr+0xc6/0x150
[  242.698778][ T6314]  kasan_report+0xd9/0x110
[  242.703215][ T6314]  ? kfree_skb_reason+0x36/0x210
[  242.708183][ T6314]  ? kfree_skb_reason+0x36/0x210
[  242.713175][ T6314]  kasan_check_range+0xef/0x1a0
[  242.718060][ T6314]  kfree_skb_reason+0x36/0x210
[  242.722851][ T6314]  __hci_req_sync+0x61d/0x980
[  242.727553][ T6314]  ? trace_contention_end+0xea/0x140
[  242.732865][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  242.738083][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  242.742786][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.748439][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.754089][ T6314]  ? hci_req_sync+0x3f/0xd0
[  242.758618][ T6314]  ? __pfx___might_resched+0x10/0x10
[  242.763954][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.769599][ T6314]  ? aa_get_newest_label+0x376/0x680
[  242.774939][ T6314]  hci_req_sync+0x97/0xd0
[  242.779322][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  242.784363][ T6314]  hci_dev_cmd+0x634/0x960
[  242.788832][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.794480][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  242.799440][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.805087][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.810733][ T6314]  ? security_capable+0x98/0xd0
[  242.815617][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  242.820312][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.825959][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  242.831175][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  242.837172][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.842817][ T6314]  sock_do_ioctl+0x119/0x280
[  242.847431][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  242.852573][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.858219][ T6314]  sock_ioctl+0x22e/0x6c0
[  242.862573][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  242.867454][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.873099][ T6314]  ? __fget_files+0x256/0x400
[  242.877820][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  242.883493][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  242.888464][ T6314]  __x64_sys_ioctl+0x196/0x220
[  242.893252][ T6314]  do_syscall_64+0xcd/0x250
[  242.897783][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.903705][ T6314] RIP: 0033:0x7f7f427757db
[  242.908124][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  242.927754][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  242.936182][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  242.944168][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  242.952157][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  242.960146][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  242.968128][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  242.976121][ T6314]  </TASK>
[  242.979142][ T6314] 
[  242.981470][ T6314] Allocated by task 53:
[  242.985624][ T6314]  kasan_save_stack+0x33/0x60
[  242.990319][ T6314]  kasan_save_track+0x14/0x30
[  242.995016][ T6314]  __kasan_slab_alloc+0x89/0x90
[  242.999890][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  243.005406][ T6314]  skb_clone+0x190/0x3f0
[  243.009667][ T6314]  hci_cmd_work+0x66a/0x710
[  243.014192][ T6314]  process_one_work+0x9c8/0x1b40
[  243.019152][ T6314]  worker_thread+0x6c8/0xf30
[  243.023762][ T6314]  kthread+0x2c4/0x3a0
[  243.027888][ T6314]  ret_from_fork+0x48/0x80
[  243.032330][ T6314]  ret_from_fork_asm+0x1a/0x30
[  243.037119][ T6314] 
[  243.039434][ T6314] Freed by task 53:
[  243.043230][ T6314]  kasan_save_stack+0x33/0x60
[  243.047913][ T6314]  kasan_save_track+0x14/0x30
[  243.052618][ T6314]  kasan_save_free_info+0x3b/0x60
[  243.057685][ T6314]  poison_slab_object+0xf7/0x160
[  243.062651][ T6314]  __kasan_slab_free+0x32/0x50
[  243.067423][ T6314]  kmem_cache_free+0x12f/0x3a0
[  243.072194][ T6314]  kfree_skbmem+0x10e/0x200
[  243.076730][ T6314]  kfree_skb_reason+0x138/0x210
[  243.081616][ T6314]  hci_req_sync_complete+0x16c/0x270
[  243.086940][ T6314]  hci_event_packet+0x966/0x1170
[  243.091885][ T6314]  hci_rx_work+0x2c4/0x1610
[  243.096397][ T6314]  process_one_work+0x9c8/0x1b40
[  243.101365][ T6314]  worker_thread+0x6c8/0xf30
[  243.105969][ T6314]  kthread+0x2c4/0x3a0
[  243.110061][ T6314]  ret_from_fork+0x48/0x80
[  243.114501][ T6314]  ret_from_fork_asm+0x1a/0x30
[  243.119287][ T6314] 
[  243.121603][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  243.121603][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  243.136186][ T6314] The buggy address is located 228 bytes inside of
[  243.136186][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  243.149998][ T6314] 
[  243.152318][ T6314] The buggy address belongs to the physical page:
[  243.158721][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  243.167487][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  243.174596][ T6314] page_type: 0xffffefff(slab)
[  243.179310][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  243.187941][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  243.196539][ T6314] page dumped because: kasan: bad access detected
[  243.202945][ T6314] page_owner tracks the page as allocated
[  243.208741][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  243.227693][ T6314]  post_alloc_hook+0x2d1/0x350
[  243.232479][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  243.238050][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  243.243358][ T6314]  alloc_slab_page+0x56/0x110
[  243.248082][ T6314]  new_slab+0x84/0x260
[  243.252167][ T6314]  ___slab_alloc+0xdac/0x1870
[  243.256883][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  243.262268][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  243.267758][ T6314]  skb_clone+0x190/0x3f0
[  243.272014][ T6314]  hci_cmd_work+0x66a/0x710
[  243.276537][ T6314]  process_one_work+0x9c8/0x1b40
[  243.281513][ T6314]  worker_thread+0x6c8/0xf30
[  243.286142][ T6314]  kthread+0x2c4/0x3a0
[  243.290268][ T6314]  ret_from_fork+0x48/0x80
[  243.294721][ T6314]  ret_from_fork_asm+0x1a/0x30
[  243.299519][ T6314] page last free pid 1 tgid 1 stack trace:
[  243.305322][ T6314]  free_unref_page+0x64a/0xe40
[  243.310111][ T6314]  free_contig_range+0xb6/0x1a0
[  243.314984][ T6314]  destroy_args+0xa4e/0xe20
[  243.319512][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  243.324587][ T6314]  do_one_initcall+0x12b/0x700
[  243.329377][ T6314]  kernel_init_freeable+0x69d/0xca0
[  243.334600][ T6314]  kernel_init+0x1c/0x2b0
[  243.338978][ T6314]  ret_from_fork+0x48/0x80
[  243.343414][ T6314]  ret_from_fork_asm+0x1a/0x30
[  243.348205][ T6314] 
[  243.350520][ T6314] Memory state around the buggy address:
[  243.356144][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  243.364208][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  243.372302][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  243.380363][ T6314]                                ^
[  243.385471][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  243.393541][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  243.401606][ T6314] ==================================================================
[  243.417168][ T6314] Disabling lock debugging due to kernel taint
[  243.423380][ T6314] ==================================================================
[  243.431452][ T6314] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x1f5/0x210
[  243.439394][ T6314] Read of size 4 at addr ffff8880578549a4 by task syz-executor/6314
[  243.447392][ T6314] 
[  243.449722][ T6314] CPU: 1 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  243.461463][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  243.471537][ T6314] Call Trace:
[  243.474827][ T6314]  <TASK>
[  243.477769][ T6314]  dump_stack_lvl+0x116/0x1f0
[  243.482489][ T6314]  print_report+0xc3/0x620
[  243.486935][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.492604][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.498270][ T6314]  ? __phys_addr+0xc6/0x150
[  243.502805][ T6314]  kasan_report+0xd9/0x110
[  243.507248][ T6314]  ? kfree_skb_reason+0x1f5/0x210
[  243.512307][ T6314]  ? kfree_skb_reason+0x1f5/0x210
[  243.517375][ T6314]  kfree_skb_reason+0x1f5/0x210
[  243.522263][ T6314]  __hci_req_sync+0x61d/0x980
[  243.526972][ T6314]  ? trace_contention_end+0xea/0x140
[  243.532290][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  243.537518][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  243.542230][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.547895][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.553561][ T6314]  ? hci_req_sync+0x3f/0xd0
[  243.558102][ T6314]  ? __pfx___might_resched+0x10/0x10
[  243.563426][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.569092][ T6314]  ? aa_get_newest_label+0x376/0x680
[  243.574433][ T6314]  hci_req_sync+0x97/0xd0
[  243.578830][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  243.583904][ T6314]  hci_dev_cmd+0x634/0x960
[  243.588365][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.594035][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  243.599033][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.604699][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.610364][ T6314]  ? security_capable+0x98/0xd0
[  243.615276][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  243.620161][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.625826][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  243.631056][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  243.637154][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.642817][ T6314]  sock_do_ioctl+0x119/0x280
[  243.647482][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  243.652664][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.658336][ T6314]  sock_ioctl+0x22e/0x6c0
[  243.662719][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  243.667617][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.673276][ T6314]  ? __fget_files+0x256/0x400
[  243.677999][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  243.683666][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  243.688569][ T6314]  __x64_sys_ioctl+0x196/0x220
[  243.693378][ T6314]  do_syscall_64+0xcd/0x250
[  243.697928][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.703875][ T6314] RIP: 0033:0x7f7f427757db
[  243.708309][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  243.727954][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  243.736397][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  243.744390][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  243.752407][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  243.760410][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  243.768407][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  243.776413][ T6314]  </TASK>
[  243.779449][ T6314] 
[  243.781778][ T6314] Allocated by task 53:
[  243.785942][ T6314]  kasan_save_stack+0x33/0x60
[  243.790652][ T6314]  kasan_save_track+0x14/0x30
[  243.795353][ T6314]  __kasan_slab_alloc+0x89/0x90
[  243.800252][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  243.805748][ T6314]  skb_clone+0x190/0x3f0
[  243.810025][ T6314]  hci_cmd_work+0x66a/0x710
[  243.814565][ T6314]  process_one_work+0x9c8/0x1b40
[  243.819536][ T6314]  worker_thread+0x6c8/0xf30
[  243.824157][ T6314]  kthread+0x2c4/0x3a0
[  243.828268][ T6314]  ret_from_fork+0x48/0x80
[  243.832723][ T6314]  ret_from_fork_asm+0x1a/0x30
[  243.837531][ T6314] 
[  243.839855][ T6314] Freed by task 53:
[  243.843670][ T6314]  kasan_save_stack+0x33/0x60
[  243.848372][ T6314]  kasan_save_track+0x14/0x30
[  243.853070][ T6314]  kasan_save_free_info+0x3b/0x60
[  243.858137][ T6314]  poison_slab_object+0xf7/0x160
[  243.863120][ T6314]  __kasan_slab_free+0x32/0x50
[  243.867907][ T6314]  kmem_cache_free+0x12f/0x3a0
[  243.872695][ T6314]  kfree_skbmem+0x10e/0x200
[  243.877249][ T6314]  kfree_skb_reason+0x138/0x210
[  243.882133][ T6314]  hci_req_sync_complete+0x16c/0x270
[  243.887448][ T6314]  hci_event_packet+0x966/0x1170
[  243.892410][ T6314]  hci_rx_work+0x2c4/0x1610
[  243.896948][ T6314]  process_one_work+0x9c8/0x1b40
[  243.901923][ T6314]  worker_thread+0x6c8/0xf30
[  243.906550][ T6314]  kthread+0x2c4/0x3a0
[  243.910668][ T6314]  ret_from_fork+0x48/0x80
[  243.915129][ T6314]  ret_from_fork_asm+0x1a/0x30
[  243.919937][ T6314] 
[  243.922352][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  243.922352][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  243.936947][ T6314] The buggy address is located 228 bytes inside of
[  243.936947][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  243.950770][ T6314] 
[  243.953099][ T6314] The buggy address belongs to the physical page:
[  243.959514][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  243.968298][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  243.975439][ T6314] page_type: 0xffffefff(slab)
[  243.980138][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  243.988750][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  243.997347][ T6314] page dumped because: kasan: bad access detected
[  244.003772][ T6314] page_owner tracks the page as allocated
[  244.009497][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  244.028492][ T6314]  post_alloc_hook+0x2d1/0x350
[  244.033302][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  244.038896][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  244.044227][ T6314]  alloc_slab_page+0x56/0x110
[  244.048941][ T6314]  new_slab+0x84/0x260
[  244.053033][ T6314]  ___slab_alloc+0xdac/0x1870
[  244.057736][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  244.063134][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  244.068619][ T6314]  skb_clone+0x190/0x3f0
[  244.072889][ T6314]  hci_cmd_work+0x66a/0x710
[  244.077427][ T6314]  process_one_work+0x9c8/0x1b40
[  244.082397][ T6314]  worker_thread+0x6c8/0xf30
[  244.087021][ T6314]  kthread+0x2c4/0x3a0
[  244.091132][ T6314]  ret_from_fork+0x48/0x80
[  244.095587][ T6314]  ret_from_fork_asm+0x1a/0x30
[  244.100392][ T6314] page last free pid 1 tgid 1 stack trace:
[  244.106208][ T6314]  free_unref_page+0x64a/0xe40
[  244.111020][ T6314]  free_contig_range+0xb6/0x1a0
[  244.115908][ T6314]  destroy_args+0xa4e/0xe20
[  244.120454][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  244.125523][ T6314]  do_one_initcall+0x12b/0x700
[  244.130344][ T6314]  kernel_init_freeable+0x69d/0xca0
[  244.135585][ T6314]  kernel_init+0x1c/0x2b0
[  244.139960][ T6314]  ret_from_fork+0x48/0x80
[  244.144415][ T6314]  ret_from_fork_asm+0x1a/0x30
[  244.149221][ T6314] 
[  244.151547][ T6314] Memory state around the buggy address:
[  244.157184][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  244.165257][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  244.173337][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  244.181407][ T6314]                                ^
[  244.186529][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  244.194609][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  244.202681][ T6314] ==================================================================
[  244.257718][ T6314] ==================================================================
[  244.265849][ T6314] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x283/0x2b0
[  244.274228][ T6314] Read of size 8 at addr ffff888057854918 by task syz-executor/6314
[  244.282222][ T6314] 
[  244.284564][ T6314] CPU: 1 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  244.296326][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  244.306422][ T6314] Call Trace:
[  244.309730][ T6314]  <TASK>
[  244.312687][ T6314]  dump_stack_lvl+0x116/0x1f0
[  244.317426][ T6314]  print_report+0xc3/0x620
[  244.321886][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.327560][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.333227][ T6314]  ? __phys_addr+0xc6/0x150
[  244.337762][ T6314]  kasan_report+0xd9/0x110
[  244.342213][ T6314]  ? skb_release_head_state+0x283/0x2b0
[  244.347796][ T6314]  ? skb_release_head_state+0x283/0x2b0
[  244.353380][ T6314]  skb_release_head_state+0x283/0x2b0
[  244.358787][ T6314]  kfree_skb_reason+0xed/0x210
[  244.363588][ T6314]  __hci_req_sync+0x61d/0x980
[  244.368299][ T6314]  ? trace_contention_end+0xea/0x140
[  244.373620][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  244.378849][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  244.383562][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.389227][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.394889][ T6314]  ? hci_req_sync+0x3f/0xd0
[  244.399434][ T6314]  ? __pfx___might_resched+0x10/0x10
[  244.404765][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.410425][ T6314]  ? aa_get_newest_label+0x376/0x680
[  244.415773][ T6314]  hci_req_sync+0x97/0xd0
[  244.420139][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  244.425205][ T6314]  hci_dev_cmd+0x634/0x960
[  244.429666][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.435333][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  244.440393][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.446057][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.451729][ T6314]  ? security_capable+0x98/0xd0
[  244.456634][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  244.461350][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.467014][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  244.472244][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  244.478258][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.483925][ T6314]  sock_do_ioctl+0x119/0x280
[  244.488566][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  244.493739][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.499408][ T6314]  sock_ioctl+0x22e/0x6c0
[  244.503788][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  244.508695][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.514360][ T6314]  ? __fget_files+0x256/0x400
[  244.519088][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  244.524761][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  244.529664][ T6314]  __x64_sys_ioctl+0x196/0x220
[  244.534478][ T6314]  do_syscall_64+0xcd/0x250
[  244.539029][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.544977][ T6314] RIP: 0033:0x7f7f427757db
[  244.549412][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  244.569063][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  244.577512][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  244.585511][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  244.593591][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  244.601585][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  244.609580][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  244.617596][ T6314]  </TASK>
[  244.620631][ T6314] 
[  244.622960][ T6314] Allocated by task 53:
[  244.627122][ T6314]  kasan_save_stack+0x33/0x60
[  244.631822][ T6314]  kasan_save_track+0x14/0x30
[  244.636521][ T6314]  __kasan_slab_alloc+0x89/0x90
[  244.641396][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  244.646887][ T6314]  skb_clone+0x190/0x3f0
[  244.651167][ T6314]  hci_cmd_work+0x66a/0x710
[  244.655703][ T6314]  process_one_work+0x9c8/0x1b40
[  244.660677][ T6314]  worker_thread+0x6c8/0xf30
[  244.665302][ T6314]  kthread+0x2c4/0x3a0
[  244.669411][ T6314]  ret_from_fork+0x48/0x80
[  244.673865][ T6314]  ret_from_fork_asm+0x1a/0x30
[  244.678672][ T6314] 
[  244.681001][ T6314] Freed by task 53:
[  244.684812][ T6314]  kasan_save_stack+0x33/0x60
[  244.689509][ T6314]  kasan_save_track+0x14/0x30
[  244.694203][ T6314]  kasan_save_free_info+0x3b/0x60
[  244.699270][ T6314]  poison_slab_object+0xf7/0x160
[  244.704253][ T6314]  __kasan_slab_free+0x32/0x50
[  244.709039][ T6314]  kmem_cache_free+0x12f/0x3a0
[  244.713828][ T6314]  kfree_skbmem+0x10e/0x200
[  244.718376][ T6314]  kfree_skb_reason+0x138/0x210
[  244.723263][ T6314]  hci_req_sync_complete+0x16c/0x270
[  244.728579][ T6314]  hci_event_packet+0x966/0x1170
[  244.733580][ T6314]  hci_rx_work+0x2c4/0x1610
[  244.738165][ T6314]  process_one_work+0x9c8/0x1b40
[  244.743148][ T6314]  worker_thread+0x6c8/0xf30
[  244.747785][ T6314]  kthread+0x2c4/0x3a0
[  244.751905][ T6314]  ret_from_fork+0x48/0x80
[  244.756366][ T6314]  ret_from_fork_asm+0x1a/0x30
[  244.761179][ T6314] 
[  244.763510][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  244.763510][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  244.778119][ T6314] The buggy address is located 88 bytes inside of
[  244.778119][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  244.791866][ T6314] 
[  244.794201][ T6314] The buggy address belongs to the physical page:
[  244.800623][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  244.809430][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  244.816570][ T6314] page_type: 0xffffefff(slab)
[  244.821270][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  244.829892][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  244.838493][ T6314] page dumped because: kasan: bad access detected
[  244.844910][ T6314] page_owner tracks the page as allocated
[  244.850718][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  244.869792][ T6314]  post_alloc_hook+0x2d1/0x350
[  244.874602][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  244.880190][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  244.885517][ T6314]  alloc_slab_page+0x56/0x110
[  244.890236][ T6314]  new_slab+0x84/0x260
[  244.894327][ T6314]  ___slab_alloc+0xdac/0x1870
[  244.899029][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  244.904425][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  244.909909][ T6314]  skb_clone+0x190/0x3f0
[  244.914180][ T6314]  hci_cmd_work+0x66a/0x710
[  244.918717][ T6314]  process_one_work+0x9c8/0x1b40
[  244.923700][ T6314]  worker_thread+0x6c8/0xf30
[  244.928335][ T6314]  kthread+0x2c4/0x3a0
[  244.932451][ T6314]  ret_from_fork+0x48/0x80
[  244.936908][ T6314]  ret_from_fork_asm+0x1a/0x30
[  244.941715][ T6314] page last free pid 1 tgid 1 stack trace:
[  244.947532][ T6314]  free_unref_page+0x64a/0xe40
[  244.952332][ T6314]  free_contig_range+0xb6/0x1a0
[  244.957220][ T6314]  destroy_args+0xa4e/0xe20
[  244.961764][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  244.966829][ T6314]  do_one_initcall+0x12b/0x700
[  244.971630][ T6314]  kernel_init_freeable+0x69d/0xca0
[  244.976870][ T6314]  kernel_init+0x1c/0x2b0
[  244.981242][ T6314]  ret_from_fork+0x48/0x80
[  244.985696][ T6314]  ret_from_fork_asm+0x1a/0x30
[  244.990509][ T6314] 
[  244.992837][ T6314] Memory state around the buggy address:
[  244.998473][ T6314]  ffff888057854800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  245.006549][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  245.014622][ T6314] >ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.022713][ T6314]                             ^
[  245.027584][ T6314]  ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  245.035695][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.043776][ T6314] ==================================================================
[  245.055977][   T53] Bluetooth: hci2: command tx timeout
[  245.073887][ T6314] ==================================================================
[  245.082114][ T6314] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x28d/0x2b0
[  245.090499][ T6314] Read of size 8 at addr ffff888057854920 by task syz-executor/6314
[  245.098513][ T6314] 
[  245.100855][ T6314] CPU: 1 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  245.112618][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  245.122721][ T6314] Call Trace:
[  245.126026][ T6314]  <TASK>
[  245.128980][ T6314]  dump_stack_lvl+0x116/0x1f0
[  245.133713][ T6314]  print_report+0xc3/0x620
[  245.138182][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.143859][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.149536][ T6314]  ? __phys_addr+0xc6/0x150
[  245.154080][ T6314]  kasan_report+0xd9/0x110
[  245.158630][ T6314]  ? skb_release_head_state+0x28d/0x2b0
[  245.164227][ T6314]  ? skb_release_head_state+0x28d/0x2b0
[  245.169829][ T6314]  skb_release_head_state+0x28d/0x2b0
[  245.175338][ T6314]  kfree_skb_reason+0xed/0x210
[  245.180175][ T6314]  __hci_req_sync+0x61d/0x980
[  245.184901][ T6314]  ? trace_contention_end+0xea/0x140
[  245.190236][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  245.195456][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  245.200156][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.205813][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.211460][ T6314]  ? hci_req_sync+0x3f/0xd0
[  245.215986][ T6314]  ? __pfx___might_resched+0x10/0x10
[  245.221295][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.226944][ T6314]  ? aa_get_newest_label+0x376/0x680
[  245.232286][ T6314]  hci_req_sync+0x97/0xd0
[  245.236685][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  245.241766][ T6314]  hci_dev_cmd+0x634/0x960
[  245.246210][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.251860][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  245.256824][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.262469][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.268112][ T6314]  ? security_capable+0x98/0xd0
[  245.272996][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  245.277697][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.283343][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  245.288571][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  245.294612][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.300295][ T6314]  sock_do_ioctl+0x119/0x280
[  245.304950][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  245.310096][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.315743][ T6314]  sock_ioctl+0x22e/0x6c0
[  245.320107][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  245.324988][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.330634][ T6314]  ? __fget_files+0x256/0x400
[  245.335352][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.341060][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  245.345945][ T6314]  __x64_sys_ioctl+0x196/0x220
[  245.350824][ T6314]  do_syscall_64+0xcd/0x250
[  245.355356][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.361301][ T6314] RIP: 0033:0x7f7f427757db
[  245.365776][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  245.385402][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  245.393857][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  245.401842][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  245.409841][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  245.417816][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  245.425792][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  245.433781][ T6314]  </TASK>
[  245.436802][ T6314] 
[  245.439127][ T6314] Allocated by task 53:
[  245.443297][ T6314]  kasan_save_stack+0x33/0x60
[  245.447982][ T6314]  kasan_save_track+0x14/0x30
[  245.452661][ T6314]  __kasan_slab_alloc+0x89/0x90
[  245.457514][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  245.462984][ T6314]  skb_clone+0x190/0x3f0
[  245.467247][ T6314]  hci_cmd_work+0x66a/0x710
[  245.471767][ T6314]  process_one_work+0x9c8/0x1b40
[  245.476732][ T6314]  worker_thread+0x6c8/0xf30
[  245.481341][ T6314]  kthread+0x2c4/0x3a0
[  245.485430][ T6314]  ret_from_fork+0x48/0x80
[  245.489870][ T6314]  ret_from_fork_asm+0x1a/0x30
[  245.494683][ T6314] 
[  245.497000][ T6314] Freed by task 53:
[  245.500798][ T6314]  kasan_save_stack+0x33/0x60
[  245.505503][ T6314]  kasan_save_track+0x14/0x30
[  245.510184][ T6314]  kasan_save_free_info+0x3b/0x60
[  245.515223][ T6314]  poison_slab_object+0xf7/0x160
[  245.520184][ T6314]  __kasan_slab_free+0x32/0x50
[  245.524952][ T6314]  kmem_cache_free+0x12f/0x3a0
[  245.529725][ T6314]  kfree_skbmem+0x10e/0x200
[  245.534253][ T6314]  kfree_skb_reason+0x138/0x210
[  245.539117][ T6314]  hci_req_sync_complete+0x16c/0x270
[  245.544442][ T6314]  hci_event_packet+0x966/0x1170
[  245.549416][ T6314]  hci_rx_work+0x2c4/0x1610
[  245.553946][ T6314]  process_one_work+0x9c8/0x1b40
[  245.558944][ T6314]  worker_thread+0x6c8/0xf30
[  245.563553][ T6314]  kthread+0x2c4/0x3a0
[  245.567736][ T6314]  ret_from_fork+0x48/0x80
[  245.572207][ T6314]  ret_from_fork_asm+0x1a/0x30
[  245.576996][ T6314] 
[  245.579320][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  245.579320][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  245.593916][ T6314] The buggy address is located 96 bytes inside of
[  245.593916][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  245.607652][ T6314] 
[  245.609972][ T6314] The buggy address belongs to the physical page:
[  245.616372][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  245.625154][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  245.632281][ T6314] page_type: 0xffffefff(slab)
[  245.636973][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  245.645587][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  245.654220][ T6314] page dumped because: kasan: bad access detected
[  245.660683][ T6314] page_owner tracks the page as allocated
[  245.666396][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  245.685380][ T6314]  post_alloc_hook+0x2d1/0x350
[  245.690177][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  245.695749][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  245.701091][ T6314]  alloc_slab_page+0x56/0x110
[  245.705814][ T6314]  new_slab+0x84/0x260
[  245.709897][ T6314]  ___slab_alloc+0xdac/0x1870
[  245.714587][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  245.719976][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  245.725457][ T6314]  skb_clone+0x190/0x3f0
[  245.729716][ T6314]  hci_cmd_work+0x66a/0x710
[  245.734235][ T6314]  process_one_work+0x9c8/0x1b40
[  245.739194][ T6314]  worker_thread+0x6c8/0xf30
[  245.743803][ T6314]  kthread+0x2c4/0x3a0
[  245.747897][ T6314]  ret_from_fork+0x48/0x80
[  245.752334][ T6314]  ret_from_fork_asm+0x1a/0x30
[  245.757121][ T6314] page last free pid 1 tgid 1 stack trace:
[  245.762921][ T6314]  free_unref_page+0x64a/0xe40
[  245.767708][ T6314]  free_contig_range+0xb6/0x1a0
[  245.772579][ T6314]  destroy_args+0xa4e/0xe20
[  245.777106][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  245.782157][ T6314]  do_one_initcall+0x12b/0x700
[  245.786947][ T6314]  kernel_init_freeable+0x69d/0xca0
[  245.792169][ T6314]  kernel_init+0x1c/0x2b0
[  245.796531][ T6314]  ret_from_fork+0x48/0x80
[  245.800993][ T6314]  ret_from_fork_asm+0x1a/0x30
[  245.805784][ T6314] 
[  245.808102][ T6314] Memory state around the buggy address:
[  245.813727][ T6314]  ffff888057854800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  245.821797][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  245.829863][ T6314] >ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.837923][ T6314]                                ^
[  245.843374][ T6314]  ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  245.851492][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.859567][ T6314] ==================================================================
[  245.910413][ T6314] ==================================================================
[  245.918524][ T6314] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x276/0x2b0
[  245.926874][ T6314] Read of size 8 at addr ffff888057854928 by task syz-executor/6314
[  245.934855][ T6314] 
[  245.937178][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  245.948915][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  245.959004][ T6314] Call Trace:
[  245.962313][ T6314]  <TASK>
[  245.965242][ T6314]  dump_stack_lvl+0x116/0x1f0
[  245.969938][ T6314]  print_report+0xc3/0x620
[  245.974393][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.980037][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  245.985711][ T6314]  ? __phys_addr+0xc6/0x150
[  245.990225][ T6314]  kasan_report+0xd9/0x110
[  245.994655][ T6314]  ? skb_release_head_state+0x276/0x2b0
[  246.000218][ T6314]  ? skb_release_head_state+0x276/0x2b0
[  246.005790][ T6314]  skb_release_head_state+0x276/0x2b0
[  246.011190][ T6314]  kfree_skb_reason+0xed/0x210
[  246.016012][ T6314]  __hci_req_sync+0x61d/0x980
[  246.020740][ T6314]  ? trace_contention_end+0xea/0x140
[  246.026085][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  246.031326][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  246.036052][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.041728][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.047410][ T6314]  ? hci_req_sync+0x3f/0xd0
[  246.051968][ T6314]  ? __pfx___might_resched+0x10/0x10
[  246.057312][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.062990][ T6314]  ? aa_get_newest_label+0x376/0x680
[  246.068347][ T6314]  hci_req_sync+0x97/0xd0
[  246.072728][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  246.077844][ T6314]  hci_dev_cmd+0x634/0x960
[  246.082317][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.087998][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  246.092991][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.098669][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.104351][ T6314]  ? security_capable+0x98/0xd0
[  246.109306][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  246.114033][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.119712][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  246.124968][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  246.130995][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.136677][ T6314]  sock_do_ioctl+0x119/0x280
[  246.141433][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  246.146630][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.152319][ T6314]  sock_ioctl+0x22e/0x6c0
[  246.156723][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  246.161645][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.167323][ T6314]  ? __fget_files+0x256/0x400
[  246.172065][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.177751][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  246.182667][ T6314]  __x64_sys_ioctl+0x196/0x220
[  246.187480][ T6314]  do_syscall_64+0xcd/0x250
[  246.192009][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.197934][ T6314] RIP: 0033:0x7f7f427757db
[  246.202360][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  246.222002][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.230434][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  246.238504][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  246.246500][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  246.254492][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  246.262492][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  246.270591][ T6314]  </TASK>
[  246.273608][ T6314] 
[  246.275928][ T6314] Allocated by task 53:
[  246.280085][ T6314]  kasan_save_stack+0x33/0x60
[  246.284948][ T6314]  kasan_save_track+0x14/0x30
[  246.289633][ T6314]  __kasan_slab_alloc+0x89/0x90
[  246.294495][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  246.299991][ T6314]  skb_clone+0x190/0x3f0
[  246.304243][ T6314]  hci_cmd_work+0x66a/0x710
[  246.308769][ T6314]  process_one_work+0x9c8/0x1b40
[  246.313756][ T6314]  worker_thread+0x6c8/0xf30
[  246.318386][ T6314]  kthread+0x2c4/0x3a0
[  246.322475][ T6314]  ret_from_fork+0x48/0x80
[  246.326916][ T6314]  ret_from_fork_asm+0x1a/0x30
[  246.331747][ T6314] 
[  246.334070][ T6314] Freed by task 53:
[  246.337877][ T6314]  kasan_save_stack+0x33/0x60
[  246.342560][ T6314]  kasan_save_track+0x14/0x30
[  246.347240][ T6314]  kasan_save_free_info+0x3b/0x60
[  246.352284][ T6314]  poison_slab_object+0xf7/0x160
[  246.357253][ T6314]  __kasan_slab_free+0x32/0x50
[  246.362053][ T6314]  kmem_cache_free+0x12f/0x3a0
[  246.366846][ T6314]  kfree_skbmem+0x10e/0x200
[  246.371373][ T6314]  kfree_skb_reason+0x138/0x210
[  246.376237][ T6314]  hci_req_sync_complete+0x16c/0x270
[  246.381546][ T6314]  hci_event_packet+0x966/0x1170
[  246.386508][ T6314]  hci_rx_work+0x2c4/0x1610
[  246.391031][ T6314]  process_one_work+0x9c8/0x1b40
[  246.395995][ T6314]  worker_thread+0x6c8/0xf30
[  246.400610][ T6314]  kthread+0x2c4/0x3a0
[  246.404700][ T6314]  ret_from_fork+0x48/0x80
[  246.409137][ T6314]  ret_from_fork_asm+0x1a/0x30
[  246.413924][ T6314] 
[  246.416241][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  246.416241][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  246.430828][ T6314] The buggy address is located 104 bytes inside of
[  246.430828][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  246.444671][ T6314] 
[  246.446994][ T6314] The buggy address belongs to the physical page:
[  246.453397][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  246.462178][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  246.469311][ T6314] page_type: 0xffffefff(slab)
[  246.473995][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  246.482596][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  246.491183][ T6314] page dumped because: kasan: bad access detected
[  246.497601][ T6314] page_owner tracks the page as allocated
[  246.503308][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  246.522272][ T6314]  post_alloc_hook+0x2d1/0x350
[  246.527066][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  246.532661][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  246.537972][ T6314]  alloc_slab_page+0x56/0x110
[  246.542673][ T6314]  new_slab+0x84/0x260
[  246.546752][ T6314]  ___slab_alloc+0xdac/0x1870
[  246.551438][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  246.556846][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  246.562317][ T6314]  skb_clone+0x190/0x3f0
[  246.566578][ T6314]  hci_cmd_work+0x66a/0x710
[  246.571129][ T6314]  process_one_work+0x9c8/0x1b40
[  246.576105][ T6314]  worker_thread+0x6c8/0xf30
[  246.580730][ T6314]  kthread+0x2c4/0x3a0
[  246.584837][ T6314]  ret_from_fork+0x48/0x80
[  246.589289][ T6314]  ret_from_fork_asm+0x1a/0x30
[  246.594088][ T6314] page last free pid 1 tgid 1 stack trace:
[  246.599903][ T6314]  free_unref_page+0x64a/0xe40
[  246.604697][ T6314]  free_contig_range+0xb6/0x1a0
[  246.609598][ T6314]  destroy_args+0xa4e/0xe20
[  246.614162][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  246.619221][ T6314]  do_one_initcall+0x12b/0x700
[  246.624019][ T6314]  kernel_init_freeable+0x69d/0xca0
[  246.629245][ T6314]  kernel_init+0x1c/0x2b0
[  246.633603][ T6314]  ret_from_fork+0x48/0x80
[  246.638043][ T6314]  ret_from_fork_asm+0x1a/0x30
[  246.642895][ T6314] 
[  246.645240][ T6314] Memory state around the buggy address:
[  246.650869][ T6314]  ffff888057854800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  246.658941][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  246.667110][ T6314] >ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  246.675201][ T6314]                                   ^
[  246.680572][ T6314]  ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  246.688664][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  246.696729][ T6314] ==================================================================
[  246.753937][ T6314] ==================================================================
[  246.762061][ T6314] BUG: KASAN: slab-use-after-free in skb_release_head_state+0x26c/0x2b0
[  246.770436][ T6314] Read of size 1 at addr ffff88805785493f by task syz-executor/6314
[  246.778422][ T6314] 
[  246.780770][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  246.792514][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  246.802583][ T6314] Call Trace:
[  246.805863][ T6314]  <TASK>
[  246.808804][ T6314]  dump_stack_lvl+0x116/0x1f0
[  246.813528][ T6314]  print_report+0xc3/0x620
[  246.817959][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.823601][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.829243][ T6314]  ? __phys_addr+0xc6/0x150
[  246.833757][ T6314]  kasan_report+0xd9/0x110
[  246.838187][ T6314]  ? skb_release_head_state+0x26c/0x2b0
[  246.843750][ T6314]  ? skb_release_head_state+0x26c/0x2b0
[  246.849326][ T6314]  skb_release_head_state+0x26c/0x2b0
[  246.854738][ T6314]  kfree_skb_reason+0xed/0x210
[  246.859543][ T6314]  __hci_req_sync+0x61d/0x980
[  246.864255][ T6314]  ? trace_contention_end+0xea/0x140
[  246.869574][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  246.874803][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  246.879522][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.885187][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.890850][ T6314]  ? hci_req_sync+0x3f/0xd0
[  246.895392][ T6314]  ? __pfx___might_resched+0x10/0x10
[  246.900749][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.906411][ T6314]  ? aa_get_newest_label+0x376/0x680
[  246.911758][ T6314]  hci_req_sync+0x97/0xd0
[  246.916148][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  246.921210][ T6314]  hci_dev_cmd+0x634/0x960
[  246.925669][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.931332][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  246.936311][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.942062][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.947726][ T6314]  ? security_capable+0x98/0xd0
[  246.952636][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  246.957350][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.963012][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  246.968244][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  246.974259][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.979932][ T6314]  sock_do_ioctl+0x119/0x280
[  246.984572][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  246.989738][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  246.995406][ T6314]  sock_ioctl+0x22e/0x6c0
[  246.999812][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  247.004716][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.010413][ T6314]  ? __fget_files+0x256/0x400
[  247.015164][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.020838][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  247.025744][ T6314]  __x64_sys_ioctl+0x196/0x220
[  247.030558][ T6314]  do_syscall_64+0xcd/0x250
[  247.035112][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.041065][ T6314] RIP: 0033:0x7f7f427757db
[  247.045500][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  247.065148][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  247.073595][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  247.081600][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  247.089634][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  247.097631][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  247.105621][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  247.113631][ T6314]  </TASK>
[  247.116664][ T6314] 
[  247.118991][ T6314] Allocated by task 53:
[  247.123184][ T6314]  kasan_save_stack+0x33/0x60
[  247.127887][ T6314]  kasan_save_track+0x14/0x30
[  247.132584][ T6314]  __kasan_slab_alloc+0x89/0x90
[  247.137490][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  247.142978][ T6314]  skb_clone+0x190/0x3f0
[  247.147249][ T6314]  hci_cmd_work+0x66a/0x710
[  247.151785][ T6314]  process_one_work+0x9c8/0x1b40
[  247.156757][ T6314]  worker_thread+0x6c8/0xf30
[  247.161381][ T6314]  kthread+0x2c4/0x3a0
[  247.165524][ T6314]  ret_from_fork+0x48/0x80
[  247.170022][ T6314]  ret_from_fork_asm+0x1a/0x30
[  247.174846][ T6314] 
[  247.177176][ T6314] Freed by task 53:
[  247.180995][ T6314]  kasan_save_stack+0x33/0x60
[  247.185696][ T6314]  kasan_save_track+0x14/0x30
[  247.190403][ T6314]  kasan_save_free_info+0x3b/0x60
[  247.195482][ T6314]  poison_slab_object+0xf7/0x160
[  247.200482][ T6314]  __kasan_slab_free+0x32/0x50
[  247.205279][ T6314]  kmem_cache_free+0x12f/0x3a0
[  247.210071][ T6314]  kfree_skbmem+0x10e/0x200
[  247.214625][ T6314]  kfree_skb_reason+0x138/0x210
[  247.219519][ T6314]  hci_req_sync_complete+0x16c/0x270
[  247.224834][ T6314]  hci_event_packet+0x966/0x1170
[  247.229824][ T6314]  hci_rx_work+0x2c4/0x1610
[  247.234374][ T6314]  process_one_work+0x9c8/0x1b40
[  247.239358][ T6314]  worker_thread+0x6c8/0xf30
[  247.243993][ T6314]  kthread+0x2c4/0x3a0
[  247.248118][ T6314]  ret_from_fork+0x48/0x80
[  247.252675][ T6314]  ret_from_fork_asm+0x1a/0x30
[  247.257495][ T6314] 
[  247.259835][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  247.259835][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  247.274440][ T6314] The buggy address is located 127 bytes inside of
[  247.274440][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  247.288278][ T6314] 
[  247.290614][ T6314] The buggy address belongs to the physical page:
[  247.297033][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  247.305819][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  247.312946][ T6314] page_type: 0xffffefff(slab)
[  247.317649][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  247.326344][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  247.334944][ T6314] page dumped because: kasan: bad access detected
[  247.341369][ T6314] page_owner tracks the page as allocated
[  247.347089][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  247.366066][ T6314]  post_alloc_hook+0x2d1/0x350
[  247.370874][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  247.376547][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  247.381873][ T6314]  alloc_slab_page+0x56/0x110
[  247.386599][ T6314]  new_slab+0x84/0x260
[  247.390704][ T6314]  ___slab_alloc+0xdac/0x1870
[  247.395430][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  247.400838][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  247.406330][ T6314]  skb_clone+0x190/0x3f0
[  247.410607][ T6314]  hci_cmd_work+0x66a/0x710
[  247.415146][ T6314]  process_one_work+0x9c8/0x1b40
[  247.420120][ T6314]  worker_thread+0x6c8/0xf30
[  247.424744][ T6314]  kthread+0x2c4/0x3a0
[  247.428857][ T6314]  ret_from_fork+0x48/0x80
[  247.433313][ T6314]  ret_from_fork_asm+0x1a/0x30
[  247.438205][ T6314] page last free pid 1 tgid 1 stack trace:
[  247.444016][ T6314]  free_unref_page+0x64a/0xe40
[  247.448821][ T6314]  free_contig_range+0xb6/0x1a0
[  247.453709][ T6314]  destroy_args+0xa4e/0xe20
[  247.458254][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  247.463321][ T6314]  do_one_initcall+0x12b/0x700
[  247.468126][ T6314]  kernel_init_freeable+0x69d/0xca0
[  247.473369][ T6314]  kernel_init+0x1c/0x2b0
[  247.477746][ T6314]  ret_from_fork+0x48/0x80
[  247.482211][ T6314]  ret_from_fork_asm+0x1a/0x30
[  247.487027][ T6314] 
[  247.489357][ T6314] Memory state around the buggy address:
[  247.495085][ T6314]  ffff888057854800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  247.503166][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  247.511247][ T6314] >ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  247.519319][ T6314]                                         ^
[  247.525219][ T6314]  ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  247.533298][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  247.541370][ T6314] ==================================================================
[  247.576601][ T5097] Bluetooth: hci2: command tx timeout
[  247.606719][ T6314] ==================================================================
[  247.614845][ T6314] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x1ff/0x210
[  247.622703][ T6314] Read of size 8 at addr ffff888057854990 by task syz-executor/6314
[  247.630691][ T6314] 
[  247.633014][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  247.644754][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  247.654901][ T6314] Call Trace:
[  247.658181][ T6314]  <TASK>
[  247.661115][ T6314]  dump_stack_lvl+0x116/0x1f0
[  247.665849][ T6314]  print_report+0xc3/0x620
[  247.670288][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.675967][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.681751][ T6314]  ? __phys_addr+0xc6/0x150
[  247.686311][ T6314]  kasan_report+0xd9/0x110
[  247.690783][ T6314]  ? kfree_skb_reason+0x1ff/0x210
[  247.695858][ T6314]  ? kfree_skb_reason+0x1ff/0x210
[  247.700914][ T6314]  kfree_skb_reason+0x1ff/0x210
[  247.705796][ T6314]  __hci_req_sync+0x61d/0x980
[  247.710505][ T6314]  ? trace_contention_end+0xea/0x140
[  247.715811][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  247.721035][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  247.725769][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.731442][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.737109][ T6314]  ? hci_req_sync+0x3f/0xd0
[  247.741652][ T6314]  ? __pfx___might_resched+0x10/0x10
[  247.746980][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.752643][ T6314]  ? aa_get_newest_label+0x376/0x680
[  247.757988][ T6314]  hci_req_sync+0x97/0xd0
[  247.762353][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  247.767420][ T6314]  hci_dev_cmd+0x634/0x960
[  247.771885][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.777643][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  247.782624][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.788286][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.793948][ T6314]  ? security_capable+0x98/0xd0
[  247.798864][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  247.803587][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.809286][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  247.814545][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  247.820574][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.826249][ T6314]  sock_do_ioctl+0x119/0x280
[  247.830893][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  247.836061][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.841737][ T6314]  sock_ioctl+0x22e/0x6c0
[  247.846118][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  247.851017][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.856683][ T6314]  ? __fget_files+0x256/0x400
[  247.861408][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  247.867078][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  247.872000][ T6314]  __x64_sys_ioctl+0x196/0x220
[  247.876831][ T6314]  do_syscall_64+0xcd/0x250
[  247.881379][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.887328][ T6314] RIP: 0033:0x7f7f427757db
[  247.891759][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  247.911413][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  247.919868][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  247.927863][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  247.935855][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  247.943848][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  247.951836][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  247.959840][ T6314]  </TASK>
[  247.962868][ T6314] 
[  247.965193][ T6314] Allocated by task 53:
[  247.969355][ T6314]  kasan_save_stack+0x33/0x60
[  247.974060][ T6314]  kasan_save_track+0x14/0x30
[  247.978760][ T6314]  __kasan_slab_alloc+0x89/0x90
[  247.983636][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  247.989127][ T6314]  skb_clone+0x190/0x3f0
[  247.993398][ T6314]  hci_cmd_work+0x66a/0x710
[  247.998029][ T6314]  process_one_work+0x9c8/0x1b40
[  248.003006][ T6314]  worker_thread+0x6c8/0xf30
[  248.007636][ T6314]  kthread+0x2c4/0x3a0
[  248.011751][ T6314]  ret_from_fork+0x48/0x80
[  248.016211][ T6314]  ret_from_fork_asm+0x1a/0x30
[  248.021023][ T6314] 
[  248.023354][ T6314] Freed by task 53:
[  248.027166][ T6314]  kasan_save_stack+0x33/0x60
[  248.031869][ T6314]  kasan_save_track+0x14/0x30
[  248.036568][ T6314]  kasan_save_free_info+0x3b/0x60
[  248.041631][ T6314]  poison_slab_object+0xf7/0x160
[  248.046617][ T6314]  __kasan_slab_free+0x32/0x50
[  248.051402][ T6314]  kmem_cache_free+0x12f/0x3a0
[  248.056195][ T6314]  kfree_skbmem+0x10e/0x200
[  248.060745][ T6314]  kfree_skb_reason+0x138/0x210
[  248.065888][ T6314]  hci_req_sync_complete+0x16c/0x270
[  248.071202][ T6314]  hci_event_packet+0x966/0x1170
[  248.076171][ T6314]  hci_rx_work+0x2c4/0x1610
[  248.080708][ T6314]  process_one_work+0x9c8/0x1b40
[  248.085679][ T6314]  worker_thread+0x6c8/0xf30
[  248.090303][ T6314]  kthread+0x2c4/0x3a0
[  248.094415][ T6314]  ret_from_fork+0x48/0x80
[  248.098881][ T6314]  ret_from_fork_asm+0x1a/0x30
[  248.103695][ T6314] 
[  248.106024][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  248.106024][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  248.120644][ T6314] The buggy address is located 208 bytes inside of
[  248.120644][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  248.134496][ T6314] 
[  248.136837][ T6314] The buggy address belongs to the physical page:
[  248.143254][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  248.152040][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  248.159169][ T6314] page_type: 0xffffefff(slab)
[  248.163871][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  248.172495][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  248.181100][ T6314] page dumped because: kasan: bad access detected
[  248.187528][ T6314] page_owner tracks the page as allocated
[  248.193274][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  248.212353][ T6314]  post_alloc_hook+0x2d1/0x350
[  248.217175][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  248.222775][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  248.228111][ T6314]  alloc_slab_page+0x56/0x110
[  248.232832][ T6314]  new_slab+0x84/0x260
[  248.236930][ T6314]  ___slab_alloc+0xdac/0x1870
[  248.241634][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  248.247033][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  248.252523][ T6314]  skb_clone+0x190/0x3f0
[  248.256800][ T6314]  hci_cmd_work+0x66a/0x710
[  248.261341][ T6314]  process_one_work+0x9c8/0x1b40
[  248.266315][ T6314]  worker_thread+0x6c8/0xf30
[  248.270941][ T6314]  kthread+0x2c4/0x3a0
[  248.275054][ T6314]  ret_from_fork+0x48/0x80
[  248.279526][ T6314]  ret_from_fork_asm+0x1a/0x30
[  248.284340][ T6314] page last free pid 1 tgid 1 stack trace:
[  248.290156][ T6314]  free_unref_page+0x64a/0xe40
[  248.294960][ T6314]  free_contig_range+0xb6/0x1a0
[  248.299852][ T6314]  destroy_args+0xa4e/0xe20
[  248.304403][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  248.309488][ T6314]  do_one_initcall+0x12b/0x700
[  248.314299][ T6314]  kernel_init_freeable+0x69d/0xca0
[  248.319549][ T6314]  kernel_init+0x1c/0x2b0
[  248.323922][ T6314]  ret_from_fork+0x48/0x80
[  248.328377][ T6314]  ret_from_fork_asm+0x1a/0x30
[  248.333183][ T6314] 
[  248.335510][ T6314] Memory state around the buggy address:
[  248.341151][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  248.349270][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  248.357352][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  248.365426][ T6314]                          ^
[  248.370029][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  248.378112][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  248.386188][ T6314] ==================================================================
[  248.429885][ T6314] ==================================================================
[  248.438020][ T6314] BUG: KASAN: slab-use-after-free in skb_release_data+0x8c6/0x980
[  248.445887][ T6314] Read of size 8 at addr ffff888057854990 by task syz-executor/6314
[  248.453906][ T6314] 
[  248.456246][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  248.468002][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  248.478089][ T6314] Call Trace:
[  248.481393][ T6314]  <TASK>
[  248.484343][ T6314]  dump_stack_lvl+0x116/0x1f0
[  248.489071][ T6314]  print_report+0xc3/0x620
[  248.493535][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.499206][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.504875][ T6314]  ? __phys_addr+0xc6/0x150
[  248.509418][ T6314]  kasan_report+0xd9/0x110
[  248.513878][ T6314]  ? skb_release_data+0x8c6/0x980
[  248.518952][ T6314]  ? skb_release_data+0x8c6/0x980
[  248.524024][ T6314]  skb_release_data+0x8c6/0x980
[  248.528923][ T6314]  kfree_skb_reason+0x12b/0x210
[  248.533817][ T6314]  __hci_req_sync+0x61d/0x980
[  248.538542][ T6314]  ? trace_contention_end+0xea/0x140
[  248.543869][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  248.549106][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  248.553826][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.559499][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.565171][ T6314]  ? hci_req_sync+0x3f/0xd0
[  248.569718][ T6314]  ? __pfx___might_resched+0x10/0x10
[  248.575044][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.580711][ T6314]  ? aa_get_newest_label+0x376/0x680
[  248.586057][ T6314]  hci_req_sync+0x97/0xd0
[  248.590426][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  248.595492][ T6314]  hci_dev_cmd+0x634/0x960
[  248.599958][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.605622][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  248.610630][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.616316][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.621997][ T6314]  ? security_capable+0x98/0xd0
[  248.626921][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  248.631644][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.637315][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  248.642558][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  248.648580][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.654253][ T6314]  sock_do_ioctl+0x119/0x280
[  248.658894][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  248.664061][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.669732][ T6314]  sock_ioctl+0x22e/0x6c0
[  248.674118][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  248.679021][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.684685][ T6314]  ? __fget_files+0x256/0x400
[  248.689419][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  248.695086][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  248.699995][ T6314]  __x64_sys_ioctl+0x196/0x220
[  248.704842][ T6314]  do_syscall_64+0xcd/0x250
[  248.709529][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.715478][ T6314] RIP: 0033:0x7f7f427757db
[  248.719922][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  248.739566][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  248.748015][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  248.756011][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  248.764016][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  248.772036][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  248.780044][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  248.788083][ T6314]  </TASK>
[  248.791150][ T6314] 
[  248.793491][ T6314] Allocated by task 53:
[  248.797662][ T6314]  kasan_save_stack+0x33/0x60
[  248.802376][ T6314]  kasan_save_track+0x14/0x30
[  248.807081][ T6314]  __kasan_slab_alloc+0x89/0x90
[  248.811957][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  248.817449][ T6314]  skb_clone+0x190/0x3f0
[  248.821728][ T6314]  hci_cmd_work+0x66a/0x710
[  248.826263][ T6314]  process_one_work+0x9c8/0x1b40
[  248.831241][ T6314]  worker_thread+0x6c8/0xf30
[  248.835867][ T6314]  kthread+0x2c4/0x3a0
[  248.839979][ T6314]  ret_from_fork+0x48/0x80
[  248.844434][ T6314]  ret_from_fork_asm+0x1a/0x30
[  248.849244][ T6314] 
[  248.851572][ T6314] Freed by task 53:
[  248.855382][ T6314]  kasan_save_stack+0x33/0x60
[  248.860102][ T6314]  kasan_save_track+0x14/0x30
[  248.864800][ T6314]  kasan_save_free_info+0x3b/0x60
[  248.869859][ T6314]  poison_slab_object+0xf7/0x160
[  248.874847][ T6314]  __kasan_slab_free+0x32/0x50
[  248.879641][ T6314]  kmem_cache_free+0x12f/0x3a0
[  248.884430][ T6314]  kfree_skbmem+0x10e/0x200
[  248.888986][ T6314]  kfree_skb_reason+0x138/0x210
[  248.893875][ T6314]  hci_req_sync_complete+0x16c/0x270
[  248.899193][ T6314]  hci_event_packet+0x966/0x1170
[  248.904156][ T6314]  hci_rx_work+0x2c4/0x1610
[  248.908693][ T6314]  process_one_work+0x9c8/0x1b40
[  248.913664][ T6314]  worker_thread+0x6c8/0xf30
[  248.918287][ T6314]  kthread+0x2c4/0x3a0
[  248.922400][ T6314]  ret_from_fork+0x48/0x80
[  248.926867][ T6314]  ret_from_fork_asm+0x1a/0x30
[  248.931686][ T6314] 
[  248.934015][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  248.934015][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  248.948614][ T6314] The buggy address is located 208 bytes inside of
[  248.948614][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  248.962441][ T6314] 
[  248.964773][ T6314] The buggy address belongs to the physical page:
[  248.971190][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  248.979972][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  248.987102][ T6314] page_type: 0xffffefff(slab)
[  248.991802][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  249.000408][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  249.009091][ T6314] page dumped because: kasan: bad access detected
[  249.015511][ T6314] page_owner tracks the page as allocated
[  249.021234][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  249.040240][ T6314]  post_alloc_hook+0x2d1/0x350
[  249.045053][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  249.050644][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  249.055970][ T6314]  alloc_slab_page+0x56/0x110
[  249.060688][ T6314]  new_slab+0x84/0x260
[  249.064780][ T6314]  ___slab_alloc+0xdac/0x1870
[  249.069481][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  249.074884][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  249.080370][ T6314]  skb_clone+0x190/0x3f0
[  249.084643][ T6314]  hci_cmd_work+0x66a/0x710
[  249.089182][ T6314]  process_one_work+0x9c8/0x1b40
[  249.094154][ T6314]  worker_thread+0x6c8/0xf30
[  249.098773][ T6314]  kthread+0x2c4/0x3a0
[  249.102972][ T6314]  ret_from_fork+0x48/0x80
[  249.107431][ T6314]  ret_from_fork_asm+0x1a/0x30
[  249.112241][ T6314] page last free pid 1 tgid 1 stack trace:
[  249.118143][ T6314]  free_unref_page+0x64a/0xe40
[  249.122948][ T6314]  free_contig_range+0xb6/0x1a0
[  249.127842][ T6314]  destroy_args+0xa4e/0xe20
[  249.132389][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  249.137459][ T6314]  do_one_initcall+0x12b/0x700
[  249.142268][ T6314]  kernel_init_freeable+0x69d/0xca0
[  249.147507][ T6314]  kernel_init+0x1c/0x2b0
[  249.152063][ T6314]  ret_from_fork+0x48/0x80
[  249.156534][ T6314]  ret_from_fork_asm+0x1a/0x30
[  249.161350][ T6314] 
[  249.163677][ T6314] Memory state around the buggy address:
[  249.169318][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  249.177484][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  249.185579][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  249.193655][ T6314]                          ^
[  249.198255][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  249.206331][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  249.214405][ T6314] ==================================================================
[  249.240224][ T6314] ==================================================================
[  249.248341][ T6314] BUG: KASAN: slab-use-after-free in skb_release_data+0x813/0x980
[  249.256199][ T6314] Read of size 4 at addr ffff88805785498c by task syz-executor/6314
[  249.264208][ T6314] 
[  249.266553][ T6314] CPU: 1 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  249.278290][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  249.288377][ T6314] Call Trace:
[  249.291676][ T6314]  <TASK>
[  249.294627][ T6314]  dump_stack_lvl+0x116/0x1f0
[  249.299364][ T6314]  print_report+0xc3/0x620
[  249.303829][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.309523][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.315168][ T6314]  ? __phys_addr+0xc6/0x150
[  249.319694][ T6314]  kasan_report+0xd9/0x110
[  249.324151][ T6314]  ? skb_release_data+0x813/0x980
[  249.329220][ T6314]  ? skb_release_data+0x813/0x980
[  249.334298][ T6314]  skb_release_data+0x813/0x980
[  249.339204][ T6314]  kfree_skb_reason+0x12b/0x210
[  249.344109][ T6314]  __hci_req_sync+0x61d/0x980
[  249.348837][ T6314]  ? trace_contention_end+0xea/0x140
[  249.354170][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  249.359414][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  249.364145][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.369832][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.375509][ T6314]  ? hci_req_sync+0x3f/0xd0
[  249.380070][ T6314]  ? __pfx___might_resched+0x10/0x10
[  249.385410][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.391082][ T6314]  ? aa_get_newest_label+0x376/0x680
[  249.396438][ T6314]  hci_req_sync+0x97/0xd0
[  249.400818][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  249.405886][ T6314]  hci_dev_cmd+0x634/0x960
[  249.410357][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.416030][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  249.421023][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.426697][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.432413][ T6314]  ? security_capable+0x98/0xd0
[  249.437334][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  249.442057][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.447726][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  249.452961][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  249.458974][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.464641][ T6314]  sock_do_ioctl+0x119/0x280
[  249.469278][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  249.474442][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.480111][ T6314]  sock_ioctl+0x22e/0x6c0
[  249.484491][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  249.489481][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.495146][ T6314]  ? __fget_files+0x256/0x400
[  249.499877][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.505541][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  249.510441][ T6314]  __x64_sys_ioctl+0x196/0x220
[  249.515249][ T6314]  do_syscall_64+0xcd/0x250
[  249.519805][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.525751][ T6314] RIP: 0033:0x7f7f427757db
[  249.530189][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  249.549839][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  249.558284][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  249.566302][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  249.574306][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  249.582300][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  249.590294][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  249.598300][ T6314]  </TASK>
[  249.601330][ T6314] 
[  249.603655][ T6314] Allocated by task 53:
[  249.607824][ T6314]  kasan_save_stack+0x33/0x60
[  249.612527][ T6314]  kasan_save_track+0x14/0x30
[  249.617222][ T6314]  __kasan_slab_alloc+0x89/0x90
[  249.622096][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  249.627582][ T6314]  skb_clone+0x190/0x3f0
[  249.631852][ T6314]  hci_cmd_work+0x66a/0x710
[  249.636388][ T6314]  process_one_work+0x9c8/0x1b40
[  249.641368][ T6314]  worker_thread+0x6c8/0xf30
[  249.645995][ T6314]  kthread+0x2c4/0x3a0
[  249.650110][ T6314]  ret_from_fork+0x48/0x80
[  249.654573][ T6314]  ret_from_fork_asm+0x1a/0x30
[  249.659386][ T6314] 
[  249.661746][ T6314] Freed by task 53:
[  249.665582][ T6314]  kasan_save_stack+0x33/0x60
[  249.670296][ T6314]  kasan_save_track+0x14/0x30
[  249.674998][ T6314]  kasan_save_free_info+0x3b/0x60
[  249.680067][ T6314]  poison_slab_object+0xf7/0x160
[  249.685056][ T6314]  __kasan_slab_free+0x32/0x50
[  249.689849][ T6314]  kmem_cache_free+0x12f/0x3a0
[  249.694643][ T6314]  kfree_skbmem+0x10e/0x200
[  249.699198][ T6314]  kfree_skb_reason+0x138/0x210
[  249.704094][ T6314]  hci_req_sync_complete+0x16c/0x270
[  249.709502][ T6314]  hci_event_packet+0x966/0x1170
[  249.714468][ T6314]  hci_rx_work+0x2c4/0x1610
[  249.719005][ T6314]  process_one_work+0x9c8/0x1b40
[  249.723977][ T6314]  worker_thread+0x6c8/0xf30
[  249.728607][ T6314]  kthread+0x2c4/0x3a0
[  249.732720][ T6314]  ret_from_fork+0x48/0x80
[  249.737183][ T6314]  ret_from_fork_asm+0x1a/0x30
[  249.741999][ T6314] 
[  249.744331][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  249.744331][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  249.758939][ T6314] The buggy address is located 204 bytes inside of
[  249.758939][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  249.772778][ T6314] 
[  249.775110][ T6314] The buggy address belongs to the physical page:
[  249.781532][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  249.790323][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  249.797454][ T6314] page_type: 0xffffefff(slab)
[  249.802157][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  249.810770][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  249.819373][ T6314] page dumped because: kasan: bad access detected
[  249.825801][ T6314] page_owner tracks the page as allocated
[  249.831522][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  249.850510][ T6314]  post_alloc_hook+0x2d1/0x350
[  249.855324][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  249.860925][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  249.866257][ T6314]  alloc_slab_page+0x56/0x110
[  249.870982][ T6314]  new_slab+0x84/0x260
[  249.875080][ T6314]  ___slab_alloc+0xdac/0x1870
[  249.879790][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  249.885191][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  249.890686][ T6314]  skb_clone+0x190/0x3f0
[  249.894960][ T6314]  hci_cmd_work+0x66a/0x710
[  249.899500][ T6314]  process_one_work+0x9c8/0x1b40
[  249.904476][ T6314]  worker_thread+0x6c8/0xf30
[  249.909106][ T6314]  kthread+0x2c4/0x3a0
[  249.913223][ T6314]  ret_from_fork+0x48/0x80
[  249.917685][ T6314]  ret_from_fork_asm+0x1a/0x30
[  249.922495][ T6314] page last free pid 1 tgid 1 stack trace:
[  249.928310][ T6314]  free_unref_page+0x64a/0xe40
[  249.933113][ T6314]  free_contig_range+0xb6/0x1a0
[  249.938010][ T6314]  destroy_args+0xa4e/0xe20
[  249.942565][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  249.947648][ T6314]  do_one_initcall+0x12b/0x700
[  249.952462][ T6314]  kernel_init_freeable+0x69d/0xca0
[  249.957707][ T6314]  kernel_init+0x1c/0x2b0
[  249.962091][ T6314]  ret_from_fork+0x48/0x80
[  249.966552][ T6314]  ret_from_fork_asm+0x1a/0x30
[  249.971360][ T6314] 
[  249.973684][ T6314] Memory state around the buggy address:
[  249.979331][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  249.987418][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  249.995500][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  250.003578][ T6314]                       ^
[  250.007923][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  250.016003][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  250.024078][ T6314] ==================================================================
[  250.041652][ T5097] Bluetooth: hci2: command tx timeout
[  250.049432][ T6314] ==================================================================
[  250.057539][ T6314] BUG: KASAN: slab-use-after-free in skb_release_data+0x806/0x980
[  250.065453][ T6314] Read of size 1 at addr ffff88805785493e by task syz-executor/6314
[  250.073472][ T6314] 
[  250.075816][ T6314] CPU: 1 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  250.087573][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  250.097654][ T6314] Call Trace:
[  250.100945][ T6314]  <TASK>
[  250.103886][ T6314]  dump_stack_lvl+0x116/0x1f0
[  250.108607][ T6314]  print_report+0xc3/0x620
[  250.113055][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.118717][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.124385][ T6314]  ? __phys_addr+0xc6/0x150
[  250.128922][ T6314]  kasan_report+0xd9/0x110
[  250.133373][ T6314]  ? skb_release_data+0x806/0x980
[  250.138435][ T6314]  ? skb_release_data+0x806/0x980
[  250.143503][ T6314]  skb_release_data+0x806/0x980
[  250.148403][ T6314]  kfree_skb_reason+0x12b/0x210
[  250.153298][ T6314]  __hci_req_sync+0x61d/0x980
[  250.158015][ T6314]  ? trace_contention_end+0xea/0x140
[  250.163340][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  250.168574][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  250.173324][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.178992][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.184747][ T6314]  ? hci_req_sync+0x3f/0xd0
[  250.189304][ T6314]  ? __pfx___might_resched+0x10/0x10
[  250.194637][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.200304][ T6314]  ? aa_get_newest_label+0x376/0x680
[  250.205649][ T6314]  hci_req_sync+0x97/0xd0
[  250.210016][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  250.215074][ T6314]  hci_dev_cmd+0x634/0x960
[  250.219533][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.225199][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  250.230184][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.235858][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.241525][ T6314]  ? security_capable+0x98/0xd0
[  250.246432][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  250.251155][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.256826][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  250.262064][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  250.268081][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.273751][ T6314]  sock_do_ioctl+0x119/0x280
[  250.278397][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  250.283570][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.289239][ T6314]  sock_ioctl+0x22e/0x6c0
[  250.293625][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  250.298529][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.304195][ T6314]  ? __fget_files+0x256/0x400
[  250.308919][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.314584][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  250.319484][ T6314]  __x64_sys_ioctl+0x196/0x220
[  250.324295][ T6314]  do_syscall_64+0xcd/0x250
[  250.328860][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.334814][ T6314] RIP: 0033:0x7f7f427757db
[  250.339253][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  250.358910][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  250.367362][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  250.375357][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  250.383354][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  250.391348][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  250.399342][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  250.407356][ T6314]  </TASK>
[  250.410400][ T6314] 
[  250.412739][ T6314] Allocated by task 53:
[  250.416912][ T6314]  kasan_save_stack+0x33/0x60
[  250.421632][ T6314]  kasan_save_track+0x14/0x30
[  250.426331][ T6314]  __kasan_slab_alloc+0x89/0x90
[  250.431206][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  250.436705][ T6314]  skb_clone+0x190/0x3f0
[  250.440976][ T6314]  hci_cmd_work+0x66a/0x710
[  250.445520][ T6314]  process_one_work+0x9c8/0x1b40
[  250.450496][ T6314]  worker_thread+0x6c8/0xf30
[  250.455123][ T6314]  kthread+0x2c4/0x3a0
[  250.459239][ T6314]  ret_from_fork+0x48/0x80
[  250.463699][ T6314]  ret_from_fork_asm+0x1a/0x30
[  250.468520][ T6314] 
[  250.470850][ T6314] Freed by task 53:
[  250.474699][ T6314]  kasan_save_stack+0x33/0x60
[  250.479553][ T6314]  kasan_save_track+0x14/0x30
[  250.484250][ T6314]  kasan_save_free_info+0x3b/0x60
[  250.489315][ T6314]  poison_slab_object+0xf7/0x160
[  250.494392][ T6314]  __kasan_slab_free+0x32/0x50
[  250.499179][ T6314]  kmem_cache_free+0x12f/0x3a0
[  250.503965][ T6314]  kfree_skbmem+0x10e/0x200
[  250.508516][ T6314]  kfree_skb_reason+0x138/0x210
[  250.513396][ T6314]  hci_req_sync_complete+0x16c/0x270
[  250.518765][ T6314]  hci_event_packet+0x966/0x1170
[  250.523743][ T6314]  hci_rx_work+0x2c4/0x1610
[  250.528288][ T6314]  process_one_work+0x9c8/0x1b40
[  250.533259][ T6314]  worker_thread+0x6c8/0xf30
[  250.537882][ T6314]  kthread+0x2c4/0x3a0
[  250.541995][ T6314]  ret_from_fork+0x48/0x80
[  250.546454][ T6314]  ret_from_fork_asm+0x1a/0x30
[  250.551269][ T6314] 
[  250.553598][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  250.553598][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  250.568218][ T6314] The buggy address is located 126 bytes inside of
[  250.568218][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  250.582051][ T6314] 
[  250.584378][ T6314] The buggy address belongs to the physical page:
[  250.590798][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  250.599581][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  250.607098][ T6314] page_type: 0xffffefff(slab)
[  250.611819][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  250.620430][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  250.629051][ T6314] page dumped because: kasan: bad access detected
[  250.635482][ T6314] page_owner tracks the page as allocated
[  250.641206][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  250.660193][ T6314]  post_alloc_hook+0x2d1/0x350
[  250.665002][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  250.670595][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  250.675922][ T6314]  alloc_slab_page+0x56/0x110
[  250.680730][ T6314]  new_slab+0x84/0x260
[  250.684835][ T6314]  ___slab_alloc+0xdac/0x1870
[  250.689544][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  250.694943][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  250.700429][ T6314]  skb_clone+0x190/0x3f0
[  250.704703][ T6314]  hci_cmd_work+0x66a/0x710
[  250.709238][ T6314]  process_one_work+0x9c8/0x1b40
[  250.714211][ T6314]  worker_thread+0x6c8/0xf30
[  250.718834][ T6314]  kthread+0x2c4/0x3a0
[  250.722945][ T6314]  ret_from_fork+0x48/0x80
[  250.727406][ T6314]  ret_from_fork_asm+0x1a/0x30
[  250.732303][ T6314] page last free pid 1 tgid 1 stack trace:
[  250.738118][ T6314]  free_unref_page+0x64a/0xe40
[  250.742922][ T6314]  free_contig_range+0xb6/0x1a0
[  250.747941][ T6314]  destroy_args+0xa4e/0xe20
[  250.752495][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  250.757574][ T6314]  do_one_initcall+0x12b/0x700
[  250.762563][ T6314]  kernel_init_freeable+0x69d/0xca0
[  250.767826][ T6314]  kernel_init+0x1c/0x2b0
[  250.772199][ T6314]  ret_from_fork+0x48/0x80
[  250.776658][ T6314]  ret_from_fork_asm+0x1a/0x30
[  250.781494][ T6314] 
[  250.783821][ T6314] Memory state around the buggy address:
[  250.789465][ T6314]  ffff888057854800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[  250.797579][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  250.805661][ T6314] >ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  250.813742][ T6314]                                         ^
[  250.819647][ T6314]  ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  250.827737][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  250.835898][ T6314] ==================================================================
[  250.860190][ T6314] ==================================================================
[  250.868355][ T6314] BUG: KASAN: slab-use-after-free in skb_release_data+0x8dd/0x980
[  250.876263][ T6314] Read of size 8 at addr ffff888057854990 by task syz-executor/6314
[  250.884266][ T6314] 
[  250.886593][ T6314] CPU: 1 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  250.898348][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  250.908410][ T6314] Call Trace:
[  250.911692][ T6314]  <TASK>
[  250.914649][ T6314]  dump_stack_lvl+0x116/0x1f0
[  250.919361][ T6314]  print_report+0xc3/0x620
[  250.923797][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.929465][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.935114][ T6314]  ? __phys_addr+0xc6/0x150
[  250.939632][ T6314]  kasan_report+0xd9/0x110
[  250.944064][ T6314]  ? skb_release_data+0x8dd/0x980
[  250.949107][ T6314]  ? skb_release_data+0x8dd/0x980
[  250.954177][ T6314]  skb_release_data+0x8dd/0x980
[  250.959054][ T6314]  kfree_skb_reason+0x12b/0x210
[  250.963927][ T6314]  __hci_req_sync+0x61d/0x980
[  250.968626][ T6314]  ? trace_contention_end+0xea/0x140
[  250.973930][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  250.979145][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  250.983842][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.989493][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  250.995140][ T6314]  ? hci_req_sync+0x3f/0xd0
[  250.999670][ T6314]  ? __pfx___might_resched+0x10/0x10
[  251.005001][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.010652][ T6314]  ? aa_get_newest_label+0x376/0x680
[  251.015972][ T6314]  hci_req_sync+0x97/0xd0
[  251.020317][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  251.025381][ T6314]  hci_dev_cmd+0x634/0x960
[  251.029840][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.035524][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  251.040492][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.046147][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.051796][ T6314]  ? security_capable+0x98/0xd0
[  251.056689][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  251.061390][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.067042][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  251.072268][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  251.078269][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.083923][ T6314]  sock_do_ioctl+0x119/0x280
[  251.088556][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  251.093713][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.099363][ T6314]  sock_ioctl+0x22e/0x6c0
[  251.103723][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  251.108608][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.114256][ T6314]  ? __fget_files+0x256/0x400
[  251.118960][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.124606][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  251.129483][ T6314]  __x64_sys_ioctl+0x196/0x220
[  251.134279][ T6314]  do_syscall_64+0xcd/0x250
[  251.138806][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.144732][ T6314] RIP: 0033:0x7f7f427757db
[  251.149162][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  251.168797][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  251.177231][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  251.185209][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  251.193304][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  251.201286][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  251.209273][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  251.217267][ T6314]  </TASK>
[  251.220285][ T6314] 
[  251.222601][ T6314] Allocated by task 53:
[  251.226752][ T6314]  kasan_save_stack+0x33/0x60
[  251.231440][ T6314]  kasan_save_track+0x14/0x30
[  251.236121][ T6314]  __kasan_slab_alloc+0x89/0x90
[  251.240979][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  251.246458][ T6314]  skb_clone+0x190/0x3f0
[  251.250731][ T6314]  hci_cmd_work+0x66a/0x710
[  251.255247][ T6314]  process_one_work+0x9c8/0x1b40
[  251.260200][ T6314]  worker_thread+0x6c8/0xf30
[  251.264804][ T6314]  kthread+0x2c4/0x3a0
[  251.268899][ T6314]  ret_from_fork+0x48/0x80
[  251.273338][ T6314]  ret_from_fork_asm+0x1a/0x30
[  251.278130][ T6314] 
[  251.280452][ T6314] Freed by task 53:
[  251.284252][ T6314]  kasan_save_stack+0x33/0x60
[  251.288959][ T6314]  kasan_save_track+0x14/0x30
[  251.293643][ T6314]  kasan_save_free_info+0x3b/0x60
[  251.298686][ T6314]  poison_slab_object+0xf7/0x160
[  251.303648][ T6314]  __kasan_slab_free+0x32/0x50
[  251.308417][ T6314]  kmem_cache_free+0x12f/0x3a0
[  251.313188][ T6314]  kfree_skbmem+0x10e/0x200
[  251.317718][ T6314]  kfree_skb_reason+0x138/0x210
[  251.322586][ T6314]  hci_req_sync_complete+0x16c/0x270
[  251.327887][ T6314]  hci_event_packet+0x966/0x1170
[  251.332835][ T6314]  hci_rx_work+0x2c4/0x1610
[  251.337353][ T6314]  process_one_work+0x9c8/0x1b40
[  251.342304][ T6314]  worker_thread+0x6c8/0xf30
[  251.346908][ T6314]  kthread+0x2c4/0x3a0
[  251.350999][ T6314]  ret_from_fork+0x48/0x80
[  251.355453][ T6314]  ret_from_fork_asm+0x1a/0x30
[  251.360243][ T6314] 
[  251.362563][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  251.362563][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  251.377164][ T6314] The buggy address is located 208 bytes inside of
[  251.377164][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  251.390996][ T6314] 
[  251.393317][ T6314] The buggy address belongs to the physical page:
[  251.399724][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  251.408530][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  251.415643][ T6314] page_type: 0xffffefff(slab)
[  251.420332][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  251.428933][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  251.437541][ T6314] page dumped because: kasan: bad access detected
[  251.443947][ T6314] page_owner tracks the page as allocated
[  251.449655][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  251.468614][ T6314]  post_alloc_hook+0x2d1/0x350
[  251.473407][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  251.478991][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  251.484344][ T6314]  alloc_slab_page+0x56/0x110
[  251.489047][ T6314]  new_slab+0x84/0x260
[  251.493124][ T6314]  ___slab_alloc+0xdac/0x1870
[  251.497809][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  251.503193][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  251.508666][ T6314]  skb_clone+0x190/0x3f0
[  251.512921][ T6314]  hci_cmd_work+0x66a/0x710
[  251.517468][ T6314]  process_one_work+0x9c8/0x1b40
[  251.522449][ T6314]  worker_thread+0x6c8/0xf30
[  251.527089][ T6314]  kthread+0x2c4/0x3a0
[  251.531180][ T6314]  ret_from_fork+0x48/0x80
[  251.535619][ T6314]  ret_from_fork_asm+0x1a/0x30
[  251.540409][ T6314] page last free pid 1 tgid 1 stack trace:
[  251.546215][ T6314]  free_unref_page+0x64a/0xe40
[  251.551006][ T6314]  free_contig_range+0xb6/0x1a0
[  251.555881][ T6314]  destroy_args+0xa4e/0xe20
[  251.560411][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  251.565464][ T6314]  do_one_initcall+0x12b/0x700
[  251.570296][ T6314]  kernel_init_freeable+0x69d/0xca0
[  251.575523][ T6314]  kernel_init+0x1c/0x2b0
[  251.579885][ T6314]  ret_from_fork+0x48/0x80
[  251.584330][ T6314]  ret_from_fork_asm+0x1a/0x30
[  251.589121][ T6314] 
[  251.591440][ T6314] Memory state around the buggy address:
[  251.597068][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  251.605131][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  251.613199][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  251.621264][ T6314]                          ^
[  251.625853][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  251.633927][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  251.641992][ T6314] ==================================================================
[  251.669938][ T6314] ==================================================================
[  251.678066][ T6314] BUG: KASAN: slab-use-after-free in skb_release_data+0x857/0x980
[  251.685922][ T6314] Read of size 4 at addr ffff88805785498c by task syz-executor/6314
[  251.693909][ T6314] 
[  251.696261][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  251.708009][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  251.718075][ T6314] Call Trace:
[  251.721357][ T6314]  <TASK>
[  251.724286][ T6314]  dump_stack_lvl+0x116/0x1f0
[  251.728996][ T6314]  print_report+0xc3/0x620
[  251.733451][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.739100][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.744749][ T6314]  ? __phys_addr+0xc6/0x150
[  251.749271][ T6314]  kasan_report+0xd9/0x110
[  251.753737][ T6314]  ? skb_release_data+0x857/0x980
[  251.758787][ T6314]  ? skb_release_data+0x857/0x980
[  251.763830][ T6314]  skb_release_data+0x857/0x980
[  251.768734][ T6314]  kfree_skb_reason+0x12b/0x210
[  251.773613][ T6314]  __hci_req_sync+0x61d/0x980
[  251.778323][ T6314]  ? trace_contention_end+0xea/0x140
[  251.783758][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  251.789007][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  251.793710][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.799365][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.805014][ T6314]  ? hci_req_sync+0x3f/0xd0
[  251.809545][ T6314]  ? __pfx___might_resched+0x10/0x10
[  251.814853][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.820499][ T6314]  ? aa_get_newest_label+0x376/0x680
[  251.825823][ T6314]  hci_req_sync+0x97/0xd0
[  251.830171][ T6314]  ? __pfx_hci_scan_req+0x10/0x10
[  251.835214][ T6314]  hci_dev_cmd+0x634/0x960
[  251.839654][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.845304][ T6314]  ? __pfx_hci_dev_cmd+0x10/0x10
[  251.850267][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.855937][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.861588][ T6314]  ? security_capable+0x98/0xd0
[  251.866484][ T6314]  hci_sock_ioctl+0x4f3/0x880
[  251.871187][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.876837][ T6314]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  251.882160][ T6314]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  251.888174][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.893884][ T6314]  sock_do_ioctl+0x119/0x280
[  251.898508][ T6314]  ? __pfx_sock_do_ioctl+0x10/0x10
[  251.903655][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.909304][ T6314]  sock_ioctl+0x22e/0x6c0
[  251.913667][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  251.918551][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.924198][ T6314]  ? __fget_files+0x256/0x400
[  251.928912][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  251.934583][ T6314]  ? __pfx_sock_ioctl+0x10/0x10
[  251.939492][ T6314]  __x64_sys_ioctl+0x196/0x220
[  251.944282][ T6314]  do_syscall_64+0xcd/0x250
[  251.948812][ T6314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.954734][ T6314] RIP: 0033:0x7f7f427757db
[  251.959157][ T6314] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  251.978786][ T6314] RSP: 002b:00007ffe59ce0600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  251.987232][ T6314] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7f427757db
[  251.995214][ T6314] RDX: 00007ffe59ce0678 RSI: 00000000400448dd RDI: 0000000000000003
[  252.003195][ T6314] RBP: 000055555b37e4a8 R08: 0000000000000000 R09: 0000000000000000
[  252.011176][ T6314] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000007
[  252.019247][ T6314] R13: 0000000000000007 R14: 0000000000000009 R15: 0000000000000009
[  252.027242][ T6314]  </TASK>
[  252.030260][ T6314] 
[  252.032576][ T6314] Allocated by task 53:
[  252.036728][ T6314]  kasan_save_stack+0x33/0x60
[  252.041418][ T6314]  kasan_save_track+0x14/0x30
[  252.046097][ T6314]  __kasan_slab_alloc+0x89/0x90
[  252.050958][ T6314]  kmem_cache_alloc_noprof+0x121/0x2f0
[  252.056434][ T6314]  skb_clone+0x190/0x3f0
[  252.060710][ T6314]  hci_cmd_work+0x66a/0x710
[  252.065233][ T6314]  process_one_work+0x9c8/0x1b40
[  252.070186][ T6314]  worker_thread+0x6c8/0xf30
[  252.074794][ T6314]  kthread+0x2c4/0x3a0
[  252.078893][ T6314]  ret_from_fork+0x48/0x80
[  252.083362][ T6314]  ret_from_fork_asm+0x1a/0x30
[  252.088155][ T6314] 
[  252.090472][ T6314] Freed by task 53:
[  252.094275][ T6314]  kasan_save_stack+0x33/0x60
[  252.098967][ T6314]  kasan_save_track+0x14/0x30
[  252.103649][ T6314]  kasan_save_free_info+0x3b/0x60
[  252.108693][ T6314]  poison_slab_object+0xf7/0x160
[  252.113662][ T6314]  __kasan_slab_free+0x32/0x50
[  252.118437][ T6314]  kmem_cache_free+0x12f/0x3a0
[  252.123209][ T6314]  kfree_skbmem+0x10e/0x200
[  252.127740][ T6314]  kfree_skb_reason+0x138/0x210
[  252.132609][ T6314]  hci_req_sync_complete+0x16c/0x270
[  252.138022][ T6314]  hci_event_packet+0x966/0x1170
[  252.142971][ T6314]  hci_rx_work+0x2c4/0x1610
[  252.147492][ T6314]  process_one_work+0x9c8/0x1b40
[  252.152450][ T6314]  worker_thread+0x6c8/0xf30
[  252.157056][ T6314]  kthread+0x2c4/0x3a0
[  252.161147][ T6314]  ret_from_fork+0x48/0x80
[  252.165581][ T6314]  ret_from_fork_asm+0x1a/0x30
[  252.170392][ T6314] 
[  252.172709][ T6314] The buggy address belongs to the object at ffff8880578548c0
[  252.172709][ T6314]  which belongs to the cache skbuff_head_cache of size 240
[  252.187477][ T6314] The buggy address is located 204 bytes inside of
[  252.187477][ T6314]  freed 240-byte region [ffff8880578548c0, ffff8880578549b0)
[  252.201296][ T6314] 
[  252.203623][ T6314] The buggy address belongs to the physical page:
[  252.210033][ T6314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57854
[  252.218807][ T6314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  252.225944][ T6314] page_type: 0xffffefff(slab)
[  252.230662][ T6314] raw: 00fff00000000000 ffff8880192dd780 dead000000000122 0000000000000000
[  252.239293][ T6314] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  252.247898][ T6314] page dumped because: kasan: bad access detected
[  252.254315][ T6314] page_owner tracks the page as allocated
[  252.260027][ T6314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 242603093311, free_ts 36369450876
[  252.278991][ T6314]  post_alloc_hook+0x2d1/0x350
[  252.283784][ T6314]  get_page_from_freelist+0x1353/0x2e50
[  252.289357][ T6314]  __alloc_pages_noprof+0x22b/0x2460
[  252.294668][ T6314]  alloc_slab_page+0x56/0x110
[  252.299370][ T6314]  new_slab+0x84/0x260
[  252.303449][ T6314]  ___slab_alloc+0xdac/0x1870
[  252.308136][ T6314]  __slab_alloc.constprop.0+0x56/0xb0
[  252.313524][ T6314]  kmem_cache_alloc_noprof+0x2a7/0x2f0
[  252.318999][ T6314]  skb_clone+0x190/0x3f0
[  252.323255][ T6314]  hci_cmd_work+0x66a/0x710
[  252.327818][ T6314]  process_one_work+0x9c8/0x1b40
[  252.332804][ T6314]  worker_thread+0x6c8/0xf30
[  252.337410][ T6314]  kthread+0x2c4/0x3a0
[  252.341513][ T6314]  ret_from_fork+0x48/0x80
[  252.345948][ T6314]  ret_from_fork_asm+0x1a/0x30
[  252.350734][ T6314] page last free pid 1 tgid 1 stack trace:
[  252.356538][ T6314]  free_unref_page+0x64a/0xe40
[  252.361321][ T6314]  free_contig_range+0xb6/0x1a0
[  252.366189][ T6314]  destroy_args+0xa4e/0xe20
[  252.370717][ T6314]  debug_vm_pgtable+0x1705/0x3280
[  252.375769][ T6314]  do_one_initcall+0x12b/0x700
[  252.380570][ T6314]  kernel_init_freeable+0x69d/0xca0
[  252.385797][ T6314]  kernel_init+0x1c/0x2b0
[  252.390149][ T6314]  ret_from_fork+0x48/0x80
[  252.394583][ T6314]  ret_from_fork_asm+0x1a/0x30
[  252.399370][ T6314] 
[  252.401691][ T6314] Memory state around the buggy address:
[  252.407317][ T6314]  ffff888057854880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  252.415377][ T6314]  ffff888057854900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  252.423442][ T6314] >ffff888057854980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  252.431506][ T6314]                       ^
[  252.435833][ T6314]  ffff888057854a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  252.443899][ T6314]  ffff888057854a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  252.451959][ T6314] ==================================================================
[  252.493165][ T6314] ==================================================================
[  252.501292][ T6314] BUG: KASAN: slab-use-after-free in skb_free_head+0x1ae/0x1d0
[  252.508893][ T6314] Read of size 8 at addr ffff888057854990 by task syz-executor/6314
[  252.516914][ T6314] 
[  252.519261][ T6314] CPU: 0 PID: 6314 Comm: syz-executor Tainted: G    B              6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
[  252.531028][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  252.541127][ T6314] Call Trace:
[  252.544435][ T6314]  <TASK>
[  252.547392][ T6314]  dump_stack_lvl+0x116/0x1f0
[  252.552122][ T6314]  print_report+0xc3/0x620
[  252.556585][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  252.562266][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  252.567946][ T6314]  ? __phys_addr+0xc6/0x150
[  252.572502][ T6314]  kasan_report+0xd9/0x110
[  252.576963][ T6314]  ? skb_free_head+0x1ae/0x1d0
[  252.581748][ T6314]  ? skb_free_head+0x1ae/0x1d0
[  252.586535][ T6314]  skb_free_head+0x1ae/0x1d0
[  252.591140][ T6314]  skb_release_data+0x75c/0x980
[  252.596015][ T6314]  kfree_skb_reason+0x12b/0x210
[  252.600901][ T6314]  __hci_req_sync+0x61d/0x980
[  252.605627][ T6314]  ? trace_contention_end+0xea/0x140
[  252.610967][ T6314]  ? __pfx___hci_req_sync+0x10/0x10
[  252.616241][ T6314]  ? __mutex_lock+0x1a6/0x9c0
[  252.620960][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  252.626628][ T6314]  ? srso_alias_return_thunk+0x5/0xfbef5
[  252.632290][ T6314]  ? hci_req_sync+0x3f/0xd0
[  252.636836][ T6314]  ? __pfx___might_resched+0x10/0x10