last executing test programs:

1m28.003723609s ago: executing program 4 (id=352):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000006000000080000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002801400038010"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

1m27.948769854s ago: executing program 4 (id=355):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r2}, 0x10)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1, 0x400000}, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000300), 0xc, &(0x7f00000002c0)={&(0x7f0000001580)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x6011}, 0x80)

1m27.930960856s ago: executing program 4 (id=356):
syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
waitid(0x0, r0, 0x0, 0x8, 0x0)
ptrace$peeksig(0x4209, r0, &(0x7f0000000000)={0xc21, 0x1}, 0x0)

1m27.574754572s ago: executing program 4 (id=370):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
lseek(r2, 0x5, 0x4)

1m27.231328366s ago: executing program 4 (id=364):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92F\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0)
fspick(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1)
fsopen(0x0, 0x1)

1m27.077186142s ago: executing program 4 (id=368):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000000200)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000003100)=[{{0x0, 0x0, 0x0}, 0xe5}], 0x1, 0x40000000, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20040000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1m20.434191998s ago: executing program 32 (id=175):
socket(0x2, 0x3, 0x100000001)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
write$tun(r0, &(0x7f0000000840)={@void, @val={0x3, 0x0, 0x8, 0x100, 0x19, 0xc}, @ipv4=@icmp={{0x8, 0x4, 0x2, 0x5, 0x8027, 0x66, 0x0, 0x2, 0x1, 0x0, @rand_addr=0x64010100, @local, {[@timestamp_addr={0x44, 0xc, 0xdb, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}]}]}}, @echo_reply={0x0, 0x0, 0x0, 0x68, 0x4}}}, 0xfdef)

1m12.005228783s ago: executing program 33 (id=368):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000000200)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000003100)=[{{0x0, 0x0, 0x0}, 0xe5}], 0x1, 0x40000000, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20040000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

35.81779156s ago: executing program 2 (id=1518):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)

35.594209083s ago: executing program 2 (id=1521):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000700)={{{@in=@local, @in6=@empty, 0x4e21, 0xc, 0x4e21, 0x1, 0xa, 0x121655fc0da2b8b1, 0x80, 0x2c}, {0x4, 0x4, 0x200, 0x3, 0x8000, 0x8000, 0xd, 0x8}, {0x0, 0x1, 0x2, 0x80000000}, 0x2, 0x6e6bb8, 0x0, 0x0, 0x1, 0x3}, {{@in6=@empty, 0x4d6, 0x6c}, 0x2, @in=@broadcast, 0x3500, 0x1, 0x1, 0x5, 0x2, 0x9, 0x8}}, 0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)

35.528597289s ago: executing program 2 (id=1523):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', <r2=>0x0})
r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r1, r2, 0x25, 0x0, @void}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r3, r4, 0x4, r1}, 0x6)

35.351102177s ago: executing program 2 (id=1524):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6c617a7974696d652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313235342c6661756c745f747970653d30303030303030303030303030303033323736372c6772706a71756f74613d2c6e6f666c7573685f6d657267652c6e6f636865636b706f696e745f6d657267652c61636c2c67635f6d657267652c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c00cef235c93369e015a17ee2ff7fb3ad2b9406058804552c36be902e976d7836f82ef7fe1a91fd5fe53fa7c93ff6227910f46434ee3e5b851845bcaeb4a5731075f9887d22e18a989131940a04c4b9064af9cc9519dd7aa9078ad5ac798fbd81aa90dd19ce130ce6f37c3303199b6026122d39fdf5de1d4949e33dfbf7"], 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=@known='user.syz\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x10002, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

34.907742131s ago: executing program 2 (id=1526):
unshare(0x6000400)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RGETLOCK(r1, &(0x7f0000001440)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
tee(r0, r2, 0xfffffffffffffc01, 0x0)
tee(r0, r2, 0x60000000000, 0x0)

34.215359981s ago: executing program 2 (id=1528):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000104000000000100000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000280012800b000100697036746e6c00001800028014000300ff"], 0x48}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x401, 0x0, 0x100, {0x0, 0x0, 0x0, r2, 0x100, 0x306c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}]}}}]}, 0x50}}, 0xeb64d656001f6f32)

34.215237271s ago: executing program 34 (id=1528):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000104000000000100000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000280012800b000100697036746e6c00001800028014000300ff"], 0x48}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x401, 0x0, 0x100, {0x0, 0x0, 0x0, r2, 0x100, 0x306c}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x4}]}}}]}, 0x50}}, 0xeb64d656001f6f32)

30.874032376s ago: executing program 5 (id=1629):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140))
pwritev(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)="80fd", 0x2}], 0x1, 0x0, 0x0)

30.777138256s ago: executing program 5 (id=1632):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
uname(&(0x7f00000004c0)=""/229)

30.73312264s ago: executing program 5 (id=1634):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))

30.683677145s ago: executing program 5 (id=1636):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2a08000, &(0x7f0000000140), 0xfc, 0x474, &(0x7f00000003c0)="$eJzs3MtrXFUYAPBv7mTSpM/4qNqHGl9YfDRN+rALN4qCCwVBF9VdTNNSm1ppIthSTBSpSym4F5eCf4Er3Yi6EtzqXgpBsml8gFfunXvzfk0yyUTn94MJ59x7Zu75zrlncu65MxNA2+rN/lQidkfEL1k6ybMz0qJQVm566vrQH1PXhyqRpq/9Xsn33Z66PlSWLZ+3u8gcSSKSjytxaInjjl69dnFwZGT4SpHvG7v0bt/o1WtPX7g0eH74/PA7A6dPnzje/8ypgZNNiXNPVteDH1w+fOClN26+MnTm5ls/fNVR1nVBHM3SG73z2nKux5p9sBbbMydd6WhhRWhINSKy7qrl439fVGO28/bFix+1tHLApkrTNN27/O6JFPgfq0SrawC0RvmP/vZUd3Rt0nXwdjb5XP0CKIt7unjU93REUpSpLbi+baauYt3kzMSfn0fe/jvaqv0BgK33TTb/eao+/ykf9T09cc+ccnvz9eBsa8QdEXFnRNwVEXdHxP6IvOy9EXFfg8fvXZBfPP9Mbq0rsDXK5n/PFve25s//itnfP2lPtcjtie7oiVrl3IWR4WNFmxyJ2o4s37/CMb594edPl9vXW8z9ykd2/HIuWNTjVseO+c85Ozg2uLGoZ01+mK8Bji+Of/bOVZY6EBEH1/H62bz5whNfHl5u/+rxr6AJ95nSLyIer/f/RKwQ/8L7k93FvlMDJ/u6YmT4WF95Viz24083Xl3u+BuKvwmy/t+55Pk/E39PZe792tHGj3Hj10+WvaZp4Px/s9ySnf+dldfzdGex7f3BsbEr/RGdlZcXbx+YfbUyX5af3L0/4pGlx3/2HpedY1n8hyIiO4nvj4gHIuLBou4PRcTDkb/EUsanI+L75x99ez3xJ6s1bBNk/X92Xv/HKv3feKJ68buv1xN/Xdb/J/LUkWLLWt7/1lrBjbQdAAAA/Fck+WfgK8nRmXSSHD0asStf292ZjFweHXvy3OX3/jpb/6x8T9SScqWrvh5cXw/tL9aGy/zAgvzxYt34s2p3nt9Z3PsGWmfX3PGfLzjWx3/mt2qLKwdsPt/XgvZl/EP7Mv6hfRn/0L7WOv7TTa4HsPWWGv/jLagHsPXM/6F9Gf/Qvox/aF/GP7SljXyvX2KVxHjDzdsVK5Xp3CZx5YlI8kQ63sJq/F38DMvaCm9efcpfy1i9cK0Yd9uhB1dOtO49CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJn+DQAA//85XdxN")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0)
r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0)
write$tun(r1, &(0x7f0000002a80)={@val={0x0, 0x22eb}, @val={0x0, 0x3, 0x1, 0x0, 0xffff, 0x401}, @mpls={[], @ipv6=@udp={0x0, 0x6, "fa4e4f", 0x3e0, 0x11, 0x7e, @loopback, @mcast1, {[@dstopts={0x3c}], {0x4e20, 0x4e23, 0x3d8, 0x0, @opaque="a2cc83d7d9e804601e39c1608a48431efca9f8c7646d6b76587566c9eaca39a3f6721677057567ee2371ec5a300aa52ada2363263afc5f6876a92d8d902e1e975f3829ebdaa41b79e8bc3c3ca0fcb41732fbe1ecfcb842fcce5ec9b5e3ac1567a7aea366820d79301e0993b22f60290174b1120efd8387a4dfbb9c97f6df46e5bd25b8a0abbf1c5551b32aa21ea752b4e9402798027bd8ea8b495d2745bf45c3acc7a47bfd82876eb68997ddb3a51249082ccd6e84d07c8f86b12fbe9bbedded9a8185ff8f748792dc4d08b8bcf2a57440119512213a320c3dd9ddec5d7b60669cfe4cc87efd9c719a0919ec63e94d842eed8bd154a971c6b3cb14d072a2e97fdd1f9a5132aaafa5a73d5edb59ed11af48021ce66193920bc244e49a4e54b029580205eba7bd4851205abf5f33d06eae4bf6f483ab81fe81bfcd5f133e4e76742b990404fb75480901a8730ddfac80017e9dbf06cc4c27daac18127fcf85c6fa13db0c4bcb23b4e45ae0bece8578a152b8f3ebe178de0d3beab9cc298bd12b4550e905ef51066e6e20b59fba1e96a4b14f71bcf8d88ccb7839b342d067e1cbe73e424390ef53f75ca5b90e4784d7e796475af8d0c1bf3bdb0b946e0f82308cc3da7a202a8f47e45f42ebb3290a5959c89685f53447e4a55f50b8fb2548499d51b99be2fc53996e54657c7ecd68054c1b1682c2bb1beae4ed6ddbdc1e41a924bbdcb7bebf47fd7e0f44c7f49c8c64242f56abc4e027c2a70f29d2015bd6117e465fd8d58d063038b81bba9b831df37329d7cc08747e9699b3e5ff762aef5c4966dad1bc74d30b6c0306f747a8057dff42072e422292a86b3fd62d0775302b1723ce017498eed1ac45136d789dc813a3c2a30ba270b9369a0c5ac0aaa898be1c98c5cf6bf056e0cc31add613fd3431fb0568b31040ebb16ee5174d4330e83c2d03e9795c979cf306b33575f0e2cc1bf8fde21f2f40493250c5ba6e6ff2f3993e8e44eac17add3aef59e49f479e6fac320174ed891dad16ebc41adf83aa09513e16ed4f26a0f46439f7127a5a1acd9bfd8792e034e4772c84fa9dc2a4c38daec8f9e3bafdbf3ea2599a7604b88fc354f22ce7a9254390c38c04c073868f5a6951beb1dbab5355af55835c318bbd4e7c85bf58f4eaf7c7393d7592f9a6f9ff7e590f27249586721b0834bcffebd9133de0775465a3111d45d120ce1ac8ba4aeefcdc62a28075cc424e137d3409606341db6025ebe8d62c81dc6f8af708c7f1783cfcc4a9f64a2e0188ba661a1fdd79066d678eb953167155618bff0ce9524baaa6279e6cb70bb633ba6f8e8a5b22dd693eaba1a87f29e4c4ceb2cc48f5c06892160cd8ee6bfa63fd16aaa5793cf46a95ecf7"}}}}}, 0x416)
write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x2000000000000001, 0x2000000, 0x0, {0xffffffffff7ffffe, 0x1, 0xffffffffbfffffff, 0x10, 0xffffffffffff592c, 0x6, 0x4, 0x6288f666, 0x0, 0xc000}}}, 0xa6)

30.280541995s ago: executing program 5 (id=1648):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000011000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd00006ed3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808b80200000000000000334d83239d1d2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cefd07e002cab5ebfcaad34732181feb215139f15eadddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a580900000000000000b4f22cdf550ef091a78098534f0d973058594119d06d5ea9a8d085734000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a1f3db9c24db65c1e00015c1d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86e0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8e34fc7eac9e8af3904ea0f3698cd9492794b82649b50d726bff873339c4cad4ead1348474250eda2c8067ab730c1d85969b95a2a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c02000000000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860a44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cddcb24ebb6eddb9e87c9ece87a42c0000abdfc6ea55887dfa18d0aea1b6eca5a883702b0bf3aeebb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3e0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5bf55b98d926d3c27e7945b2999600000000f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac23c3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa17bc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984aea1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a57094616020f72f1c55ee3d325c7496a7c2f10cfea516ae436751227378f00ca0f1f6c1dcf879700dd90b96a330f92bff736c83ca53e7f02b734d1a9292896f5d7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cdeac995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb7961c07b47521973cf0bb6f5530f6216b447b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d413e7b2a9e2f87f7b44949fe14c00000000000047030c09f62d444b4981db81799776eeb444000000009705fa8b56779bc876ad4f8d8c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dee145ff221159aed2768edc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982e3ddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bf4d30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def613204c2b7c1ad48b01c208f4032e93408000000000000e96db049b92fc32ee34fe7a3419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab84213bf50000000000000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba375dfa55a49b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be573f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bc850f8035040ad9e562be58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc0555d4bfcfd057980136d6e9000003b24fa300ef90bfe4ad364256937796f941c2faad94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808f109b5e36fc7fdd41def361427b6b9c118e5c9a0a1d5ca24886e33a7f81b2188ec75a5fc9302e3695bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124ba263e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3010975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df74d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf3010100007e206a758a3f02816b4e097cfa3d46e45e7949c5b10691d49b9693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000000000000000019a4e9a9c2cbc906f97fd6eb71b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea12023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6088630d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac6398c1b28bdd33b69b4b86d7c5f30cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a9f9355aea34fe55fd0d3011cb83ac03268dc66dd108a4e9944241e1d4ba69212ee0e7526e72c19346d08d3c3c82cb987f1bd2fd9ce2c88082ea23abbf23c6bd43fc9f9f8ea7656e25d3d73cd056b1f782de1fe349fc33546558366ed99940c0fda039272d277a3576d4e0469779d711e10b6bf040f7274fd9577c1c33326d2e60ee611ae226ef00e2944fb727832dc8dad36a6072aacfc4bcefb808ab7b3b95e0f60616320b2a9e1f8fac812daac9983639b35184803b7d192ce1f226e97fa23c37df95d067a54a8b412644cad9ecc251fbe418a81aaf00cc8d15758ff0eb885a40630396ba76b8fadc09e62ef70c8a0121e7e8322cb8bc0f50ad33a17143a29c14ecadd1b6244e31b888d8f3fa03208d3e9a4826a98f31995509015ebdc89f2f3106e54d5898d3758b9bfc9e4924e9cedf7f8fd584e7185703cc5f23741ffb480b5a87cd7efcceb409d354bdab211ebd50ab12b13c1b8ce93093a59a0f952153c2efd10e72ec9ee5fa2a00f9637851ddb81d059f9a363c4ada68dd25f19ee9e4841acee7c1b35ad6f9d54cf4939ce78a55a04e655d7746a3989c6f33b02f8497aacb6bfca7456111900000000000000000048d35af24acb66fdd4d1fb150138f0ee6abfc7049c94346868ed76d3a5df7335184386a5c532d425f1a098ff93efd05e5dd8b765121fbdfe5ef44f6472b939c31883f45889142e82086c2448da60d7a40774d71c2da2e7f6d4fe5d36923213cc7b7d71a1c90006e8f8d84953f284b0eb4366beff5df5595827dcd736e8cfab28cfa416e83c06213ca7fd21af56e3de1d80e77060447e20a8b317a4c06e24e99239824d08abf670a685bc46c8168bee4cfc30cc6d0dc030a592925bad3e0f805f0d4b2b600dc3f0c4c6f75bb4e49982f4198ac90ab77c5572c956d415858bad5ee117b3e5f1507bbd0d7a30388865deb11106a93225a81feb08f5"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f00000009c0)="b9ff0300600d698cff9eab0668bfa7", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

29.959416687s ago: executing program 5 (id=1650):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

29.954267118s ago: executing program 35 (id=1650):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r1}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)

11.501431527s ago: executing program 8 (id=2119):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$sock(r3, &(0x7f00000094c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x51)
close(r2)

11.47612174s ago: executing program 8 (id=2120):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10)
utimes(0x0, 0x0)

11.434812264s ago: executing program 8 (id=2121):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
utimes(&(0x7f0000000340)='./file0\x00', 0x0)

11.339227684s ago: executing program 8 (id=2122):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x402, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000850000009e00000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

10.613174837s ago: executing program 8 (id=2131):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000029c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000006c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10)
getgid()

9.939320814s ago: executing program 8 (id=2143):
r0 = epoll_create1(0x80000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10)
epoll_pwait(r0, &(0x7f0000000040)=[{}], 0x1, 0x1, 0x0, 0x0)

9.932641595s ago: executing program 36 (id=2143):
r0 = epoll_create1(0x80000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10)
epoll_pwait(r0, &(0x7f0000000040)=[{}], 0x1, 0x1, 0x0, 0x0)

5.09130537s ago: executing program 6 (id=2255):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001f00)={0x30, r3, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0x80000000, 0x1, 0x1, 0x5}}}}, 0x30}}, 0x0)

5.065746243s ago: executing program 6 (id=2256):
unshare(0x6020400)
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x9)
r2 = openat(r1, &(0x7f0000000040)='.\x00', 0x0, 0x0)
utimensat(r2, 0x0, 0x0, 0x0)

5.047779705s ago: executing program 6 (id=2257):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000240)={0x1d, r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.stat\x00', 0x275a, 0x0)
write$FUSE_INIT(r2, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x4, 0x400008, 0xfff7, 0x80, 0xcc, 0x9, 0x0, 0x0, 0x4, 0x5}}, 0x50)
sendfile(r0, r2, &(0x7f0000000040), 0xe)

5.028533016s ago: executing program 6 (id=2258):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x402, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000850000009e00000095"], &(0x7f00000000c0)='GPL\x00', 0x4, 0xad, &(0x7f00000003c0)=""/173}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x4028, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

4.686120131s ago: executing program 6 (id=2260):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x1, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES64=r0], 0x0)

3.99931247s ago: executing program 6 (id=2264):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000000000851000000200000085000000070000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r0}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)

3.999001789s ago: executing program 37 (id=2264):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000000000851000000200000085000000070000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r0}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)

3.617216408s ago: executing program 0 (id=2269):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
timer_getoverrun(0x0)

3.559678324s ago: executing program 0 (id=2270):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

3.312112218s ago: executing program 0 (id=2271):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000001540)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "bdc6f5", 0x0, 0x6c, 0xff, @private1, @mcast2}}}}, 0x0)

3.261791913s ago: executing program 0 (id=2272):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})

2.409234319s ago: executing program 0 (id=2293):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b000000080000000c0000000400000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
time(0x0)

2.367733663s ago: executing program 0 (id=2295):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x1}, {0x6, 0x24, 0x1a, 0x0, 0xa}}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000780)={0x44, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x80, 0xfffffdce, {0x3, 0x7, 0x0, 0xffff, 0x1, 0x0, 0x0, 0x1000, 0x5, 0x81, 0x4, 0x1}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

2.051712255s ago: executing program 3 (id=2310):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup(r0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="080086dd0001110004000000a60c6eec00be00442ffffe8000000000000000000000000000aaff020000000000000000000000000001042088be", @ANYRESDEC=r0], 0xfdef)

1.995617611s ago: executing program 3 (id=2313):
r0 = socket(0x1, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/65, 0x41}], 0x1}}], 0x40000000000019b, 0x0, 0x0)

1.962985114s ago: executing program 3 (id=2316):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
creat(&(0x7f0000000300)='./file0\x00', 0x28)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)

1.946614065s ago: executing program 3 (id=2317):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES8=r1], 0x0)

1.186586381s ago: executing program 1 (id=2343):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000640)=[{0x6, 0x83, 0xfc, 0xfffffffe}]}, 0x10)
close(r0)

1.139067486s ago: executing program 1 (id=2345):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
chmod(0x0, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0xa20, 0x8000c64)

1.084360912s ago: executing program 1 (id=2346):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000280)={0x74, 0x0, 0x5f})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f00001c2000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x25, 0x0, 0x0)
ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000300)={{0xe566c797b7515b9, 0xffff1000, 0x3, 0x9, 0x7f, 0x7, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0xd000, 0xd000, 0x10, 0x3, 0x1, 0x7, 0x6, 0x6, 0x1, 0x6, 0xfa, 0x5}, {0x33221000, 0x4, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0x4, 0x92, 0x2}, {0x10000, 0xf000, 0x9, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfd, 0x29, 0x9, 0x9}, {0xeeee8000, 0x1000, 0xf, 0x9, 0x5, 0x2, 0x7, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0x4000, 0xdddd1000, 0xe, 0x2, 0xad, 0x2, 0x5, 0x5, 0x1, 0xc, 0x6, 0x9f}, {0x10000, 0x10000, 0xb, 0x9, 0xcd, 0x5, 0x5, 0x26, 0x8, 0x6, 0xfc, 0x6}, {0x1, 0x0, 0xd, 0xe, 0x13, 0x40, 0x3, 0x0, 0x7f, 0x1, 0x0, 0x8}, {0x100000, 0x5}, {0x80a0000, 0xbf81}, 0x80000003, 0x0, 0x6000, 0x240431, 0x5, 0xa800, 0x8000000, 0x1, [0x4, 0x2, 0x3, 0x3]})

1.076446842s ago: executing program 9 (id=2347):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

1.059354294s ago: executing program 9 (id=2348):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
move_mount(0xffffffffffffff9c, &(0x7f0000000800)='./bus\x00', 0xffffffffffffffff, &(0x7f0000000840)='./file0\x00', 0x64)

889.133181ms ago: executing program 7 (id=2349):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)
nanosleep(&(0x7f0000000080), 0x0)

849.144455ms ago: executing program 1 (id=2350):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000001240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @void, {@ipv6={0x86dd, @generic={0x2, 0x6, "c34fd6", 0x0, 0x6, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @remote}}}}, 0x0)

752.298055ms ago: executing program 7 (id=2351):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010000104000000000100000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000280012800b000100697036746e6c00001800028014000300ff"], 0x48}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010000104000000000001000000000000", @ANYRES32=r2, @ANYBLOB="000100006c300000300012800b000100697036746e6c0000200002801400020020010000000000000000000000f5ff01"], 0x50}}, 0xeb64d656001f6f32)

751.518885ms ago: executing program 9 (id=2352):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
unshare(0x6020400)
chroot(&(0x7f0000000a40)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204081, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0\x00')

724.172448ms ago: executing program 1 (id=2353):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
io_setup(0x400, &(0x7f0000001080)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f00000006c0)=[&(0x7f0000000400)={0x1802, 0x0, 0x0, 0x5, 0x0, r2, 0x0}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x3, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x6}])

689.955931ms ago: executing program 9 (id=2354):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
r1 = socket(0x10, 0x2, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0xa0179e08})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f0000000140))

679.205202ms ago: executing program 7 (id=2355):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x4, 0x6, @remote}, 0x14)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r3=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x11, r3, 0x1, 0x4}, 0x14)

661.196454ms ago: executing program 9 (id=2356):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = getpid()
r1 = gettid()
rt_tgsigqueueinfo(r0, r1, 0x29, &(0x7f00000000c0)={0x4, 0x80000000, 0x6})
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffffffffffffffff]}, 0x8, 0x0)
read$FUSE(r2, &(0x7f0000006000)={0x2020}, 0x8d)

660.979724ms ago: executing program 7 (id=2357):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"})
pselect6(0x40, &(0x7f0000000040)={0xc, 0x1, 0xfffffffffffffff3, 0x0, 0x0, 0x0, 0x400000000000, 0x400}, 0x0, 0x0, 0x0, 0x0)
syz_open_pts(r0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

647.836505ms ago: executing program 9 (id=2358):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "4070f43f"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})

599.314811ms ago: executing program 1 (id=2359):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
r1 = syz_open_pts(r0, 0x0)
poll(&(0x7f0000000000)=[{r1, 0x212e}], 0x1, 0x9e)
dup3(r1, r0, 0x0)

565.760814ms ago: executing program 7 (id=2360):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x1, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000014d564b0000000001"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

518.801289ms ago: executing program 7 (id=2361):
r0 = userfaultfd(0x801)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x6, 0x6, 0x5}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0xe, 0xffffffffffffffff, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, 0x0, 0x0)
readv(r0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/247, 0xf7}], 0x1)

116.959369ms ago: executing program 3 (id=2362):
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
munlock(&(0x7f00002a4000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000623000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000e16000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000cf0000/0x2000)=nil)
munlockall()

0s ago: executing program 3 (id=2363):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r2, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000000000000d00000000000000000000ef60fc4bd8ecc4e3200000000006004dee00000000000032acaace3269d47147"], 0xd0060)

kernel console output (not intermixed with test programs):

x0
[   86.505496][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.513167][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.528278][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.528666][   T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[   86.537353][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.573441][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.581317][   T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   86.581343][   T60] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   86.581364][   T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   86.581382][   T60] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[   86.611333][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.636796][   T60] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[   86.646374][   T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.650476][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.665094][ T3897] loop3: detected capacity change from 0 to 512
[   86.667257][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.683393][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.692363][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.693172][   T60] usb 3-1: config 0 descriptor??
[   86.701922][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.716742][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.725056][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.732819][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.740258][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.748068][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.751367][ T3897] EXT4-fs (loop3): Ignoring removed bh option
[   86.755494][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.755520][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.777179][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.784792][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.792381][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.800100][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.800889][ T3897] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,nogrpid,bh,,errors=continue. Quota mode: writeback.
[   86.807507][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.807533][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.834908][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.842355][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.849788][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.857185][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.864624][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.872068][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.880330][  T333] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[   86.888467][  T333] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   86.917199][   T30] kauditd_printk_skb: 150 callbacks suppressed
[   86.917219][   T30] audit: type=1326 audit(86.881:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.5.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9393e436c9 code=0x7ffc0000
[   86.963790][  T333] usb 3-1: USB disconnect, device number 6
[   86.974097][   T30] audit: type=1326 audit(86.881:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.5.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9393e436c9 code=0x7ffc0000
[   87.010749][   T30] audit: type=1326 audit(86.881:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.5.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f9393e436c9 code=0x7ffc0000
[   87.068594][ T3910] incfs: Options parsing error. -22
[   87.074005][ T3910] incfs: mount failed -22
[   87.084176][   T30] audit: type=1326 audit(86.881:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.5.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9393e436c9 code=0x7ffc0000
[   87.112766][   T30] audit: type=1326 audit(86.881:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.5.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9393e436c9 code=0x7ffc0000
[   87.160275][ T3917] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3917 comm=syz.5.1458
[   87.166213][ T3915] fido_id[3915]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   87.201804][   T30] audit: type=1400 audit(87.161:1373): avc:  denied  { sys_admin } for  pid=3920 comm="syz.3.1460" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   87.213539][ T3917] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3917 comm=syz.5.1458
[   87.247765][  T344] tipc: Node number set to 2886997007
[   87.422877][   T30] audit: type=1326 audit(87.391:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3952 comm="syz.6.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec383c6c9 code=0x7ffc0000
[   87.424138][ T3951] loop5: detected capacity change from 0 to 128
[   87.456167][   T30] audit: type=1326 audit(87.421:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3952 comm="syz.6.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec383c6c9 code=0x7ffc0000
[   87.480356][   T30] audit: type=1326 audit(87.421:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3952 comm="syz.6.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec383c6c9 code=0x7ffc0000
[   87.503805][   T30] audit: type=1326 audit(87.421:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3952 comm="syz.6.1481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec383c6c9 code=0x7ffc0000
[   87.584972][ T3951] EXT4-fs (loop5): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none.
[   87.712639][ T3972] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1482'.
[   87.729244][ T3972] cgroup: Unexpected value for 'cpuset_v2_mode'
[   87.827847][ T3981] 9pnet: p9_errstr2errno: server reported unknown error �@�΂�(����QhQI��
[   87.967109][ T3991] loop0: detected capacity change from 0 to 128
[   88.012637][  T333] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0
[   88.028119][  T333] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0
[   88.046030][  T333] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0
[   88.066794][  T333] hid-generic 0000:0004:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   88.110598][ T3991] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none.
[   88.140382][ T3996] fido_id[3996]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   88.182220][ T3977] loop6: detected capacity change from 0 to 40427
[   88.195068][ T3977] F2FS-fs (loop6): invalid crc value
[   88.202214][ T4000] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1494'.
[   88.211877][ T4000] device veth1_macvtap left promiscuous mode
[   88.241957][ T3977] F2FS-fs (loop6): Found nat_bits in checkpoint
[   88.290449][ T3977] F2FS-fs (loop6): Start checkpoint disabled!
[   88.317655][ T3977] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[   88.358565][ T4008] lo: Caught tx_queue_len zero misconfig
[   88.365219][ T4008] netem: incorrect gi model size
[   88.374500][ T4010] futex_wake_op: syz.0.1498 tries to shift op by -1; fix this program
[   88.400233][ T4008] netem: change failed
[   88.428892][ T1564] attempt to access beyond end of device
[   88.428892][ T1564] loop6: rw=524288, want=45072, limit=40427
[   88.465904][ T1564] attempt to access beyond end of device
[   88.465904][ T1564] loop6: rw=0, want=45072, limit=40427
[   88.532832][    T8] attempt to access beyond end of device
[   88.532832][    T8] loop6: rw=2049, want=40984, limit=40427
[   88.614294][  T599] tipc: Disabling bearer <udp:s>
[   88.624521][ T4031] overlayfs: refusing to follow metacopy origin for (/file1)
[   88.664997][  T599] tipc: Left network mode
[   88.884741][ T4050] loop0: detected capacity change from 0 to 256
[   89.016509][ T4051] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.024627][ T4051] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.033694][ T4051] device bridge_slave_0 entered promiscuous mode
[   89.041723][ T4051] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.081012][ T4051] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.103471][ T4051] device bridge_slave_1 entered promiscuous mode
[   89.147803][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   89.215147][  T599] device bridge_slave_1 left promiscuous mode
[   89.221664][  T599] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.230255][  T599] device bridge_slave_0 left promiscuous mode
[   89.236771][  T599] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.245337][  T599] device veth1_macvtap left promiscuous mode
[   89.251636][  T599] device veth0_vlan left promiscuous mode
[   89.449513][ T4051] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.456636][ T4051] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.464083][ T4051] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.471132][ T4051] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.478570][   T26] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   89.506117][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   89.537941][  T412] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.546063][  T412] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.590101][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   89.608002][  T412] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.615067][  T412] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.632858][ T4070] loop2: detected capacity change from 0 to 40427
[   89.641233][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   89.658596][ T4070] F2FS-fs (loop2): fault_injection options not supported
[   89.666401][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.673620][  T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.681464][ T4070] F2FS-fs (loop2): fault_type options not supported
[   89.689081][ T4070] F2FS-fs (loop2): invalid crc value
[   89.695515][ T4070] F2FS-fs (loop2): Found nat_bits in checkpoint
[   89.703536][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   89.718442][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   89.726569][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   89.730057][ T4070] F2FS-fs (loop2): Start checkpoint disabled!
[   89.734758][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   89.744314][ T4070] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   89.756045][   T26] usb 1-1: Using ep0 maxpacket: 16
[   89.785559][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   89.796181][  T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   89.804325][  T283] F2FS-fs (loop2): access invalid blkaddr:4043309056
[   89.813917][  T283] CPU: 1 PID: 283 Comm: syz-executor Tainted: G        W         syzkaller #0
[   89.823266][  T283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   89.834235][  T283] Call Trace:
[   89.837662][  T283]  <TASK>
[   89.840596][  T283]  __dump_stack+0x21/0x30
[   89.844958][  T283]  dump_stack_lvl+0xee/0x150
[   89.849777][  T283]  ? show_regs_print_info+0x20/0x20
[   89.855000][  T283]  dump_stack+0x15/0x20
[   89.859170][  T283]  f2fs_is_valid_blkaddr+0xca0/0x12a0
[   89.864653][  T283]  f2fs_map_blocks+0xd71/0x38a0
[   89.869526][  T283]  ? f2fs_do_map_lock+0x80/0x80
[   89.874652][  T283]  f2fs_mpage_readpages+0xae4/0x1de0
[   89.879960][  T283]  ? dquot_release_reservation_block+0xa0/0xa0
[   89.886568][  T283]  ? __this_cpu_preempt_check+0x13/0x20
[   89.892131][  T283]  ? cgroup_rstat_updated+0xf5/0x370
[   89.897600][  T283]  ? xas_nomem+0x6b/0x1d0
[   89.902459][  T283]  f2fs_readahead+0xfc/0x240
[   89.907037][  T283]  ? f2fs_set_data_page_dirty+0x520/0x520
[   89.913546][  T283]  read_pages+0x16e/0xb00
[   89.918484][  T283]  ? __lru_cache_activate_page+0x210/0x210
[   89.924403][  T283]  ? page_cache_ra_unbounded+0x980/0x980
[   89.931421][  T283]  page_cache_ra_unbounded+0x782/0x980
[   89.937373][  T283]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[   89.943877][  T283]  ? handle_pte_fault+0x73c/0x2680
[   89.949287][  T283]  ondemand_readahead+0x8d3/0xe30
[   89.954320][  T283]  ? page_cache_sync_ra+0x420/0x420
[   89.959810][  T283]  ? do_handle_mm_fault+0xf39/0x1d50
[   89.965285][  T283]  page_cache_sync_ra+0x2c4/0x420
[   89.970295][  T283]  ? force_page_cache_ra+0x460/0x460
[   89.975654][  T283]  f2fs_readdir+0x468/0x990
[   89.980806][  T283]  ? f2fs_fill_dentries+0xce0/0xce0
[   89.986831][  T283]  ? down_read_killable+0xbb/0x110
[   89.992021][  T283]  ? security_file_permission+0x83/0xa0
[   89.997664][  T283]  iterate_dir+0x260/0x600
[   90.003623][  T283]  ? f2fs_fill_dentries+0xce0/0xce0
[   90.009800][  T283]  __se_sys_getdents64+0xe5/0x240
[   90.014839][  T283]  ? __x64_sys_getdents64+0x90/0x90
[   90.020041][  T283]  ? filldir+0x690/0x690
[   90.024289][  T283]  ? debug_smp_processor_id+0x17/0x20
[   90.029827][  T283]  __x64_sys_getdents64+0x7b/0x90
[   90.035145][  T283]  x64_sys_call+0x592/0x9a0
[   90.040029][  T283]  do_syscall_64+0x4c/0xa0
[   90.045676][  T283]  ? clear_bhb_loop+0x50/0xa0
[   90.050631][  T283]  ? clear_bhb_loop+0x50/0xa0
[   90.055684][  T283]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   90.062814][  T283] RIP: 0033:0x7f417e91e033
[   90.067324][  T283] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[   90.087767][  T283] RSP: 002b:00007ffd356320d8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[   90.096361][  T283] RAX: ffffffffffffffda RBX: 000055555e3604e0 RCX: 00007f417e91e033
[   90.104324][  T283] RDX: 0000000000008000 RSI: 000055555e3604e0 RDI: 0000000000000005
[   90.112300][  T283] RBP: 000055555e3604b4 R08: 0000000000000000 R09: 0000000000000000
[   90.120583][  T283] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[   90.130554][  T283] R13: 0000000000000010 R14: 000055555e3604b0 R15: 00007ffd35634390
[   90.141124][  T283]  </TASK>
[   90.146637][  T283] attempt to access beyond end of device
[   90.146637][  T283] loop2: rw=524288, want=45072, limit=40427
[   90.158517][  T283] attempt to access beyond end of device
[   90.158517][  T283] loop2: rw=0, want=45072, limit=40427
[   90.167952][ T4051] device veth0_vlan entered promiscuous mode
[   90.182074][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   90.190648][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   90.198685][   T26] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   90.201323][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   90.215677][   T26] usb 1-1: config 1 has no interface number 1
[   90.216071][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   90.235687][   T26] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[   90.245212][  T412] attempt to access beyond end of device
[   90.245212][  T412] loop2: rw=2049, want=40992, limit=40427
[   90.252788][ T4051] device veth1_macvtap entered promiscuous mode
[   90.266920][   T26] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[   90.272013][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   90.281188][   T26] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   90.289633][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   90.308662][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   90.330677][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   90.341554][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   90.351301][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   90.359961][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   90.385051][ T4085] loop6: detected capacity change from 0 to 128
[   90.407593][ T4085] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   90.477893][   T26] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   90.499005][   T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.509381][   T26] usb 1-1: Product: syz
[   90.521646][   T26] usb 1-1: Manufacturer: syz
[   90.537648][   T26] usb 1-1: SerialNumber: syz
[   90.584148][ T4091] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.591758][ T4091] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.599917][ T4091] device bridge_slave_0 entered promiscuous mode
[   90.607356][ T4091] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.614866][ T4091] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.622863][ T4091] device bridge_slave_1 entered promiscuous mode
[   90.699020][ T4113] loop6: detected capacity change from 0 to 256
[   90.835728][ T4128] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1543'.
[   90.846305][ T4128] device veth1_macvtap left promiscuous mode
[   90.902339][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   90.912040][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   90.930208][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   90.939514][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   90.949946][  T332] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.957629][  T332] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.968234][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   90.977461][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   90.987060][  T332] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.994276][  T332] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.002793][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   91.016899][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   91.033334][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   91.057869][   T26] usb 1-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[   91.075880][ T4091] device veth0_vlan entered promiscuous mode
[   91.083227][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   91.092420][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.101612][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.109347][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.143350][ T4091] device veth1_macvtap entered promiscuous mode
[   91.154343][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   91.175614][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   91.191431][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   91.201689][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   91.211804][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   91.258729][ T4157] loop7: detected capacity change from 0 to 512
[   91.278912][ T4157] EXT4-fs (loop7): Ignoring removed oldalloc option
[   91.292735][ T4157] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[   91.337080][ T4157] EXT4-fs (loop7): 1 truncate cleaned up
[   91.343900][ T4157] EXT4-fs (loop7): mounted filesystem without journal. Opts: minixdf,oldalloc,stripe=0x0000000000000001,noblock_validity,debug_want_extra_isize=0x0000000000000006,,errors=continue. Quota mode: none.
[   91.414961][ T4168] loop6: detected capacity change from 0 to 512
[   91.521716][ T4175] loop6: detected capacity change from 0 to 256
[   91.531858][ T4175] FAT-fs (loop6): bogus number of FAT sectors
[   91.538745][ T4175] FAT-fs (loop6): Can't find a valid FAT filesystem
[   91.547790][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   91.578609][  T599] device bridge_slave_1 left promiscuous mode
[   91.584793][  T599] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.608168][  T599] device bridge_slave_0 left promiscuous mode
[   91.615502][  T599] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.628759][  T599] device veth1_macvtap left promiscuous mode
[   91.642041][  T599] device veth0_vlan left promiscuous mode
[   92.001490][   T26] usb 1-1: USB disconnect, device number 6
[   92.007601][ T1291] udevd[1291]: setting mode of /dev/snd/controlC0 to 020660 failed: No such file or directory
[   92.041698][ T1291] udevd[1291]: setting owner of /dev/snd/controlC0 to uid=0, gid=29 failed: No such file or directory
[   92.064476][ T4210] loop7: detected capacity change from 0 to 512
[   92.096817][ T4211] loop5: detected capacity change from 0 to 14151
[   92.141221][ T4211] loop5: detected capacity change from 14151 to 17383
[   92.480163][ T4231] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   92.686002][   T30] kauditd_printk_skb: 69 callbacks suppressed
[   92.686026][   T30] audit: type=1326 audit(348.655:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.718610][   T30] audit: type=1326 audit(348.695:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.744128][   T30] audit: type=1326 audit(348.695:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.797903][   T30] audit: type=1326 audit(348.765:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.823939][   T30] audit: type=1326 audit(348.785:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.849090][   T30] audit: type=1326 audit(348.815:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.891529][   T30] audit: type=1326 audit(348.865:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.911205][ T4245] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1593'.
[   92.947545][   T30] audit: type=1326 audit(348.875:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   92.975362][   T30] audit: type=1326 audit(348.885:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe23ce6c5e7 code=0x7ffc0000
[   92.999070][   T30] audit: type=1326 audit(348.885:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4244 comm="syz.0.1593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fe23ce6c55c code=0x7ffc0000
[   93.102921][ T4265] serio: Serial port ttyS3
[   93.262116][ T4292] loop5: detected capacity change from 0 to 128
[   93.331288][ T4301] loop6: detected capacity change from 0 to 16
[   93.331770][ T4292] FAT-fs (loop5): Unrecognized mount option "0177777777777777777777718446744073709551615017777777777777777777770000000000000000000000401777777777777777777777�0000000000000000000301777777777777777777777" or missing value
[   93.379775][ T4301] erofs: (device loop6): mounted with root inode @ nid 36.
[   93.475882][ T4303] loop5: detected capacity change from 0 to 128
[   93.517914][    T6] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   93.551583][ T4303] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   93.761271][ T4324] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1627'.
[   93.897907][    T6] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.038401][ T4343] loop5: detected capacity change from 0 to 512
[   94.077814][    T6] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   94.097886][    T6] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.098958][ T4343] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.1636: invalid indirect mapped block 10 (level 1)
[   94.116741][    T6] usb 8-1: Product: syz
[   94.126847][    T6] usb 8-1: Manufacturer: syz
[   94.136987][    T6] usb 8-1: SerialNumber: syz
[   94.145704][ T4343] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.1636: invalid indirect mapped block 8 (level 1)
[   94.150878][ T4351] syz.0.1639[4351] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   94.160532][ T4351] syz.0.1639[4351] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   94.173508][ T4343] EXT4-fs (loop5): 1 truncate cleaned up
[   94.195832][ T4343] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   94.239895][ T4355] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[   94.248865][ T4343] EXT4-fs error (device loop5): __ext4_get_inode_loc:4358: comm syz.5.1636: Invalid inode table block 5 in block_group 0
[   94.268135][ T4343] EXT4-fs error (device loop5): __ext4_get_inode_loc:4358: comm syz.5.1636: Invalid inode table block 5 in block_group 0
[   94.294782][ T4343] EXT4-fs error (device loop5): ext4_get_max_inline_size:116: inode #18: comm syz.5.1636: can't get inode location 18
[   94.309826][ T4343] EXT4-fs error (device loop5): __ext4_get_inode_loc:4358: comm syz.5.1636: Invalid inode table block 5 in block_group 0
[   94.323444][ T4343] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem
[   94.333983][ T4343] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #18: comm syz.5.1636: mark_inode_dirty error
[   94.349607][ T4343] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.1636: Invalid block bitmap block 3 in block_group 0
[   94.363854][ T4343] EXT4-fs error (device loop5): __ext4_get_inode_loc:4358: comm syz.5.1636: Invalid inode table block 5 in block_group 0
[   94.378640][ T4343] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5873: Corrupt filesystem
[   94.394567][ T4367] loop0: detected capacity change from 0 to 512
[   94.401351][ T4343] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #18: comm syz.5.1636: mark_inode_dirty error
[   94.480019][ T1311] EXT4-fs warning (device loop5): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -117 reading directory block
[   94.511371][ T4367] EXT4-fs (loop0): Test dummy encryption mode enabled
[   94.521536][ T4367] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   94.577234][ T4367] EXT4-fs error (device loop0): ext4_orphan_get:1427: comm syz.0.1647: bad orphan inode 131083
[   94.592756][ T4367] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,journal_dev=0x0000000000000002,,errors=continue. Quota mode: none.
[   94.623014][ T4367] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[   94.939663][ T4691] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.956455][ T4691] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.976989][ T4691] device bridge_slave_0 entered promiscuous mode
[   95.006741][ T4691] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.036006][ T4691] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.050723][ T4691] device bridge_slave_1 entered promiscuous mode
[   95.202167][ T4691] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.209646][ T4691] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.217762][ T4691] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.224926][ T4691] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.271647][ T4421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   95.281045][ T4421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   95.295680][ T4421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   95.304025][    T6] cdc_ncm 8-1:1.0: MAC-Address: 42:42:42:42:42:42
[   95.314106][    T6] cdc_ncm 8-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   95.334060][    T6] cdc_ncm 8-1:1.0: setting rx_max = 2048
[   95.347430][ T4495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   95.358063][ T4403] device bridge_slave_1 left promiscuous mode
[   95.364394][ T4403] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.380207][ T4403] device bridge_slave_0 left promiscuous mode
[   95.386631][ T4403] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.397577][ T4403] device veth0_vlan left promiscuous mode
[   95.492026][ T4668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   95.515222][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.517853][    T6] cdc_ncm 8-1:1.0: setting tx_max = 184
[   95.533775][ T4691] device veth0_vlan entered promiscuous mode
[   95.541681][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   95.551172][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   95.560607][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   95.572649][    T6] cdc_ncm 8-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.7-1, CDC NCM, 42:42:42:42:42:42
[   95.594103][ T4668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   95.617933][    T6] usb 8-1: USB disconnect, device number 2
[   95.626118][ T4691] device veth1_macvtap entered promiscuous mode
[   95.637484][ T4668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   95.638286][    T6] cdc_ncm 8-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.7-1, CDC NCM
[   95.671628][ T4668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   95.738182][ T4743] kvm [4742]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x7
[   95.748328][ T4743] kvm [4742]: vcpu2, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x7
[   95.850383][ T4765] loop8: detected capacity change from 0 to 512
[   95.886799][ T4765] EXT4-fs (loop8): revision level too high, forcing read-only mode
[   95.911609][ T4765] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[   95.923041][ T4765] System zones: 0-1, 15-15, 18-18, 34-34
[   95.955693][ T4765] EXT4-fs (loop8): orphan cleanup on readonly fs
[   95.999207][ T4765] EXT4-fs warning (device loop8): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   96.014996][ T4765] EXT4-fs (loop8): Cannot turn on quotas: error -22
[   96.022530][ T4765] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.1661: bg 0: block 40: padding at end of block bitmap is not set
[   96.039969][ T4765] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6178: Corrupt filesystem
[   96.050061][ T4765] EXT4-fs (loop8): 1 truncate cleaned up
[   96.055919][ T4765] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   96.076579][ T4765] fscrypt (loop8, inode 16): Error -61 getting encryption context
[   96.298823][ T4806] loop0: detected capacity change from 0 to 8192
[   96.307670][ T4786] loop6: detected capacity change from 0 to 40427
[   96.349245][ T4786] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[   96.367868][ T4786] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[   96.377173][ T4806] FAT-fs (loop0): bogus logical sector size 516
[   96.386493][ T4806] FAT-fs (loop0): Can't find a valid FAT filesystem
[   96.398245][ T4786] F2FS-fs (loop6): invalid crc value
[   96.427493][ T4786] F2FS-fs (loop6): Found nat_bits in checkpoint
[   96.521065][ T4786] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[   96.537806][ T4786] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[   96.602577][ T4786] attempt to access beyond end of device
[   96.602577][ T4786] loop6: rw=2049, want=77960, limit=40427
[   96.659965][ T4832] loop7: detected capacity change from 0 to 512
[   96.672513][ T4668] attempt to access beyond end of device
[   96.672513][ T4668] loop6: rw=1, want=77832, limit=40427
[   96.704093][ T4051] attempt to access beyond end of device
[   96.704093][ T4051] loop6: rw=2051, want=77960, limit=40427
[   96.718540][ T4051] F2FS-fs (loop6): Issue discard(9729, 9729, 16) failed, ret: -5
[   96.775865][ T4832] EXT4-fs (loop7): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,lazytime,dioread_lock,,errors=continue. Quota mode: writeback.
[   96.818946][ T4847] loop8: detected capacity change from 0 to 128
[   96.851528][ T4847] FAT-fs (loop8): bogus number of FAT structure
[   96.863200][ T4847] FAT-fs (loop8): This doesn't look like a DOS 1.x volume; no bootstrapping code
[   96.873989][ T4847] FAT-fs (loop8): Can't find a valid FAT filesystem
[   96.881421][ T4852] syz.7.1691[4852] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   96.881494][ T4852] syz.7.1691[4852] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   96.942471][ T4857] loop0: detected capacity change from 0 to 512
[   96.979473][ T4857] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,lazytime,minixdf,,errors=continue. Quota mode: writeback.
[   97.024197][ T4859] loop7: detected capacity change from 0 to 2048
[   97.060394][ T4859] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   97.127740][    T6] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   97.188999][ T4868] loop8: detected capacity change from 0 to 40427
[   97.224721][ T4868] F2FS-fs (loop8): fault_injection options not supported
[   97.290922][ T4868] F2FS-fs (loop8): invalid crc value
[   97.301616][ T4868] F2FS-fs (loop8): Found nat_bits in checkpoint
[   97.345568][ T4868] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[   97.405516][ T4691] attempt to access beyond end of device
[   97.405516][ T4691] loop8: rw=2049, want=40984, limit=40427
[   97.439361][ T4903] Dead loop on virtual device ip6_vti0, fix it urgently!
[   97.487622][    T6] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.504184][    T6] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.529308][    T6] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   97.545404][    T6] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   97.557202][    T6] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.578273][    T6] usb 7-1: config 0 descriptor??
[   97.583844][ T4911] netlink: 64 bytes leftover after parsing attributes in process `syz.8.1712'.
[   97.709483][ T4924] loop7: detected capacity change from 0 to 512
[   97.727479][ T4924] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[   97.741566][ T4924] EXT4-fs (loop7): 1 truncate cleaned up
[   97.747309][ T4924] EXT4-fs (loop7): mounted filesystem without journal. Opts: abort,errors=remount-ro,. Quota mode: none.
[   97.781207][   T30] kauditd_printk_skb: 91 callbacks suppressed
[   97.781221][   T30] audit: type=1400 audit(359.751:1547): avc:  denied  { read } for  pid=4928 comm="syz.8.1723" name="file0" dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   97.811951][   T30] audit: type=1400 audit(359.751:1548): avc:  denied  { open } for  pid=4928 comm="syz.8.1723" path="/20/file0" dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   97.840557][   T30] audit: type=1400 audit(359.751:1549): avc:  denied  { ioctl } for  pid=4928 comm="syz.8.1723" path="/20/file0" dev="tmpfs" ino=125 ioctlcmd=0x1271 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   97.887779][ T4933] loop7: detected capacity change from 0 to 4096
[   97.914620][ T4933] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   98.058480][    T6] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[   98.079242][    T6] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[   98.100776][   T30] audit: type=1400 audit(360.071:1550): avc:  denied  { listen } for  pid=4947 comm="syz.3.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   98.164694][   T30] audit: type=1400 audit(360.071:1551): avc:  denied  { accept } for  pid=4947 comm="syz.3.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   98.488779][   T30] audit: type=1326 audit(360.462:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4966 comm="syz.0.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   98.522758][   T30] audit: type=1326 audit(360.462:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4966 comm="syz.0.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   98.550849][   T30] audit: type=1326 audit(360.462:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4966 comm="syz.0.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   98.575005][   T30] audit: type=1326 audit(360.462:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4966 comm="syz.0.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   98.603216][   T30] audit: type=1326 audit(360.482:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4966 comm="syz.0.1739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[   98.607139][    T6] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[   98.633857][   T60] usb 7-1: USB disconnect, device number 6
[   98.748778][ T4991] loop3: detected capacity change from 0 to 16
[   98.768182][ T4991] erofs: (device loop3): mounted with root inode @ nid 36.
[   98.786703][ T4993] 9pnet: Insufficient options for proto=fd
[   98.793270][ T4991] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=86
[   98.804267][ T4991] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=86
[   98.813423][ T4991] overlayfs: failed to get metacopy (-117)
[   98.996869][    T6] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.008184][    T6] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.018414][    T6] usb 9-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[   99.027678][    T6] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.050628][    T6] usb 9-1: config 0 descriptor??
[   99.139037][ T5016] loop3: detected capacity change from 0 to 40427
[   99.177756][ T5016] F2FS-fs (loop3): fault_injection options not supported
[   99.187047][ T5016] F2FS-fs (loop3): invalid crc value
[   99.193710][ T5016] F2FS-fs (loop3): Found nat_bits in checkpoint
[   99.216413][ T5016] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   99.226656][   T60] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   99.269432][  T282] attempt to access beyond end of device
[   99.269432][  T282] loop3: rw=2049, want=40984, limit=40427
[   99.486213][ T5039] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   99.500560][ T5039] FAT-fs (loop7): unable to read boot sector
[   99.517915][    T6] steelseries_srws1 0003:1038:1410.0010: missing HID_OUTPUT_REPORT 0
[   99.596676][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.608004][   T20] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   99.616073][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.625844][   T60] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   99.639579][   T60] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   99.649254][   T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.658129][   T60] usb 8-1: config 0 descriptor??
[   99.744943][  T344] usb 9-1: USB disconnect, device number 2
[   99.817838][ T5059] user requested TSC rate below hardware speed
[   99.876454][   T26] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   99.877047][   T20] usb 7-1: Using ep0 maxpacket: 16
[  100.126244][   T26] usb 4-1: Using ep0 maxpacket: 8
[  100.137260][   T60] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[  100.146910][   T60] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  100.166351][   T20] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  100.176922][   T20] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.185633][   T20] usb 7-1: Product: syz
[  100.190516][   T20] usb 7-1: Manufacturer: syz
[  100.195158][   T20] usb 7-1: SerialNumber: syz
[  100.200418][   T20] usb 7-1: config 0 descriptor??
[  100.237044][   T20] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected
[  100.247753][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  100.259337][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  100.261851][   T20] usb 7-1: Detected FT232H
[  100.270608][   T26] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  100.277036][ T5078] syz.8.1787[5078] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  100.283263][ T5078] syz.8.1787[5078] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  100.283687][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  100.316670][   T26] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  100.326841][   T26] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  100.345821][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.351340][ T5078] syz.8.1787[5078] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  100.354265][ T5078] syz.8.1787[5078] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  100.366505][  T317] usb 8-1: USB disconnect, device number 3
[  100.386585][   T26] usb 4-1: config 0 descriptor??
[  100.446253][   T20] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  100.466239][   T20] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  100.486117][   T20] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71
[  100.493665][   T20] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  100.521891][   T20] usb 7-1: USB disconnect, device number 7
[  100.538015][   T20] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  100.557282][   T20] ftdi_sio 7-1:0.0: device disconnected
[  100.658168][   T39] usb 4-1: USB disconnect, device number 6
[  100.739116][ T5096] loop0: detected capacity change from 0 to 40427
[  100.784184][ T5096] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  100.792615][ T5096] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  100.811685][ T5096] F2FS-fs (loop0): invalid crc value
[  100.829724][ T5096] F2FS-fs (loop0): Found nat_bits in checkpoint
[  100.871353][ T5096] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  100.880912][ T5096] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  100.920563][ T5114] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1800'.
[  100.947016][ T5096] attempt to access beyond end of device
[  100.947016][ T5096] loop0: rw=2049, want=77960, limit=40427
[  100.964767][ T5112] loop8: detected capacity change from 0 to 8192
[  100.998623][ T5120] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1802'.
[  101.008009][ T5120] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1802'.
[  101.017554][ T1509]  loop8: p1 p2 p4 < >
[  101.021722][ T1509] loop8: partition table partially beyond EOD, truncated
[  101.035235][ T4425] attempt to access beyond end of device
[  101.035235][ T4425] loop0: rw=1, want=77832, limit=40427
[  101.045654][ T1509] loop8: p1 start 16777216 is beyond EOD, truncated
[  101.057874][ T1509] loop8: p2 size 515840 extends beyond EOD, truncated
[  101.066115][ T1509] loop8: p4 start 16777216 is beyond EOD, truncated
[  101.066710][  T281] attempt to access beyond end of device
[  101.066710][  T281] loop0: rw=2051, want=77960, limit=40427
[  101.084511][  T281] F2FS-fs (loop0): Issue discard(9729, 9729, 16) failed, ret: -5
[  101.101004][ T5112]  loop8: p1 p2 p4 < >
[  101.120031][ T5112] loop8: partition table partially beyond EOD, truncated
[  101.137577][ T5112] loop8: p1 start 16777216 is beyond EOD, truncated
[  101.149967][ T5112] loop8: p2 size 515840 extends beyond EOD, truncated
[  101.158099][ T5112] loop8: p4 start 16777216 is beyond EOD, truncated
[  101.316580][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory
[  101.381313][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory
[  101.381923][ T5151] loop7: detected capacity change from 0 to 2048
[  101.411131][ T5155] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1819'.
[  101.421319][ T5159] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5159 comm=syz.8.1820
[  101.443815][ T5151] EXT4-fs (loop7): Ignoring removed bh option
[  101.486530][ T5159] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5159 comm=syz.8.1820
[  101.501933][ T5151] EXT4-fs (loop7): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  101.586750][   T60] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  101.932123][ T5180] loop8: detected capacity change from 0 to 40427
[  101.965434][   T60] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  101.975752][   T60] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  101.991697][ T5180] F2FS-fs (loop8): Found nat_bits in checkpoint
[  102.022965][ T5180] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  102.051073][ T5180] attempt to access beyond end of device
[  102.051073][ T5180] loop8: rw=2049, want=45104, limit=40427
[  102.065404][   T60] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  102.077073][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  102.085875][ T4691] attempt to access beyond end of device
[  102.085875][ T4691] loop8: rw=2049, want=45112, limit=40427
[  102.085961][   T60] usb 7-1: SerialNumber: syz
[  102.165191][   T26] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  102.215768][ T5199] xt_hashlimit: max too large, truncated to 1048576
[  102.365840][   T60] usb 7-1: 0:2 : does not exist
[  102.376153][   T60] usb 7-1: USB disconnect, device number 8
[  102.384049][ T5215] loop8: detected capacity change from 0 to 512
[  102.415109][   T26] usb 8-1: Using ep0 maxpacket: 16
[  102.436594][ T5215] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  102.515336][ T5217] loop0: detected capacity change from 0 to 40427
[  102.549002][ T5225] loop8: detected capacity change from 0 to 512
[  102.559507][ T5217] F2FS-fs (loop0): invalid crc value
[  102.565085][   T26] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  102.569131][ T5217] F2FS-fs (loop0): Found nat_bits in checkpoint
[  102.576545][   T26] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  102.596431][ T1509] udevd[1509]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  102.607182][ T5225] EXT4-fs (loop8): Ignoring removed bh option
[  102.623538][ T5217] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  102.631644][ T5225] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  102.653706][ T5225] EXT4-fs (loop8): 1 truncate cleaned up
[  102.664955][ T5225] EXT4-fs (loop8): mounted filesystem without journal. Opts: bh,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,nodelalloc,quota,,errors=continue. Quota mode: writeback.
[  102.674009][   T26] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  102.695860][ T5217] attempt to access beyond end of device
[  102.695860][ T5217] loop0: rw=2049, want=77960, limit=40427
[  102.729366][   T26] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.733326][  T281] attempt to access beyond end of device
[  102.733326][  T281] loop0: rw=2049, want=45104, limit=40427
[  102.756193][   T26] usb 8-1: config 0 descriptor??
[  102.794239][ T5238] input: syz0 as /devices/virtual/input/input11
[  102.803322][ T5237] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[  102.829903][ T5237] SELinux: security_context_str_to_sid(system_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  102.854590][   T30] kauditd_printk_skb: 118 callbacks suppressed
[  102.854606][   T30] audit: type=1326 audit(364.824:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  102.898845][   T30] audit: type=1326 audit(364.824:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  102.945919][   T30] audit: type=1326 audit(364.864:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  102.977936][   T30] audit: type=1326 audit(364.864:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  103.001436][   T30] audit: type=1326 audit(364.864:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  103.029562][   T30] audit: type=1326 audit(364.864:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  103.053709][   T30] audit: type=1326 audit(364.864:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  103.077827][   T30] audit: type=1326 audit(364.864:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5239 comm="syz.8.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  103.150754][   T30] audit: type=1326 audit(365.124:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5241 comm="syz.3.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd0acf16c9 code=0x7ffc0000
[  103.185507][   T30] audit: type=1326 audit(365.164:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5241 comm="syz.3.1853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd0acf16c9 code=0x7ffc0000
[  103.246966][   T26] HID 045e:07da: Invalid code 65791 type 1
[  103.263432][   T26] input: HID 045e:07da as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:045E:07DA.0012/input/input12
[  103.284925][   T26] microsoft 0003:045E:07DA.0012: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0
[  103.309170][ T5270] xt_hashlimit: max too large, truncated to 1048576
[  103.408962][ T5285] incfs: Error accessing: ./file0.
[  103.419228][ T5285] incfs: mount failed -20
[  103.424680][   T39] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  103.507827][ T5296] netlink: 'syz.0.1878': attribute type 4 has an invalid length.
[  103.517473][ T5296] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1878'.
[  103.672437][ T5315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1885'.
[  103.684511][   T39] usb 7-1: Using ep0 maxpacket: 16
[  103.711961][ T5318] loop0: detected capacity change from 0 to 1024
[  103.728848][ T5318] EXT4-fs (loop0): Invalid log block size: 27052
[  103.749652][ T5308] loop8: detected capacity change from 0 to 40427
[  103.774708][ T5308] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  103.782581][ T5308] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  103.792869][ T5308] F2FS-fs (loop8): invalid crc value
[  103.794090][ T5323] loop3: detected capacity change from 0 to 4096
[  103.799782][ T5308] F2FS-fs (loop8): Found nat_bits in checkpoint
[  103.832773][ T5323] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  103.854611][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.865780][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.877863][   T39] usb 7-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  103.878349][ T5308] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  103.889384][   T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.911730][   T39] usb 7-1: config 0 descriptor??
[  103.916937][ T5308] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  103.969863][ T5308] attempt to access beyond end of device
[  103.969863][ T5308] loop8: rw=2049, want=77960, limit=40427
[  104.023972][ T4425] attempt to access beyond end of device
[  104.023972][ T4425] loop8: rw=1, want=77832, limit=40427
[  104.053338][ T4691] attempt to access beyond end of device
[  104.053338][ T4691] loop8: rw=2051, want=77960, limit=40427
[  104.065934][ T4691] F2FS-fs (loop8): Issue discard(9729, 9729, 16) failed, ret: -5
[  104.127676][   T26] usb 8-1: USB disconnect, device number 4
[  104.184294][ T5338] loop8: detected capacity change from 0 to 1024
[  104.208111][ T5338] EXT4-fs (loop8): Ignoring removed oldalloc option
[  104.217701][ T5338] EXT4-fs (loop8): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  104.231384][ T5338] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e055c11c, mo2=0002]
[  104.239666][ T5338] System zones: 0-1, 3-36
[  104.246127][ T5338] EXT4-fs (loop8): mounted filesystem without journal. Opts: grpquota,oldalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,norecovery,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[  104.395118][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.403302][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.411856][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.419341][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.426505][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.441836][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.448966][   T39] ntrig 0003:1B96:0008.0013: unknown main item tag 0x0
[  104.456933][   T39] ntrig 0003:1B96:0008.0013: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.6-1/input0
[  104.531940][ T5362] syz.8.1906[5362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  104.531991][ T5362] syz.8.1906[5362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  104.573393][ T5366] bridge0: port 3(syz_tun) entered blocking state
[  104.591476][ T5366] bridge0: port 3(syz_tun) entered disabled state
[  104.598484][ T5366] device syz_tun entered promiscuous mode
[  104.605267][ T5366] bridge0: port 3(syz_tun) entered blocking state
[  104.611703][ T5366] bridge0: port 3(syz_tun) entered forwarding state
[  104.615938][   T39] usb 7-1: USB disconnect, device number 9
[  104.628695][ T5367] device syz_tun left promiscuous mode
[  104.634765][ T5367] bridge0: port 3(syz_tun) entered disabled state
[  104.648701][ T5368] fido_id[5368]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  104.650359][ T5367] device bridge_slave_0 left promiscuous mode
[  104.678071][ T5367] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.692156][ T5367] device bridge_slave_1 left promiscuous mode
[  104.698508][ T5367] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.725258][ T5374] 9pnet: p9_errstr2errno: server reported unknown error ��n$�[
[  104.725258][ T5374] Q&|x�
[  104.799450][ T5376] loop7: detected capacity change from 0 to 8192
[  104.823326][ T5379] loop8: detected capacity change from 0 to 2048
[  104.842082][ T5379] EXT4-fs (loop8): Ignoring removed bh option
[  104.842876][ T1509]  loop7: p1 p2 p4 < >
[  104.852562][ T1509] loop7: partition table partially beyond EOD, truncated
[  104.861358][ T1509] loop7: p1 start 16777216 is beyond EOD, truncated
[  104.868497][ T1509] loop7: p2 size 515840 extends beyond EOD, truncated
[  104.876675][ T1509] loop7: p4 start 16777216 is beyond EOD, truncated
[  104.884206][ T5379] EXT4-fs (loop8): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  104.905135][ T5376]  loop7: p1 p2 p4 < >
[  104.909449][ T5376] loop7: partition table partially beyond EOD, truncated
[  104.917084][ T5376] loop7: p1 start 16777216 is beyond EOD, truncated
[  104.924006][ T5376] loop7: p2 size 515840 extends beyond EOD, truncated
[  104.931523][ T5376] loop7: p4 start 16777216 is beyond EOD, truncated
[  105.043982][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory
[  105.081343][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory
[  105.255447][ T5408] tipc: Started in network mode
[  105.260920][ T5408] tipc: Node identity 0000000000000000005885d6a76549cc, cluster identity 4711
[  105.278454][ T5408] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  105.344216][ T5415] loop3: detected capacity change from 0 to 512
[  105.426071][ T5415] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  105.454796][ T5415] EXT4-fs (loop3): 1 truncate cleaned up
[  105.460564][ T5415] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,journal_ioprio=0x0000000000000006,inode_readahead_blks=0x0000000000040000,,errors=continue. Quota mode: none.
[  105.531027][ T5422] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1930'.
[  105.663035][ T5426] loop8: detected capacity change from 0 to 8192
[  105.733759][ T5426] attempt to access beyond end of device
[  105.733759][ T5426] loop8: rw=0, want=57848, limit=8192
[  105.754727][ T5426] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  105.771336][ T5426] FAT-fs (loop8): Filesystem has been set read-only
[  105.786335][ T5426] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  105.803175][ T5426] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  105.866999][ T5434] loop7: detected capacity change from 0 to 40427
[  105.876847][ T5438] loop3: detected capacity change from 0 to 2048
[  105.924463][ T5438] EXT4-fs (loop3): Ignoring removed bh option
[  105.963735][ T5438] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  105.985628][ T5434] F2FS-fs (loop7): invalid crc value
[  106.035056][ T5434] F2FS-fs (loop7): Found nat_bits in checkpoint
[  106.088305][ T5434] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  106.115361][ T5451] loop0: detected capacity change from 0 to 512
[  106.147324][ T5434] attempt to access beyond end of device
[  106.147324][ T5434] loop7: rw=2049, want=77960, limit=40427
[  106.163329][  T344] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  106.177925][ T4091] attempt to access beyond end of device
[  106.177925][ T4091] loop7: rw=2049, want=45104, limit=40427
[  106.197291][ T5451] EXT4-fs (loop0): Ignoring removed bh option
[  106.206095][ T5451] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  106.244278][ T5451] EXT4-fs (loop0): 1 truncate cleaned up
[  106.249951][ T5451] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,nodelalloc,quota,,errors=continue. Quota mode: writeback.
[  106.272801][ T5464] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1946'.
[  106.314441][ T5464] option changes via remount are deprecated (pid=5463 comm=syz.6.1946)
[  106.413178][  T344] usb 9-1: Using ep0 maxpacket: 8
[  106.543103][  T344] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  106.555330][  T344] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  106.565726][  T344] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  106.575928][  T344] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  106.586301][  T344] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  106.597100][  T344] usb 9-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  106.607195][  T344] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.623233][  T344] usb 9-1: config 0 descriptor??
[  106.871136][  T333] usb 9-1: USB disconnect, device number 3
[  107.198961][ T5478] loop6: detected capacity change from 0 to 2048
[  107.214479][ T5478] EXT4-fs (loop6): Ignoring removed bh option
[  107.233931][ T5478] EXT4-fs (loop6): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  107.262295][ T5490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1954'.
[  107.299970][ T5495] loop7: detected capacity change from 0 to 512
[  107.306690][ T5490] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.319366][ T5497] 9pnet: p9_errstr2errno: server reported unknown error �@c�F	S+�ing
[  107.330812][ T5490] device bridge_slave_0 left promiscuous mode
[  107.340158][ T5490] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.343606][ T5495] EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
[  107.359858][ T5495] EXT4-fs (loop7): Ignoring removed bh option
[  107.400884][ T5500] loop6: detected capacity change from 0 to 4096
[  107.408708][ T5502] xt_bpf: check failed: parse error
[  107.414939][ T5495] EXT4-fs error (device loop7): mb_free_blocks:1860: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  107.455240][ T5500] EXT4-fs (loop6): Test dummy encryption mode enabled
[  107.478325][ T5500] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option
[  107.490345][ T5495] EXT4-fs error (device loop7): ext4_do_update_inode:5241: inode #11: comm syz.7.1957: corrupted inode contents
[  107.548146][ T5495] EXT4-fs error (device loop7): ext4_dirty_inode:6077: inode #11: comm syz.7.1957: mark_inode_dirty error
[  107.560333][ T5500] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  107.570033][ T5500] System zones: 0-5
[  107.579951][ T5500] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000005,acl,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  107.592556][ T5495] EXT4-fs error (device loop7): ext4_free_branches:1030: inode #11: comm syz.7.1957: invalid indirect mapped block 1 (level 1)
[  107.616936][ T5495] EXT4-fs error (device loop7): ext4_do_update_inode:5241: inode #11: comm syz.7.1957: corrupted inode contents
[  107.629265][ T5495] EXT4-fs error (device loop7) in ext4_orphan_del:301: Corrupt filesystem
[  107.638698][ T5495] EXT4-fs error (device loop7): ext4_do_update_inode:5241: inode #11: comm syz.7.1957: corrupted inode contents
[  107.650968][ T5495] EXT4-fs error (device loop7): ext4_truncate:4310: inode #11: comm syz.7.1957: mark_inode_dirty error
[  107.665634][ T5495] EXT4-fs error (device loop7) in ext4_process_orphan:343: Corrupt filesystem
[  107.687147][ T5510] loop8: detected capacity change from 0 to 40427
[  107.696603][ T5495] EXT4-fs (loop7): 1 truncate cleaned up
[  107.703480][ T5495] EXT4-fs (loop7): mounted filesystem without journal. Opts: nomblk_io_submit,bh,,errors=continue. Quota mode: none.
[  107.752642][ T5510] F2FS-fs (loop8): invalid crc value
[  107.760857][ T5524] netlink: 'syz.0.1972': attribute type 2 has an invalid length.
[  107.803609][ T5510] F2FS-fs (loop8): Found nat_bits in checkpoint
[  107.859892][ T5510] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  107.919278][ T5540] loop6: detected capacity change from 0 to 2048
[  107.924470][ T5510] attempt to access beyond end of device
[  107.924470][ T5510] loop8: rw=2049, want=77960, limit=40427
[  107.946697][ T4691] attempt to access beyond end of device
[  107.946697][ T4691] loop8: rw=2049, want=45104, limit=40427
[  108.048444][ T5530] loop0: detected capacity change from 0 to 40427
[  108.059566][ T5540] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  108.077596][ T5540] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  108.093974][ T5540] overlayfs: failed to set xattr on upper
[  108.103476][ T5530] F2FS-fs (loop0): fault_injection options not supported
[  108.124813][ T5530] F2FS-fs (loop0): invalid crc value
[  108.142339][ T5530] F2FS-fs (loop0): Found nat_bits in checkpoint
[  108.160461][   T30] kauditd_printk_skb: 120 callbacks suppressed
[  108.160497][   T30] audit: type=1400 audit(370.136:1805): avc:  denied  { rmdir } for  pid=4051 comm="syz-executor" name="lost+found" dev="loop6" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  108.194970][ T5530] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  108.195112][   T30] audit: type=1400 audit(370.176:1806): avc:  denied  { unlink } for  pid=4051 comm="syz-executor" name="file1" dev="loop6" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  108.293925][ T5561] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1983'.
[  108.323494][ T5561] option changes via remount are deprecated (pid=5559 comm=syz.3.1983)
[  108.345426][  T281] attempt to access beyond end of device
[  108.345426][  T281] loop0: rw=2049, want=45104, limit=40427
[  108.379751][   T60] kernel write not supported for file bpf-prog (pid: 60 comm: kworker/0:2)
[  108.452799][   T30] audit: type=1400 audit(370.437:1807): avc:  denied  { read } for  pid=5572 comm="syz.8.1990" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  108.507084][   T30] audit: type=1400 audit(370.437:1808): avc:  denied  { open } for  pid=5572 comm="syz.8.1990" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  108.576290][ T5582] input: syz1 as /devices/virtual/input/input13
[  108.713484][ T5592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'.
[  108.773333][ T5595] bridge0: port 1(syz_tun) entered blocking state
[  108.779806][ T5595] bridge0: port 1(syz_tun) entered disabled state
[  108.824939][ T5595] device syz_tun entered promiscuous mode
[  108.848152][ T5595] bridge0: port 1(syz_tun) entered blocking state
[  108.854957][ T5595] bridge0: port 1(syz_tun) entered forwarding state
[  108.899751][ T5596] device syz_tun left promiscuous mode
[  108.914485][ T5596] bridge0: port 1(syz_tun) entered disabled state
[  108.932416][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  108.973141][ T5596] device bridge_slave_1 left promiscuous mode
[  108.986046][ T5596] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.013328][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  109.132234][   T30] audit: type=1326 audit(371.117:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5611 comm="syz.8.2007" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f84115e66c9 code=0x0
[  109.434233][   T30] audit: type=1326 audit(371.417:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5634 comm="syz.7.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f366a5846c9 code=0x7ffc0000
[  109.499621][ T5639] input: syz1 as /devices/virtual/input/input14
[  109.509226][ T5641] bridge0: port 3(syz_tun) entered blocking state
[  109.511308][   T30] audit: type=1326 audit(371.447:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5634 comm="syz.7.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f366a5846c9 code=0x7ffc0000
[  109.524373][ T5641] bridge0: port 3(syz_tun) entered disabled state
[  109.564724][   T30] audit: type=1326 audit(371.447:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5634 comm="syz.7.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f366a5846c9 code=0x7ffc0000
[  109.599954][   T30] audit: type=1400 audit(371.537:1813): avc:  denied  { lock } for  pid=5642 comm="syz.6.2018" path="socket:[37666]" dev="sockfs" ino=37666 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  109.630908][ T5641] device syz_tun entered promiscuous mode
[  109.640927][ T5641] bridge0: port 3(syz_tun) entered blocking state
[  109.647571][ T5641] bridge0: port 3(syz_tun) entered forwarding state
[  109.659609][ T5645] device syz_tun left promiscuous mode
[  109.665766][ T5645] bridge0: port 3(syz_tun) entered disabled state
[  109.682947][ T5645] device bridge_slave_0 left promiscuous mode
[  109.689550][ T5645] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.710173][ T5645] device bridge_slave_1 left promiscuous mode
[  109.710243][ T5645] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.726303][ T5645] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  109.813698][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  109.852734][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  109.863566][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  109.872936][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  109.885645][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  109.894506][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  109.909661][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  109.923249][ T4403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  109.994622][ T5667] blk_update_request: I/O error, dev loop17, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  110.009683][ T5667] FAT-fs (loop17): unable to read boot sector
[  110.030913][ T5671] loop7: detected capacity change from 0 to 512
[  110.089776][ T5671] EXT4-fs (loop7): mounted filesystem without journal. Opts: grpquota,init_itable=0x0000000000000000,quota,,errors=continue. Quota mode: writeback.
[  110.297895][ T5688] binder: 5687:5688 ioctl c0306201 200000000280 returned -22
[  110.378250][ T5698] sch_fq: defrate 0 ignored.
[  110.436054][   T30] audit: type=1326 audit(372.418:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5704 comm="syz.0.2045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  110.632988][ T5717] syz.7.2050[5717] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.633075][ T5717] syz.7.2050[5717] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.682418][ T5717] netlink: 92 bytes leftover after parsing attributes in process `syz.7.2050'.
[  110.741403][ T5717] netem: unknown loss type 0
[  110.746349][ T5717] netem: change failed
[  110.751375][ T5715] loop0: detected capacity change from 0 to 4096
[  110.840235][ T5715] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  111.090762][   T39] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  111.141485][ T5741] loop3: detected capacity change from 0 to 256
[  111.219162][ T5741] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001)
[  111.240484][ T5741] FAT-fs (loop3): Filesystem has been set read-only
[  111.370977][   T39] usb 8-1: Using ep0 maxpacket: 32
[  111.457797][ T5750] 9pnet: p9_errstr2errno: server reported unknown error �@c�F	S+�ing
[  111.500621][   T39] usb 8-1: config 0 has an invalid interface number: 2 but max is 0
[  111.514745][   T39] usb 8-1: config 0 has no interface number 0
[  111.531106][   T39] usb 8-1: config 0 interface 2 has no altsetting 0
[  111.589975][ T5763] loop3: detected capacity change from 0 to 1024
[  111.630490][ T5763] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  111.669052][ T5763] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  111.723531][   T39] usb 8-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  111.742913][   T39] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.772094][   T39] usb 8-1: Product: syz
[  111.782378][   T39] usb 8-1: Manufacturer: syz
[  111.787152][   T39] usb 8-1: SerialNumber: syz
[  111.804868][   T39] usb 8-1: config 0 descriptor??
[  112.120364][   T39] usb 8-1: invalid MIDI in EP 0
[  112.125810][   T39] snd-usb-audio: probe of 8-1:0.2 failed with error -22
[  112.152528][   T39] usb 8-1: USB disconnect, device number 5
[  112.301194][ T5793] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  112.310205][  T317] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  112.549979][  T317] usb 4-1: Using ep0 maxpacket: 16
[  112.778091][ T5826] syz.8.2096[5826] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  112.778187][ T5826] syz.8.2096[5826] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  112.830383][  T317] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  112.884285][  T317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.901578][  T317] usb 4-1: Product: syz
[  112.907584][  T317] usb 4-1: Manufacturer: syz
[  112.912663][  T317] usb 4-1: SerialNumber: syz
[  112.922090][  T317] usb 4-1: config 0 descriptor??
[  112.942662][ T5845] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2105'.
[  112.969625][  T317] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  112.980375][  T317] usb 4-1: Detected FT232H
[  113.076894][ T5855] kvm [5854]: vcpu2, guest rIP: 0x9137 disabled perfctr wrmsr: 0xc1 data 0x4000
[  113.086292][ T5855] kvm [5854]: vcpu2, guest rIP: 0x9137 disabled perfctr wrmsr: 0xc2 data 0x4000
[  113.097706][ T5855] kvm [5854]: vcpu2, guest rIP: 0x9137 ignored wrmsr: 0x11e data 0x4000
[  113.109371][ T5855] kvm [5854]: vcpu2, guest rIP: 0x9137 disabled perfctr wrmsr: 0x186 data 0x4000
[  113.118971][ T5855] kvm [5854]: vcpu2, guest rIP: 0x9137 disabled perfctr wrmsr: 0x187 data 0x4000
[  113.180382][  T317] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  113.199705][  T317] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  113.216285][ T5870] 9pnet: p9_errstr2errno: server reported unknown error �1 g;-�~	
[  113.230191][  T317] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[  113.239678][  T317] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  113.264953][  T317] usb 4-1: USB disconnect, device number 7
[  113.288040][  T317] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  113.304620][   T30] kauditd_printk_skb: 69 callbacks suppressed
[  113.304636][   T30] audit: type=1326 audit(375.289:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f84115dd567 code=0x7ffc0000
[  113.321097][  T317] ftdi_sio 4-1:0.0: device disconnected
[  113.343729][   T30] audit: type=1326 audit(375.289:1885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8411582789 code=0x7ffc0000
[  113.434731][   T30] audit: type=1326 audit(375.289:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f84115dd567 code=0x7ffc0000
[  113.534345][   T30] audit: type=1326 audit(375.289:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f8411582789 code=0x7ffc0000
[  113.558452][   T30] audit: type=1326 audit(375.289:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  113.586826][   T30] audit: type=1326 audit(375.289:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  113.610728][   T30] audit: type=1326 audit(375.289:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  113.661806][   T30] audit: type=1326 audit(375.289:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  113.734613][   T30] audit: type=1326 audit(375.289:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  113.760342][   T30] audit: type=1326 audit(375.289:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5877 comm="syz.8.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f84115e66c9 code=0x7ffc0000
[  113.807311][ T5881] loop8: detected capacity change from 0 to 40427
[  113.907610][ T5881] F2FS-fs (loop8): Found nat_bits in checkpoint
[  113.978849][ T5881] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  114.009120][ T5908] loop6: detected capacity change from 0 to 8192
[  114.028616][ T5908] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  114.041900][ T5908] FAT-fs (loop6): Unrecognized mount option "appraise_type=imasig" or missing value
[  114.090841][ T4691] F2FS-fs (loop8): access invalid blkaddr:2048
[  114.097285][ T4691] CPU: 0 PID: 4691 Comm: syz-executor Tainted: G        W         syzkaller #0
[  114.106440][ T4691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  114.116489][ T4691] Call Trace:
[  114.119767][ T4691]  <TASK>
[  114.122685][ T4691]  __dump_stack+0x21/0x30
[  114.127021][ T4691]  dump_stack_lvl+0xee/0x150
[  114.131633][ T4691]  ? show_regs_print_info+0x20/0x20
[  114.136848][ T4691]  dump_stack+0x15/0x20
[  114.140987][ T4691]  f2fs_is_valid_blkaddr+0xca0/0x12a0
[  114.146341][ T4691]  f2fs_map_blocks+0xd71/0x38a0
[  114.151179][ T4691]  ? f2fs_do_map_lock+0x80/0x80
[  114.156191][ T4691]  f2fs_mpage_readpages+0xae4/0x1de0
[  114.161559][ T4691]  ? dquot_release_reservation_block+0xa0/0xa0
[  114.167706][ T4691]  ? __this_cpu_preempt_check+0x13/0x20
[  114.173350][ T4691]  ? cgroup_rstat_updated+0xf5/0x370
[  114.178743][ T4691]  ? xas_nomem+0x6b/0x1d0
[  114.183120][ T4691]  f2fs_readahead+0xfc/0x240
[  114.187808][ T4691]  ? f2fs_set_data_page_dirty+0x520/0x520
[  114.193592][ T4691]  read_pages+0x16e/0xb00
[  114.198065][ T4691]  ? __lru_cache_activate_page+0x210/0x210
[  114.204316][ T4691]  ? page_cache_ra_unbounded+0x980/0x980
[  114.209939][ T4691]  page_cache_ra_unbounded+0x782/0x980
[  114.215604][ T4691]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  114.222276][ T4691]  ? handle_pte_fault+0x73c/0x2680
[  114.227397][ T4691]  ondemand_readahead+0x8d3/0xe30
[  114.232520][ T4691]  ? page_cache_sync_ra+0x420/0x420
[  114.237704][ T4691]  ? do_handle_mm_fault+0xf39/0x1d50
[  114.242974][ T4691]  page_cache_sync_ra+0x2c4/0x420
[  114.248087][ T4691]  ? force_page_cache_ra+0x460/0x460
[  114.253354][ T4691]  f2fs_readdir+0x468/0x990
[  114.257841][ T4691]  ? f2fs_fill_dentries+0xce0/0xce0
[  114.263026][ T4691]  ? down_read_killable+0xbb/0x110
[  114.268132][ T4691]  ? security_file_permission+0x83/0xa0
[  114.273661][ T4691]  iterate_dir+0x260/0x600
[  114.278088][ T4691]  ? f2fs_fill_dentries+0xce0/0xce0
[  114.283279][ T4691]  __se_sys_getdents64+0xe5/0x240
[  114.288288][ T4691]  ? __x64_sys_getdents64+0x90/0x90
[  114.293482][ T4691]  ? filldir+0x690/0x690
[  114.297704][ T4691]  ? debug_smp_processor_id+0x17/0x20
[  114.303284][ T4691]  __x64_sys_getdents64+0x7b/0x90
[  114.308903][ T4691]  x64_sys_call+0x592/0x9a0
[  114.314006][ T4691]  do_syscall_64+0x4c/0xa0
[  114.319456][ T4691]  ? clear_bhb_loop+0x50/0xa0
[  114.324131][ T4691]  ? clear_bhb_loop+0x50/0xa0
[  114.328792][ T4691]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  114.334686][ T4691] RIP: 0033:0x7f8411619033
[  114.339079][ T4691] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  114.359011][ T4691] RSP: 002b:00007ffc4b61a518 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  114.367407][ T4691] RAX: ffffffffffffffda RBX: 0000555578d604e0 RCX: 00007f8411619033
[  114.375640][ T4691] RDX: 0000000000008000 RSI: 0000555578d604e0 RDI: 0000000000000005
[  114.383913][ T4691] RBP: 0000555578d604b4 R08: 0000000000000000 R09: 0000000000000000
[  114.392163][ T4691] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  114.400382][ T4691] R13: 0000000000000010 R14: 0000555578d604b0 R15: 00007ffc4b61c7d0
[  114.408624][ T4691]  </TASK>
[  114.429379][ T4691] attempt to access beyond end of device
[  114.429379][ T4691] loop8: rw=524288, want=45072, limit=40427
[  114.441381][ T4691] attempt to access beyond end of device
[  114.441381][ T4691] loop8: rw=0, want=45072, limit=40427
[  114.496752][ T4588] attempt to access beyond end of device
[  114.496752][ T4588] loop8: rw=2049, want=40984, limit=40427
[  114.527565][ T5916] futex_wake_op: syz.7.2134 tries to shift op by 32; fix this program
[  114.580613][ T5924] netlink: 96 bytes leftover after parsing attributes in process `syz.7.2138'.
[  114.590693][ T5926] loop0: detected capacity change from 0 to 16
[  114.632774][ T5930] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2141'.
[  114.641920][ T5930] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2141'.
[  114.650904][ T5930] netlink: 'syz.3.2141': attribute type 2 has an invalid length.
[  114.670358][ T5926] erofs: (device loop0): mounted with root inode @ nid 36.
[  114.692239][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 2 @ nid 89
[  114.703374][   T48] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  114.738139][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 10 @ nid 89
[  114.774767][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 9 @ nid 89
[  114.784132][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 8 @ nid 89
[  114.793432][   T20] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  114.803166][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 7 @ nid 89
[  114.828972][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 6 @ nid 89
[  114.837990][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 5 @ nid 89
[  114.864072][ T5926] erofs: (device loop0): z_erofs_readahead: readahead error at page 4 @ nid 89
[  114.877013][ T5926] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 4 @ nid 89
[  114.888866][  T333] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  114.899602][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  114.935773][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  114.962634][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  114.992736][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.017864][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.041958][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.065406][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.089841][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.089952][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.113468][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.121134][ T5938] device bridge_slave_0 entered promiscuous mode
[  115.128427][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.135574][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.143419][ T5938] device bridge_slave_1 entered promiscuous mode
[  115.167329][ T5944] kvm: apic: phys broadcast and lowest prio
[  115.176006][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.208029][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.236686][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.262517][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.286399][   T20] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.301664][   T20] usb 7-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 21
[  115.305703][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.315659][   T20] usb 7-1: config 0 interface 0 has no altsetting 0
[  115.333606][   T20] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00
[  115.343851][   T20] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.363287][  T333] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.375774][   T20] usb 7-1: config 0 descriptor??
[  115.383897][ T5951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2150'.
[  115.393354][  T333] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.428744][ T5926] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  115.454176][ T5955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2151'.
[  115.457535][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.470150][ T5938] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.477581][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.484735][ T5938] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.498563][  T333] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  115.508236][  T333] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  115.516509][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.526182][ T4506] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.526478][  T333] usb 8-1: Manufacturer: syz
[  115.538688][  T333] usb 8-1: config 0 descriptor??
[  115.544346][ T4506] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.582470][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  115.592873][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  115.601847][ T4506] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.608933][ T4506] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.616927][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  115.627344][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  115.635834][ T4506] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.643013][ T4506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.650498][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  115.658887][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  115.667031][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  115.675755][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  115.701399][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  115.711973][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  115.715450][ T5969] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2155'.
[  115.724979][ T5938] device veth0_vlan entered promiscuous mode
[  115.736688][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  115.746263][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  115.754686][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  115.762627][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  115.766850][  T376] kernel read not supported for file inotify (pid: 376 comm: kworker/0:4)
[  115.783366][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  115.791708][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  115.809904][ T5938] device veth1_macvtap entered promiscuous mode
[  115.821595][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  115.829344][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  115.838032][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  115.848968][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  115.857488][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  116.078260][  T376] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  116.209630][   T20] hid-generic 0003:1B1C:1D00.0015: hidraw0: USB HID v0.00 Device [HID 1b1c:1d00] on usb-dummy_hcd.6-1/input0
[  116.318145][  T376] usb 1-1: Using ep0 maxpacket: 16
[  116.438172][  T376] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.449210][  T376] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.459108][  T376] usb 1-1: config 0 interface 0 has no altsetting 0
[  116.465708][  T376] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  116.475153][  T376] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.483902][  T376] usb 1-1: config 0 descriptor??
[  116.688015][  T333] uclogic 0003:256C:006D.0014: failed retrieving string descriptor #100: -71
[  116.697208][  T333] uclogic 0003:256C:006D.0014: failed retrieving pen parameters: -71
[  116.705760][  T333] uclogic 0003:256C:006D.0014: failed probing pen v1 parameters: -71
[  116.713912][  T333] uclogic 0003:256C:006D.0014: failed probing parameters: -71
[  116.721983][  T333] uclogic: probe of 0003:256C:006D.0014 failed with error -71
[  116.732596][  T333] usb 8-1: USB disconnect, device number 6
[  116.953871][ T5977] loop0: detected capacity change from 0 to 1024
[  116.984878][ T5977] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[  117.001217][ T5977] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal
[  117.072051][  T376] hid (null): report_id 0 is invalid
[  117.277106][  T333] usb 1-1: USB disconnect, device number 7
[  117.321661][ T6033] 9pnet: p9_errstr2errno: server reported unknown error 
[  117.395319][ T6039] loop7: detected capacity change from 0 to 512
[  117.438420][ T6039] EXT4-fs error (device loop7): ext4_orphan_get:1401: inode #15: comm syz.7.2185: casefold flag without casefold feature
[  117.457344][ T6039] EXT4-fs error (device loop7): ext4_orphan_get:1406: comm syz.7.2185: couldn't read orphan inode 15 (err -117)
[  117.478734][ T6039] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  117.530814][   T39] usb 7-1: USB disconnect, device number 10
[  117.629003][ T6044] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=4243739199 (8487478398 ns) > initial count (2409167910 ns). Using initial count to start timer.
[  117.770539][ T6062] blk_update_request: I/O error, dev loop19, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  117.784915][ T6062] FAT-fs (loop19): unable to read boot sector
[  117.893927][ T6082] loop9: detected capacity change from 0 to 512
[  117.899304][ T6066] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  117.969836][ T6098] loop6: detected capacity change from 0 to 128
[  117.976672][ T6082] EXT4-fs (loop9): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  118.127616][ T6122] device ip6tnl1 entered promiscuous mode
[  118.150633][ T6098] attempt to access beyond end of device
[  118.150633][ T6098] loop6: rw=0, want=1041, limit=128
[  118.344703][ T6149] syz.9.2233 uses obsolete (PF_INET,SOCK_PACKET)
[  118.372306][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  118.395400][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  118.415386][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  118.425185][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  118.434808][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  118.445183][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  118.455219][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  118.464271][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  118.483847][ T6139] loop0: detected capacity change from 0 to 32768
[  118.519740][ T6139]  loop0: p1 p3 < >
[  118.541616][ T6161] SELinux: security_context_str_to_sid(E�) failed for (dev ?, type ?) errno=-22
[  118.578361][ T6161] SELinux: security_context_str_to_sid(E�) failed for (dev ramfs, type ramfs) errno=-22
[  118.617750][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  118.617766][   T30] audit: type=1326 audit(380.602:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6168 comm="syz.3.2242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd0acf16c9 code=0x7ffc0000
[  118.682942][   T30] audit: type=1326 audit(380.632:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.711695][   T30] audit: type=1326 audit(380.632:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6168 comm="syz.3.2242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7efd0acf16c9 code=0x7ffc0000
[  118.736707][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  118.748627][ T1291] udevd[1291]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  118.771926][   T30] audit: type=1326 audit(380.632:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6168 comm="syz.3.2242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd0acf16c9 code=0x7ffc0000
[  118.795946][   T30] audit: type=1326 audit(380.692:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.820895][   T30] audit: type=1326 audit(380.732:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.844566][   T30] audit: type=1326 audit(380.732:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.868317][   T30] audit: type=1326 audit(380.732:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.868517][ T6171] loop0: detected capacity change from 0 to 8192
[  118.891487][   T30] audit: type=1326 audit(380.732:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.922480][   T30] audit: type=1326 audit(380.732:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23ce6a6c9 code=0x7ffc0000
[  118.957583][ T1509]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[  118.962913][ T1509] loop0: partition table partially beyond EOD, truncated
[  118.970610][ T1509] loop0: p1 start 67108864 is beyond EOD, truncated
[  118.977453][ T1509] loop0: p2 size 61546 extends beyond EOD, truncated
[  118.986087][ T1509] loop0: p3 start 100859904 is beyond EOD, truncated
[  118.993974][ T1509] loop0: p5 start 67108864 is beyond EOD, truncated
[  119.000956][ T1509] loop0: p6 size 61546 extends beyond EOD, truncated
[  119.010780][ T6171]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[  119.017703][ T6171] loop0: partition table partially beyond EOD, truncated
[  119.025073][ T6171] loop0: p1 start 67108864 is beyond EOD, truncated
[  119.032023][ T6171] loop0: p2 size 61546 extends beyond EOD, truncated
[  119.039637][ T6171] loop0: p3 start 100859904 is beyond EOD, truncated
[  119.047499][ T6171] loop0: p5 start 67108864 is beyond EOD, truncated
[  119.056489][ T6171] loop0: p6 size 61546 extends beyond EOD, truncated
[  119.091916][  T101]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[  119.099439][  T101] loop0: partition table partially beyond EOD, truncated
[  119.106625][  T101] loop0: p1 start 67108864 is beyond EOD, truncated
[  119.125256][  T101] loop0: p2 size 61546 extends beyond EOD, truncated
[  119.134863][  T101] loop0: p3 start 100859904 is beyond EOD, truncated
[  119.155641][  T101] loop0: p5 start 67108864 is beyond EOD, truncated
[  119.162534][  T101] loop0: p6 size 61546 extends beyond EOD, truncated
[  119.170137][   T39] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  119.259280][ T1291] udevd[1291]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  119.270314][ T2677] udevd[2677]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[  119.289671][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  119.290265][ T2677] udevd[2677]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[  119.312651][ T1291] udevd[1291]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  119.327657][ T1509] udevd[1509]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  119.327671][ T1291] udevd[1291]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[  119.349128][ T2677] udevd[2677]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[  119.426536][   T39] usb 10-1: Using ep0 maxpacket: 16
[  119.426577][   T60] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  119.696869][   T60] usb 8-1: Using ep0 maxpacket: 32
[  119.736892][   T39] usb 10-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  119.746547][   T39] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.754891][   T39] usb 10-1: Product: syz
[  119.759651][   T39] usb 10-1: Manufacturer: syz
[  119.776534][   T39] usb 10-1: SerialNumber: syz
[  119.786034][   T39] usb 10-1: config 0 descriptor??
[  119.827112][   T39] ftdi_sio 10-1:0.0: FTDI USB Serial Device converter detected
[  119.835039][   T39] usb 10-1: Detected FT232H
[  119.846398][   T60] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[  119.859758][   T60] usb 8-1: config 0 has no interface number 0
[  119.874314][   T60] usb 8-1: config 0 interface 184 has no altsetting 0
[  119.914527][ T6208] loop6: detected capacity change from 0 to 40427
[  119.964925][ T6208] F2FS-fs (loop6): Found nat_bits in checkpoint
[  119.987600][ T6208] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  120.022865][ T4051] F2FS-fs (loop6): access invalid blkaddr:2048
[  120.029338][ T4051] CPU: 0 PID: 4051 Comm: syz-executor Tainted: G        W         syzkaller #0
[  120.038298][ T4051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  120.046350][   T39] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  120.048356][ T4051] Call Trace:
[  120.058354][ T4051]  <TASK>
[  120.061269][ T4051]  __dump_stack+0x21/0x30
[  120.065595][ T4051]  dump_stack_lvl+0xee/0x150
[  120.066264][   T39] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  120.070172][ T4051]  ? show_regs_print_info+0x20/0x20
[  120.082576][ T4051]  dump_stack+0x15/0x20
[  120.086815][ T4051]  f2fs_is_valid_blkaddr+0xca0/0x12a0
[  120.092175][ T4051]  f2fs_map_blocks+0xd71/0x38a0
[  120.096282][   T39] ftdi_sio 10-1:0.0: GPIO initialisation failed: -71
[  120.097016][ T4051]  ? f2fs_do_map_lock+0x80/0x80
[  120.104491][   T39] usb 10-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  120.108495][ T4051]  f2fs_mpage_readpages+0xae4/0x1de0
[  120.108527][ T4051]  ? dquot_release_reservation_block+0xa0/0xa0
[  120.108544][ T4051]  ? __this_cpu_preempt_check+0x13/0x20
[  120.108560][ T4051]  ? cgroup_rstat_updated+0xf5/0x370
[  120.139238][ T4051]  ? xas_nomem+0x6b/0x1d0
[  120.143991][ T4051]  f2fs_readahead+0xfc/0x240
[  120.149391][ T4051]  ? f2fs_set_data_page_dirty+0x520/0x520
[  120.155384][ T4051]  read_pages+0x16e/0xb00
[  120.159731][ T4051]  ? __lru_cache_activate_page+0x210/0x210
[  120.166408][ T4051]  ? page_cache_ra_unbounded+0x980/0x980
[  120.173065][ T4051]  page_cache_ra_unbounded+0x782/0x980
[  120.180211][ T4051]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  120.187777][ T4051]  ? handle_pte_fault+0x73c/0x2680
[  120.193290][ T4051]  ondemand_readahead+0x8d3/0xe30
[  120.199536][ T4051]  ? page_cache_sync_ra+0x420/0x420
[  120.205306][ T4051]  ? do_handle_mm_fault+0xf39/0x1d50
[  120.210903][ T4051]  page_cache_sync_ra+0x2c4/0x420
[  120.216046][ T4051]  ? force_page_cache_ra+0x460/0x460
[  120.221361][ T4051]  f2fs_readdir+0x468/0x990
[  120.225881][ T4051]  ? f2fs_fill_dentries+0xce0/0xce0
[  120.231065][ T4051]  ? down_read_killable+0xbb/0x110
[  120.236164][ T4051]  ? security_file_permission+0x83/0xa0
[  120.241696][ T4051]  iterate_dir+0x260/0x600
[  120.246115][ T4051]  ? f2fs_fill_dentries+0xce0/0xce0
[  120.251320][ T4051]  __se_sys_getdents64+0xe5/0x240
[  120.256332][ T4051]  ? __x64_sys_getdents64+0x90/0x90
[  120.261520][ T4051]  ? filldir+0x690/0x690
[  120.265832][ T4051]  ? debug_smp_processor_id+0x17/0x20
[  120.271214][ T4051]  __x64_sys_getdents64+0x7b/0x90
[  120.276223][ T4051]  x64_sys_call+0x592/0x9a0
[  120.280723][ T4051]  do_syscall_64+0x4c/0xa0
[  120.285126][ T4051]  ? clear_bhb_loop+0x50/0xa0
[  120.289787][ T4051]  ? clear_bhb_loop+0x50/0xa0
[  120.294460][ T4051]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  120.300397][ T4051] RIP: 0033:0x7f1a6b14e033
[  120.305716][ T4051] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  120.326664][ T4051] RSP: 002b:00007fffc763ec28 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  120.335118][ T4051] RAX: ffffffffffffffda RBX: 0000555590de14e0 RCX: 00007f1a6b14e033
[  120.343106][ T4051] RDX: 0000000000008000 RSI: 0000555590de14e0 RDI: 0000000000000005
[  120.351280][ T4051] RBP: 0000555590de14b4 R08: 0000000000000000 R09: 0000000000000000
[  120.359749][ T4051] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  120.367709][ T4051] R13: 0000000000000010 R14: 0000555590de14b0 R15: 00007fffc7640ee0
[  120.376066][ T4051]  </TASK>
[  120.390955][ T4051] attempt to access beyond end of device
[  120.390955][ T4051] loop6: rw=524288, want=45072, limit=40427
[  120.396594][   T39] usb 10-1: USB disconnect, device number 2
[  120.402652][   T60] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  120.409220][   T39] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  120.426078][   T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.428770][   T39] ftdi_sio 10-1:0.0: device disconnected
[  120.441645][ T4051] attempt to access beyond end of device
[  120.441645][ T4051] loop6: rw=0, want=45072, limit=40427
[  120.459753][   T60] usb 8-1: Product: syz
[  120.463969][   T60] usb 8-1: Manufacturer: syz
[  120.469018][   T60] usb 8-1: SerialNumber: syz
[  120.477819][ T4588] attempt to access beyond end of device
[  120.477819][ T4588] loop6: rw=2049, want=40984, limit=40427
[  120.478516][   T60] usb 8-1: config 0 descriptor??
[  120.536540][   T60] smsc75xx v1.0.0
[  120.540492][  T376] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  120.665529][ T6235] loop0: detected capacity change from 0 to 40427
[  120.675576][ T6235] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  120.683869][ T6235] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  120.699939][ T6235] F2FS-fs (loop0): invalid crc value
[  120.709567][ T6235] F2FS-fs (loop0): Found nat_bits in checkpoint
[  120.754983][ T6235] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  120.762940][ T6235] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  120.785944][  T376] usb 4-1: Using ep0 maxpacket: 32
[  120.824850][ T6241] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.832477][ T6241] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.840032][ T6241] device bridge_slave_0 entered promiscuous mode
[  120.847743][ T6241] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.854870][ T6241] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.862926][ T6241] device bridge_slave_1 entered promiscuous mode
[  120.905886][  T376] usb 4-1: config 0 has no interfaces?
[  120.911487][  T376] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  120.920997][  T376] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.939031][  T376] usb 4-1: config 0 descriptor??
[  120.975093][ T6241] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.983101][ T6241] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.992350][ T6241] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.999699][ T6241] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.038485][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.046700][ T4716] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.055420][ T4716] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.078126][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.092009][ T4716] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.099562][ T4716] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.108483][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.118862][ T4716] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.126050][ T4716] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.133779][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.142259][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.151997][ T4588] device bridge_slave_1 left promiscuous mode
[  121.159825][ T4588] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.167969][ T4588] device bridge_slave_0 left promiscuous mode
[  121.174151][ T4588] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.183062][ T4588] device veth0_vlan left promiscuous mode
[  121.185656][   T39] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  121.213163][   T26] usb 4-1: USB disconnect, device number 8
[  121.283869][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  121.296736][ T6262] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  121.304239][ T6262] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  121.322791][ T6262] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  121.331591][ T6262] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  121.341407][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  121.352328][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.360934][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  121.370015][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  121.378903][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  121.387722][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  121.398638][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  121.408845][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  121.429714][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  121.440126][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  121.449305][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  121.455756][   T39] usb 10-1: Using ep0 maxpacket: 16
[  121.463950][ T6241] device veth0_vlan entered promiscuous mode
[  121.477757][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  121.487875][ T6241] device veth1_macvtap entered promiscuous mode
[  121.498491][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  121.509189][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  121.585574][   T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.597061][   T39] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  121.612235][   T39] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  121.621640][   T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.630311][   T39] usb 10-1: config 0 descriptor??
[  121.709871][ T6280] SELinux: failed to load policy
[  121.807913][ T6286] 9p: Unknown uid 18446744073709551615
[  121.842191][ T6288] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6288 comm=syz.3.2283
[  121.857478][ T6288] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=6288 comm=syz.3.2283
[  121.875535][   T60] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  121.888534][ T6282] loop1: detected capacity change from 0 to 40427
[  121.899948][   T60] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  121.925381][   T60] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  121.936542][   T60] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  121.941947][ T6282] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  121.946263][   T60] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  121.946286][   T60] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  121.969789][ T6282] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  121.988826][ T6296] loop3: detected capacity change from 0 to 256
[  121.995535][   T60] smsc75xx: probe of 8-1:0.184 failed with error -71
[  122.002334][ T6282] F2FS-fs (loop1): invalid crc value
[  122.005932][   T60] usb 8-1: USB disconnect, device number 7
[  122.015689][ T6282] F2FS-fs (loop1): Found nat_bits in checkpoint
[  122.035386][ T6296] exfat: Deprecated parameter 'namecase'
[  122.053661][ T6282] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  122.055564][ T6296] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x8d1bf2bd, utbl_chksum : 0xe619d30d)
[  122.061071][ T6282] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  122.098346][ T6296] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2287'.
[  122.116792][   T39] HID 045e:07da: Invalid code 65791 type 1
[  122.137102][   T39] input: HID 045e:07da as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:045E:07DA.0017/input/input16
[  122.151206][   T39] microsoft 0003:045E:07DA.0017: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0
[  122.152448][ T6282] attempt to access beyond end of device
[  122.152448][ T6282] loop1: rw=2049, want=77960, limit=40427
[  122.237861][ T6307] SELinux: security_context_str_to_sid(sy) failed for (dev ?, type ?) errno=-22
[  122.249920][ T6307] SELinux: security_context_str_to_sid(sy) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  122.287929][ T6241] attempt to access beyond end of device
[  122.287929][ T6241] loop1: rw=2051, want=77960, limit=40427
[  122.302280][ T6241] F2FS-fs (loop1): Issue discard(9729, 9729, 16) failed, ret: -5
[  122.474111][ T6328] overlayfs: './bus' not a directory
[  122.509900][ T6332] loop7: detected capacity change from 0 to 128
[  122.602086][ T6344] loop1: detected capacity change from 0 to 256
[  122.607178][ T6332] attempt to access beyond end of device
[  122.607178][ T6332] loop7: rw=0, want=1041, limit=128
[  122.634996][   T39] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  122.811345][ T6369] loop1: detected capacity change from 0 to 512
[  122.816860][ T6371] loop7: detected capacity change from 0 to 512
[  122.849292][ T6369] EXT4-fs (loop1): 1 truncate cleaned up
[  122.855136][ T6369] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,noauto_da_alloc,discard,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback.
[  122.857036][ T6371] EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
[  122.888170][ T6371] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  122.898793][ T6371] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=4002e118, mo2=0002]
[  122.909640][ T6371] EXT4-fs (loop7): orphan cleanup on readonly fs
[  122.917824][ T6371] EXT4-fs warning (device loop7): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  122.932835][ T6371] EXT4-fs (loop7): Cannot turn on quotas: error -22
[  122.940079][ T6371] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.2320: bg 0: block 40: padding at end of block bitmap is not set
[  122.954172][ T6376] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2322'.
[  122.955244][ T6371] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6178: Corrupt filesystem
[  122.977576][ T6371] EXT4-fs (loop7): 1 truncate cleaned up
[  122.979230][  T317] usb 10-1: USB disconnect, device number 3
[  122.983260][ T6371] EXT4-fs (loop7): mounted filesystem without journal. Opts: barrier=0x000000000000ffff,noload,noblock_validity,dioread_lock,noinit_itable,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  123.039391][ T6371] EXT4-fs (loop7): shut down requested (2)
[  123.050252][ T6371] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop7 ino=16
[  123.060464][ T6384] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2326'.
[  123.070724][ T6371] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop7 ino=16
[  123.071366][   T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.079961][   T20] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  123.101614][ T6371] fscrypt (loop7, inode 16): Error -5 getting encryption context
[  123.175659][ T6394] incfs: Options parsing error. -22
[  123.181067][ T6394] incfs: mount failed -22
[  123.207335][ T6400] netlink: 300 bytes leftover after parsing attributes in process `syz.1.2334'.
[  123.238526][ T6402] blk_update_request: I/O error, dev loop15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  123.251638][ T6402] FAT-fs (loop15): unable to read boot sector
[  123.269798][   T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  123.281027][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.290338][   T39] usb 1-1: Product: syz
[  123.304415][   T39] usb 1-1: Manufacturer: syz
[  123.309877][   T39] usb 1-1: SerialNumber: syz
[  123.336923][ T6409] syz.1.2338[6409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  123.336998][ T6409] syz.1.2338[6409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  123.361197][ T6409] syz.1.2338[6409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  123.383261][ T6409] syz.1.2338[6409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  123.412797][ T6412] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  123.434101][ T6412] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  123.474645][   T20] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.496603][   T20] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.524317][ T6418] 9p: Unknown uid 18446744073709551615
[  123.665365][   T30] kauditd_printk_skb: 131 callbacks suppressed
[  123.665382][   T30] audit: type=1326 audit(385.654:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.665572][   T20] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.696223][   T30] audit: type=1326 audit(385.654:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.696262][   T30] audit: type=1326 audit(385.654:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.729833][   T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.729865][   T20] usb 4-1: Product: syz
[  123.729880][   T20] usb 4-1: Manufacturer: syz
[  123.777909][   T20] usb 4-1: SerialNumber: syz
[  123.795059][   T30] audit: type=1326 audit(385.764:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.820732][   T30] audit: type=1326 audit(385.764:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.860156][   T30] audit: type=1326 audit(385.844:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.898857][   T30] audit: type=1326 audit(385.874:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.910527][ T6438] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2351'.
[  123.922169][   T30] audit: type=1326 audit(385.874:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.958889][   T30] audit: type=1326 audit(385.884:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  123.992103][   T30] audit: type=1326 audit(385.884:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6430 comm="syz.9.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc194c06c9 code=0x7ffc0000
[  124.114410][   T20] usb 4-1: 0:2 : does not exist
[  124.137370][   T20] usb 4-1: USB disconnect, device number 9
[  124.354119][   T26] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  124.434115][   T39] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  124.440671][   T39] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  124.451094][   T39] cdc_ncm 1-1:1.0: setting rx_max = 2048
[  124.643989][   T39] cdc_ncm 1-1:1.0: setting tx_max = 184
[  124.665559][   T39] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[  124.694317][   T39] usb 1-1: USB disconnect, device number 8
[  124.700535][   T39] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[  124.715086][   T26] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.731177][   T26] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.754007][   T26] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  124.774763][   T26] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  124.786083][   T26] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.798672][   T26] usb 10-1: config 0 descriptor??
[  124.805895][  T333] ==================================================================
[  124.814005][  T333] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120
[  124.823217][  T333] Read of size 8 at addr ffff88810de74c70 by task kworker/1:3/333
[  124.831454][  T333] 
[  124.833782][  T333] CPU: 1 PID: 333 Comm: kworker/1:3 Tainted: G        W         syzkaller #0
[  124.843101][  T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  124.853167][  T333] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker
[  124.860155][  T333] Call Trace:
[  124.863524][  T333]  <TASK>
[  124.866451][  T333]  __dump_stack+0x21/0x30
[  124.870790][  T333]  dump_stack_lvl+0xee/0x150
[  124.875442][  T333]  ? show_regs_print_info+0x20/0x20
[  124.880624][  T333]  ? load_image+0x3a0/0x3a0
[  124.885113][  T333]  print_address_description+0x7f/0x2c0
[  124.890649][  T333]  ? __list_del_entry_valid+0xa6/0x120
[  124.896098][  T333]  kasan_report+0xf1/0x140
[  124.900492][  T333]  ? __list_del_entry_valid+0xa6/0x120
[  124.905945][  T333]  __asan_report_load8_noabort+0x14/0x20
[  124.911551][  T333]  __list_del_entry_valid+0xa6/0x120
[  124.916811][  T333]  process_one_work+0x453/0xba0
[  124.921648][  T333]  worker_thread+0xa59/0x1200
[  124.926305][  T333]  kthread+0x411/0x500
[  124.930348][  T333]  ? worker_clr_flags+0x190/0x190
[  124.935445][  T333]  ? kthread_blkcg+0xd0/0xd0
[  124.940031][  T333]  ret_from_fork+0x1f/0x30
[  124.944444][  T333]  </TASK>
[  124.947458][  T333] 
[  124.949764][  T333] Allocated by task 39:
[  124.953915][  T333]  __kasan_kmalloc+0xda/0x110
[  124.959393][  T333]  __kmalloc+0x13d/0x2c0
[  124.963849][  T333]  kvmalloc_node+0x206/0x300
[  124.969175][  T333]  alloc_netdev_mqs+0x8d/0xc90
[  124.975108][  T333]  alloc_etherdev_mqs+0x34/0x40
[  124.981892][  T333]  usbnet_probe+0x219/0x2860
[  124.990658][  T333]  usb_probe_interface+0x5ff/0xae0
[  124.998479][  T333]  really_probe+0x285/0x970
[  125.003507][  T333]  __driver_probe_device+0x198/0x280
[  125.009831][  T333]  driver_probe_device+0x54/0x3e0
[  125.015705][  T333]  __device_attach_driver+0x2a6/0x460
[  125.021770][  T333]  bus_for_each_drv+0x175/0x200
[  125.029558][  T333]  __device_attach+0x2a2/0x400
[  125.034422][  T333]  device_initial_probe+0x1a/0x20
[  125.041051][  T333]  bus_probe_device+0xc0/0x1e0
[  125.046318][  T333]  device_add+0xb31/0xed0
[  125.051187][  T333]  usb_set_configuration+0x19c2/0x1f10
[  125.057484][  T333]  usb_generic_driver_probe+0x91/0x150
[  125.064368][  T333]  usb_probe_device+0x148/0x260
[  125.070842][  T333]  really_probe+0x285/0x970
[  125.075343][  T333]  __driver_probe_device+0x198/0x280
[  125.081129][  T333]  driver_probe_device+0x54/0x3e0
[  125.086232][  T333]  __device_attach_driver+0x2a6/0x460
[  125.091747][  T333]  bus_for_each_drv+0x175/0x200
[  125.096589][  T333]  __device_attach+0x2a2/0x400
[  125.101345][  T333]  device_initial_probe+0x1a/0x20
[  125.106357][  T333]  bus_probe_device+0xc0/0x1e0
[  125.111100][  T333]  device_add+0xb31/0xed0
[  125.115407][  T333]  usb_new_device+0xd06/0x1620
[  125.120863][  T333]  hub_event+0x29c4/0x4480
[  125.125838][  T333]  process_one_work+0x6be/0xba0
[  125.131498][  T333]  worker_thread+0xa59/0x1200
[  125.137457][  T333]  kthread+0x411/0x500
[  125.143185][  T333]  ret_from_fork+0x1f/0x30
[  125.149220][  T333] 
[  125.151694][  T333] Freed by task 39:
[  125.155981][  T333]  kasan_set_track+0x4a/0x70
[  125.161110][  T333]  kasan_set_free_info+0x23/0x40
[  125.166131][  T333]  ____kasan_slab_free+0x125/0x160
[  125.171397][  T333]  __kasan_slab_free+0x11/0x20
[  125.176510][  T333]  slab_free_freelist_hook+0xc2/0x190
[  125.182393][  T333]  kfree+0xc4/0x270
[  125.186477][  T333]  kvfree+0x35/0x40
[  125.190389][  T333]  netdev_freemem+0x3f/0x60
[  125.195255][  T333]  netdev_release+0x7f/0xb0
[  125.199770][  T333]  device_release+0x96/0x1c0
[  125.204357][  T333]  kobject_put+0x18a/0x270
[  125.209048][  T333]  put_device+0x1f/0x30
[  125.213193][  T333]  free_netdev+0x34b/0x450
[  125.217686][  T333]  usbnet_disconnect+0x24b/0x3a0
[  125.223341][  T333]  usb_unbind_interface+0x212/0x8c0
[  125.228756][  T333]  device_release_driver_internal+0x4c1/0x760
[  125.236161][  T333]  device_release_driver+0x19/0x20
[  125.241470][  T333]  bus_remove_device+0x2dd/0x340
[  125.246779][  T333]  device_del+0x696/0xe90
[  125.251215][  T333]  usb_disable_device+0x3a8/0x750
[  125.256314][  T333]  usb_disconnect+0x31e/0x850
[  125.260984][  T333]  hub_event+0x1a96/0x4480
[  125.265407][  T333]  process_one_work+0x6be/0xba0
[  125.270345][  T333]  worker_thread+0xd7b/0x1200
[  125.275026][  T333]  kthread+0x411/0x500
[  125.279793][  T333]  ret_from_fork+0x1f/0x30
[  125.284365][  T333] 
[  125.288205][  T333] Last potentially related work creation:
[  125.295228][  T333]  kasan_save_stack+0x3a/0x60
[  125.301420][  T333]  __kasan_record_aux_stack+0xd2/0x100
[  125.307747][  T333]  kasan_record_aux_stack_noalloc+0xb/0x10
[  125.313637][  T333]  insert_work+0x51/0x310
[  125.318527][  T333]  __queue_work+0x8e5/0xc60
[  125.323026][  T333]  queue_work_on+0xd2/0x140
[  125.327897][  T333]  usbnet_link_change+0x189/0x1b0
[  125.332922][  T333]  usbnet_probe+0x1dfd/0x2860
[  125.337816][  T333]  usb_probe_interface+0x5ff/0xae0
[  125.344147][  T333]  really_probe+0x285/0x970
[  125.349107][  T333]  __driver_probe_device+0x198/0x280
[  125.354601][  T333]  driver_probe_device+0x54/0x3e0
[  125.359611][  T333]  __device_attach_driver+0x2a6/0x460
[  125.364966][  T333]  bus_for_each_drv+0x175/0x200
[  125.369815][  T333]  __device_attach+0x2a2/0x400
[  125.374583][  T333]  device_initial_probe+0x1a/0x20
[  125.379633][  T333]  bus_probe_device+0xc0/0x1e0
[  125.384963][  T333]  device_add+0xb31/0xed0
[  125.389557][  T333]  usb_set_configuration+0x19c2/0x1f10
[  125.395152][  T333]  usb_generic_driver_probe+0x91/0x150
[  125.400775][  T333]  usb_probe_device+0x148/0x260
[  125.405622][  T333]  really_probe+0x285/0x970
[  125.410119][  T333]  __driver_probe_device+0x198/0x280
[  125.415480][  T333]  driver_probe_device+0x54/0x3e0
[  125.420485][  T333]  __device_attach_driver+0x2a6/0x460
[  125.425870][  T333]  bus_for_each_drv+0x175/0x200
[  125.430993][  T333]  __device_attach+0x2a2/0x400
[  125.436834][  T333]  device_initial_probe+0x1a/0x20
[  125.441977][  T333]  bus_probe_device+0xc0/0x1e0
[  125.446741][  T333]  device_add+0xb31/0xed0
[  125.451069][  T333]  usb_new_device+0xd06/0x1620
[  125.455826][  T333]  hub_event+0x29c4/0x4480
[  125.460227][  T333]  process_one_work+0x6be/0xba0
[  125.465051][  T333]  worker_thread+0xa59/0x1200
[  125.469701][  T333]  kthread+0x411/0x500
[  125.473745][  T333]  ret_from_fork+0x1f/0x30
[  125.478137][  T333] 
[  125.480439][  T333] The buggy address belongs to the object at ffff88810de74000
[  125.480439][  T333]  which belongs to the cache kmalloc-4k of size 4096
[  125.495004][  T333] The buggy address is located 3184 bytes inside of
[  125.495004][  T333]  4096-byte region [ffff88810de74000, ffff88810de75000)
[  125.508675][  T333] The buggy address belongs to the page:
[  125.514412][  T333] page:ffffea0004379c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10de70
[  125.524759][  T333] head:ffffea0004379c00 order:3 compound_mapcount:0 compound_pincount:0
[  125.533064][  T333] flags: 0x4000000000010200(slab|head|zone=1)
[  125.539429][  T333] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380
[  125.550329][  T333] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  125.559214][  T333] page dumped because: kasan: bad access detected
[  125.565705][  T333] page_owner tracks the page as allocated
[  125.571395][  T333] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6407, ts 123354400029, free_ts 123333297035
[  125.592609][  T333]  post_alloc_hook+0x192/0x1b0
[  125.597382][  T333]  prep_new_page+0x1c/0x110
[  125.602681][  T333]  get_page_from_freelist+0x2cc5/0x2d50
[  125.608403][  T333]  __alloc_pages+0x18f/0x440
[  125.612968][  T333]  new_slab+0xa1/0x4d0
[  125.617055][  T333]  ___slab_alloc+0x381/0x810
[  125.621703][  T333]  __slab_alloc+0x49/0x90
[  125.626008][  T333]  __kmalloc+0x16a/0x2c0
[  125.630222][  T333]  ops_init+0x89/0x4a0
[  125.634262][  T333]  setup_net+0x344/0xa90
[  125.638474][  T333]  copy_net_ns+0x355/0x5c0
[  125.643045][  T333]  create_new_namespaces+0x3a2/0x660
[  125.648522][  T333]  copy_namespaces+0x1d1/0x220
[  125.653270][  T333]  copy_process+0x118d/0x3210
[  125.657926][  T333]  kernel_clone+0x23f/0x940
[  125.662430][  T333]  __x64_sys_clone+0x176/0x1d0
[  125.667350][  T333] page last free stack trace:
[  125.672330][  T333]  free_unref_page_prepare+0x542/0x550
[  125.678015][  T333]  free_unref_page+0xa2/0x550
[  125.682680][  T333]  __free_pages+0x6c/0x100
[  125.687069][  T333]  __free_slab+0xe8/0x1e0
[  125.691375][  T333]  __unfreeze_partials+0x160/0x190
[  125.696460][  T333]  put_cpu_partial+0xc6/0x120
[  125.701108][  T333]  __slab_free+0x1d4/0x290
[  125.705495][  T333]  ___cache_free+0x104/0x120
[  125.710060][  T333]  qlink_free+0x4d/0x90
[  125.714190][  T333]  qlist_free_all+0x5f/0xb0
[  125.718666][  T333]  kasan_quarantine_reduce+0x14a/0x170
[  125.724101][  T333]  __kasan_slab_alloc+0x2f/0xf0
[  125.728925][  T333]  slab_post_alloc_hook+0x4f/0x2b0
[  125.734010][  T333]  kmem_cache_alloc+0xf7/0x260
[  125.738754][  T333]  getname_flags+0xb9/0x500
[  125.743266][  T333]  __x64_sys_unlink+0x3c/0x50
[  125.747932][  T333] 
[  125.750239][  T333] Memory state around the buggy address:
[  125.755841][  T333]  ffff88810de74b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.763886][  T333]  ffff88810de74b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.772020][  T333] >ffff88810de74c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.780152][  T333]                                                              ^
[  125.787852][  T333]  ffff88810de74c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.795890][  T333]  ffff88810de74d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.803924][  T333] ==================================================================
[  125.811958][  T333] Disabling lock debugging due to kernel taint
[  126.294096][   T26] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving
[  126.303474][   T26] plantronics 0003:047F:FFFF.0018: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  126.563944][   T60] usb 10-1: USB disconnect, device number 4