last executing test programs: 9.955668962s ago: executing program 2 (id=706): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000900)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r10, r9, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r10}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20) recvmsg(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x8e80}], 0x1}, 0x0) sendmsg$inet(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 9.015090702s ago: executing program 2 (id=708): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000006b80)="$eJzs3E1rY9UfB/CTPs7Tf/5FXLibC4PQwiQ0fRh0V3UGH7BD8WHhStMkDZlJckuTprUrFy7Fhe9EFFy59DW4cO1OXCjuhJHccypTH0Bp2tjp5wO333tPTn73nEtpOfeGBODSWsh++akUboarIYTpEMKNEIr9UtoKGzGeCyHcCiFMPbGVUvvvDXMhhGshhJuj4rFmKb302Z3h7fUf3/j562/nZ65//tV3k5s1MGnPhxC6u3H/oBszb8V8mNprw3aR3bVhyvhC91E6zmMeNLeLCge14361IldbsX++u98f5U6nVh9lq71TtO/24gn7w9ZxneIND2t7xXGjuV1ku58X2TqK4zo8in/bjvqDWKeR6n1YlA+DwXHG9uZhM85n91GR9d4gtce6eaN5OMphynS6UM87jWIc26e50v9tb7Z7+4fZsLnXb+e9bL1SfaFSvVuu7uWN5qC5Vq51G3fXssVWZ9StPGjWuhutPG91mpV63l3KFlv1erlazRbvNbfbtV5WrVZWK8vl9aW0dyd79cG7WaeRLY7y5XZvf9Du9LOdfC+L71jKViqrLy5lt6vZ25tb2dZb9+9vbr3z/r33Hry0+forqdOfhpUtriyvrJSry+WV6tLFnf/of/2/mv/HadBjnD+cSmnSAwC4eKz/gUm46Ov/YP0/Ftb/l3b+j5PTXUAuN+t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBL6/vZL14rdhbi8fXU/r/U9Ew6LoUQpkIIj//CdJg7UXM61Zn9m/6zfxjDN6VQVBidYz5t10IIG2n79f9nfRUAAADg6fXlR7c+jav1+GNh0gPiPMWbNlM3PhhTvVIIYXbhhzFUCelmU3j29KOKRr/fM+FwTNWKG1hXxlQs3nKbGVe1f2T6RFx5Ikoxpo57zp3ruAAAgLN0ciVwvqsQAAAAztMnkx4Ak1E8aU2fxU+P+eZjpAeCV08cAQAAABdQadIDAAAAAM5csf73/X8AAADwdIvf/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAbO3eTkzoUBQD4tND3eD9GYpy7FWewDJfg0KFhKywBt+AGWAPOXIIBQ3tRMRhM+hfJ9yXt5TbN4ZTQwTm3KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG16KhbTh/urUd046009zVwNAAAAcMiqWEzLD+Nq/i8dP0uHLtI8i4g8Ig7V7oP4tRdzkOIUX5xffMrhMaKMsP2O32n7GxHXaXs5b/tXAAAAgNO1nM0nVbVe7cZ9J0SXqqZN/v+moXhZRBTj54ai5dvd5bdO3RzvD23/38O4q59WqWxg1X5kZqdsuQ2binbcIN3ub8Pow5BVQ95dOgAAQFf2K4EOqxAAAAA6dtt3AvQji91S5m4tuHzy/n1B8M/eDAAAAPiBsr4TAAAAAFpX1v/e/wcAAACnrXr/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1aFYvpcjaf1I2z3tTTzNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvLI/7ygMw2AQBjeJ8uqELuD739Is2K1bNzMg+Pi3EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAlcfx8jzj1ZjJNnqdSd49rySfTo1vp8avc+OfZKy7fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwsz8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfNHvfvk/MTXOJHOnjaXjkWTtqrF11dh70Dh6MN7+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAv2efr7SACAFlCEJUYoCFptfS0pUBFDHwJyBF6bUErvxoM9CqQsrChjJ3QTAihAQKW/+Hzq3UpWwdMhSJiQFkn528HpU4WtW+Np+P9Py+thy/73OiKF8/5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo7L67H+flZmESZ/Wxm/eurpf9ram+dH379nLZyrjXZtJPhlfTnd5Sd4kAAABwcORNfR8xiGJntQyyhar+L5pzypr/++cncVPPT9f9Td/U/mX77de7L+8NtDAZp7zouY3x6Pi/U+k/xmnOtRf+84x+deerZy959Q3JPth6abeo7mfv2xs33htU4aE2sgUAHsaxpq+D5u+hsh92mRgAB0Y/Kbzv1PV/vtBtTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGGzFs03ci4jl/n5cunXv6nrVT+1f37693LTT165tp9csL1FExLmN8eh4WxN5Aly6fOXTtfF4dLH94LWI6G70OvhohnMiusxQ8KhBVv+sz/ZVRyOi+5y7Dzr+xQQAwFOnqFtZ198pdlbLY73FiL9/uL/+fyOJI63/p/q0/r/78emb6Vhp/T9sbYbzb2Xzwhcrly5feWvjwtr50fnRZ2+fGL4zPHnm1KkzK9WzkhVPTAAAAHg0g7ql9X+2GLE7tf5/JIljxvr/y++GX6dj5er/B9pf9Os6EwAAgIPtxaN//tF7wPHeYBBfrW1uXhxOtnv7JybbDlL93w7VLa3/88WuswIAAADasLvVu2/9/2wSx4zr/8/9+MrP6TXziDhcr/8fW/98fLa96XTkr5nOauPfiR/7VAEAAJhrh+uWrv8X1fv/2d4rD1lEvPn6JK4/BnCm+j9//5uf0rHS9/9PtjfFuZQtTe5H1S9F9Je6zggAAICn2TN1K4v934ud1U9+OfLhwPv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG37JwAA//9VakSc") bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x3) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setscheduler(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x50, 0xffffffffffffffff, 0x5738d000) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}], [{@flag='nolazytime'}, {@appraise_type}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]}) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r4, 0x0, 0x2, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) keyctl$set_timeout(0xf, r0, 0x6) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) dup3(0xffffffffffffffff, r3, 0x0) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="05010000000000107d1e222e00000000000109022400010000000009040000020300020009210000000122020009058103"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_usb_control_io(r5, &(0x7f00000003c0)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="0082a1464e47180000f504000000040078e4"], 0x0, 0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x48) 8.36157143s ago: executing program 3 (id=710): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000840)=""/262, 0x37, 0x106, 0x1}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8), 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6}, 0x0, &(0x7f00000002c0)}, 0x20) socketpair$unix(0x1, 0x2, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x40006}) dup(0xffffffffffffffff) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x7, 0x4, 0x80, 0x7, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@getnexthop={0x20, 0x76, 0x401, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x1, 0x8000}]}, 0x20}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 7.529207262s ago: executing program 3 (id=712): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000900)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, r5, 0x26}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x8e80}], 0x1}, 0x0) 6.504935788s ago: executing program 3 (id=715): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xb) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) (fail_nth: 1) 5.989186666s ago: executing program 0 (id=716): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r10, r9, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r10}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20) recvmsg(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x8e80}], 0x1}, 0x0) sendmsg$inet(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 5.586072566s ago: executing program 3 (id=718): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000840)=""/262, 0x37, 0x106, 0x1}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8), 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6}, 0x0, &(0x7f00000002c0)}, 0x20) socketpair$unix(0x1, 0x2, 0x0, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r7) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x7, 0x4, 0x80, 0x7, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@getnexthop={0x20, 0x76, 0x401, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x1, 0x8000}]}, 0x20}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 4.892114198s ago: executing program 2 (id=719): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xb) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x7}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x3, &(0x7f0000000580), 0x1, 0x24f, &(0x7f00000002c0)="$eJzs3U1oFGcYB/BnZnfzuZS0vRQKbaGU0gZCeiv0kl5aCJRQeii0QkTEi5IIMcHbricvHvSskpOXIN6MHiWX4EURPEXNIV4EDR4MHvSwsl8SccGQTXY08/vBZDKz887zDjP/d2YPwwaQWyMRMRERhYgYjYhSRCTbN/iuOY20FhcHV6cjarV/nieN7ZrLTe12wxFRjYhfI2IlTeJ4MWJh+f+Nl2t//nhuvvTDleX/Bnt6kC2bG+t/bV2eOnt98peFu/efTiUxEeV3jmvvJR3WFZOIL/aj2EciKWbdA3bi79PXHtRz/2VEfN/IfynSaJ6883N9K6X4+VLnlrXKhWf3vu5tb4G9VquV6vfAag3InTQiyq2H1Mb/kaZjY81n+IeFofTE7Nyp0WOz8zNHsx6pgD1S//69/sfN/hvDjcwn6Vgr/08KzfwDB1WlNV96VP+7Vci2N0BvlSPWRw9Xfgr5h9yRf8ivVv4HQv7h09W3u2bu/5Bf8g/5Jf+QX/IP+SX/kF/yD/kl/5Bf2/MPAORLrX+HLwpX2w2AgyLj4QcAAAAAAAAAAAAAAAAAAOhgcXB1uj3tw+4HOq28fTFi8/eIKHaqX2j8HnG76dCLpL7ZW0mzWVcOfdvlDrp0NeO3rz97nG39O99kW78yE1E9ExHjxeL711/Suv527/MPfF460mWBLv32b7b1Xy9lW39yLeJWffwZ7zT+pPFVY955/CnXz1+X9U++6nIHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9MybAAAA//9RD2XY") ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000100)=0x56) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000040), 0x12) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000840)=ANY=[@ANYBLOB="2c00000012009702000000000000000007"], 0x2c}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000001c0)={'syztnl1\x00', 0x0, 0x0, 0x1, 0x0, 0x80, 0x11, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, 0x8}}) r6 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @empty}, 0x107}) r7 = socket$igmp6(0xa, 0x3, 0x2) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c00000015000100000000000000001f01"], 0x1c}}, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x8, @none, 0x6, 0x1}, 0xe) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x0, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) 4.799077344s ago: executing program 0 (id=720): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0x552d, &(0x7f000000d000)="$eJzs3M1rI2UYAPAn7Xa7X65FPHjbgUVoYRM23Q/0VnUXP7BLWfXgSdMkDdlNMqVJ09qTB4/iwf9EFDx59G/w4NmbeFC8CUpmJrpdFVybtN3294PJM/PmnWeeN5TCMxMSwKm1kPz6cykux/mImI2ISxHZfqnYMit5eCEirkTEzCNbqRj/c+BsRFyIiMtxbnx6qXjr82vDq7d+euuXb76bP3Pxi6+/P5IFA8fCixHR3cz3d7p5TFt5fFCM14btLHZvDouYv9F9WBynedxprmcZdmrjebUs3mjl89PN7f4obnRq9VFstTey8c1efsH+sDXOk53woLaVHTea61ls99Mstvbyunb38v+Xe/1BnqdR5PsoSx+DwTjm483dZr6ezYdZrPcGxXieN200d0dxWMTiclFPO42sjvWDfNLH29vt3vZuMmxu9dtpL7lVqb5Uqd4uV7fSRnPQvFmudRu3byaLrc5oWnnQrHVXWmna6jQr9bS7lCy26vVytZos3mmut2u9pFqt3KhcL99aKvauJa/fey/pNJLFUXy13dsetDv9ZCPdSvIzlpLlyo2Xl5Kr1eSd1bVk7f7du6tr735w5/17r6y++Vox6W9lJYvL15eXy9Xr5eXq0ila/ydF0RNcPxxI6cmmz0+rDoCnyBT7/4iFPKf+H3jc9Pr/rfsR0+//Q/8/EU9V/3va+/8prB8O5An7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATo4f5r58I9tZyI8vFuPPFEPPFceliJiJiN//wWyc3Zdztsgz9y/z5x6r4dtSZBlG15gvtgsRsVJsvz077U8BAAAATq6vPr7yWd6t5y8LR10Qhym/aTNz6cMJ5StFxNzCjxPKNjN6eX5CybK/7zOxO6Fs2Q2scxNKlt9yOzOpbP/J7L5w7pFQysPMoZYDAAAciv2dwOF2IQAAABymT4+6AI5GKcaPMsfPgrNv3v/1QPD8viMAAADgKM3/v9NKk64DAAAAOHay/t/v/wEAAMDJlv/+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHO3eUozQQxwH435YKikZifDTxKPoGx/AIPvpoOICX4Ah4BS/AGfDNIxjY0OmSZcNudtNp2d18X9IO0ww/Zgg8zEwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1evH75+dfXXN2+27yjAYAAAA4Z1uvF82LWapP2+fv2kcf2noREWVEnJu7V/HqJLOKiE8RUd/Rvr7Vhz8RTcLhM8bt9SYivrbX//d9fwsAAADwcm2Wq3marafb7NIdYkhp0aZ8+y1TXhER9exfprTykPcxU1jz+x7Fj0xpzQLWJFNYWnIb5Up7kObvfly1m9woilSU978/29gBAIABVSfFsLMQAAAAhvT9cPty6V7QXfW45kVcb2UetwLHqWi3916f1AAAAIBnqLh0BwAAAIDeNfP/vs7/mzr/DwAAAJ6EdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdrW68VmuZp3zdntu8kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAK/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J/fDIhhKIqjd2Yy/75V9r/YuqS6hCrnEH7yJDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu5H/EY50zXo0tyUjybLx7PZN8Omp8O2r8+mCuD8e8cCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY2bmf1ziqOADgb2Z2tmlVXKPkEBELHvRi021t7U08KMGDf4IQ0m2N3fqjzcGWIuTiTXLuRfQoIijx1v+h5xZ6qbcecqjguTK/kpc04KpkZtP9fODN+84wmfd9sxDynTdZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYY/v93TgrNoMqTutj9x7fWi36+/v6wp3NB4tFK+KkzaSPhtfinWQh2plrPxkAAABmQ9bU9yGEh/nWctGng7L+z5tzipr/hxequKnn99f9Td/U/kX7/bdHr+wMNKjGKS56aW08Ov10Kr3Dm+V0e/Efz+iVd7589pKVH0j60cbL23l5P5Pv7t79oF+Gx9rIFgD4L041fR00fw8V/bDLxACYGb2o8G7q/2zQbU4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdjeCM81cRJCWOztxoX7j2+tHtTf2Xyw2LTzt29vxtcsLpGHEC6tjUenw1yLs5lu12/cvLIyHo+utR+8HkLoavT36ulf+WSCk0M4pDROdnTnZyxI6w97WvI5GkGHv5QAAHgm5XUr6vqH+dZycSyZD+HJj3vr/zejOExY/z/69Py9eKy4/h+2NsPpt7R+9cul6zduvr12deXy6PLo83fODN8dnr1w7tyFpfJZSbXtOk0AAACOsH7d4vo/nX96/f9EFIcJ6/+vvh9+E4+Vqf8PtLvo13UmAAAAs+2lk3/9mRxwPOn3w9cr6+vXhtV2Z/9Mte0g1X/tWN3i+j+b7zorAAAAoA3bG8me9f+LURwmXP9//qdXf4mvmYUQjtfr/6dWvxhfbG86U+1//Idw6E34413PEQAAgHY92fciw/G6xev/efn+f7pzZhpCeOuNKq6/BnCi+j/78Nuf47Hi9//PHvI8p126UN2Psl8IobfQdUYAAAA8y+bKNijr/z/yreXPfj3xcd/7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABt+zsAAP//RP895g==") creat(&(0x7f0000000340)='./bus\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa1000a, &(0x7f00000003c0)=ANY=[], 0x21, 0x1507, &(0x7f0000001b00)="$eJzs3Au4TtX2MPAx5pyLTdKb5D7HHIs3bUyXJLkkySVJkiNJbgkhSZKQ3G9JSELuSe4huYXkfr/lniRJkiQkJJnf45zO1zmn8//39f/3fZ7vv8fvedbzzvGud8w15h5773ettZ93f9NhSOW6VSrUZmb4b8G/PXQHgBQA6A8A1wFABAAlspTIcmV/Bo3d/3sHEX+uh6Zf7QrE1ST9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/9M26b8Qadn2GTmvly3tbnL/Py2T9///QY4WHvvFxsI3dvwDKdL/tE36n7ZJ/9M26X/aJv1P26T/aZv0P22T/guRlv3X7x3L3w7+J2xX+/tPCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIUTacCH8ygDA38dXuy4hhBBCCCGEEEL8eUL6q12BEEIIIYQQQggh/u9DUKDBQATpID2kQAbICNdAJrgWMsN1kIDrIQvcAFnhRsgG2SEH5IRckBvygAUCBwwx5IV8kISbID/cDKlQAApCIfBQGIpAUSgGt0BxuBVKwG1QEm6HUlAaykBZuAPKwZ1QHu6CCnA3VIRKUBmqwD1QFe6FanAfVIf7oQY8ADXhQagFf4Ha8BDUgYehLjwC9eBRqA8NoCE0gsb/pfwXoAu8CF2hG3SHHtATekFv6AN9oR/0h5dgALwMA+EVGASDYQi8CkPhNRgGr8NwGAEj4Q0YBaNhDIyFcTAeJsCbMBHegknwNkyGKTAVpsF0mAEz4R2YBbNhDrwLc+E9mAfzYQEshEXwPiyGJbAUPoBl8CEshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHj2AH7IRdsBv2wF7YBx/DfvgEDsCncBA++4P55/8lvyMCAipUaNBgOkyHKZiCGTEjZsJMmBkzYwITmAWzYFbMitkwG+bAHJgLc2EezIOEhIyMeTEvJjGJ+TE/pmIqFsSC6NFjESyCxfAWLI7FsQSWwJJYEkthaSyNZbEslsNyWB7LYwWsgBWxIlbGyngP3oP3YjWshtWxOtbAGlgTa2ItrIW1sTbWwTpYF+tiPayH9bE+NsSG2BgbYxNsgk2xKTbH5tgCW2ArbIWtsTW2wTbYFttiO2yH7bE9dsAO2BE7YSd8AV/AF/FF7IYVVQ/siT2xN/bGvtgP++FLOABfxpfxFRyEg3EIvoqv4ms4DM/hcByBI3EkllOjcQyORVbjcQJOwIk4ESfhJJyMU3AKTsPpOANn4kychbNxNr6Lc/E9fA/n43xciItwES7GJbgUl+IyPI/LcQWuxFW4GtfgalyH63EdbsRNuBG34BbchtvwI/wId+JO3I27cS8aAPwYP8FPcBAexIN4CA/hYTyMR/AIHsWjeAyP4XE8jifwBJ7Ek3gKT+MZPI1n8Syew/N4AS/gRbyIl/C5XF/V2VtgwyBQVxhlVDqVTqWoFJVRZVSZVCaVWWVWCZVQWVQWlVVlVdlUNpVD5VC5VC6VR+VRpEixilVelVclVVLlV/lVqkpVBVVB5ZVXRVQRVUwVU8VVcVVC3aZKqttVKVVaNfNlVVlVTjX35dVdqoKqoCqqSqqyqqKqqKqqqqqmqqnqqrqqoWqomupBVUv1wL74kLrSmbpqMNZTQ7C+aqAaqkbqNXxMNVHDsKlqppqrJ9QIHI6tVBPfWj2l2qgx2FY9o8bis6q9Go8d1POqo+qkOqsXVBfV1HdV3dRk7KF6qmnYW/VRfVU/NQsrqSsdq6xeUYPUYDVEvaoW4mtqmHpdDVcj1Ej1hhqlRqsxaqwap8arCepNNVG9pSapt9VkNUVNVdPUdDVDzVTvqFlqtpqj3lVz1XtqnpqvFqiFapF6Xy1WS9RS9YFapj5Uy9UKtVKtUqvVGrVWrVPr1Qa1UW1Sm9UWtVVtU9vVR2qH2ql2qd1qj9qr9qmP1X71iTqgPlUH1WfqkPpcHVZfqCPqS3VUfaWOqa/VcfWNOqG+VSfVd+qUOq3OqO/VWfWDOqfOqwvqR3VR/aQuqZ/VZRUUaNRKa210pNPp9DpFZ9AZ9TU6k75WZ9bX6YS+XmfRN+is+kadTWfXOXROnUvn1nm01aSdZh3rvDqfTuqbdH59s07VBXRBXUh7XVgX0UV1MX2LLq5v1SX0bbqkvl2X0qV1GV1W36HL6Tt1eX2XrqDv1hV1JV1ZV9H36Kr6Xl1N36er6/t1Df2Arqkf1LX0X3Rt/ZCuox/WdfUjup5+VNfXDXRD3Ug31o/pJvpx3VQ30831E7qFbqlb6Sd1a/2UbqOf1m31M7qdfla318/pDvp53VF30p31z/qyDrqr7qa76x66p+6le+s+uq/up/vrl/QA/bIeqF/Rg/RgPUS/qofq1/Qw/boerkfokfoNPUqP1mP0WD1Oj9cT9Jt6on5LT9Jv68l6ip6qp+npeobu+8tMc/4P8t/6N/kD/3r0bXq7/kjv0Dv1Lr1b79F79T69T+/X+/UBfUAf1Af1IX1IH9aH9RF9RB/VR/UxfUwf18f1CX1Cn9Qn9Sl9Wv+ov9dn9Q/6nD6vz+sf9UV9UV/65WsABo0y2hgTmXQmvUkxGUxGc43JZK41mc11JmGuN1nMDSarudFkM9lNDpPT5DK5TR5jDRln2MQmr8lnkuYm/OWEwhQ0hYw3hU0RU/SP5Jv85maTagr8U/7v1dfYNDZNTBPT1DQ1zU1z08K0MK1MK9PatDZtTBvT1rQ17Uw70960Nx1MB9PRdDSdTWfTxXQxXU1X0910Nz1NL9Pb9DF9TT/T37xkBpgBZqAZaAaZQWaIGWKGmqFmmBlmhpvhZqQZaUaZUWaMGWPGmXFmgplgJpqJZpKZZCabyWaqmWqmm+lmpplpZplZZo6ZY+aauWaemWcWmAVmkVlkFpvFZqlZapaZZWa5WWFWmFVmlVlj1ph1Zp3ZYDaYTWaT2WK2mOVmu9ludpgdZpfZZfaYPWaf2Wf2m/3mgDlgDpqD5pA5ZA6bw+aIOWKOmqPmmDlmjpvj5oQ5YU6ak+aUOWXOmDPmrDlrzplz5oK5YC6ai+aSuWQum8tXTvsiFanIRCZKF6WLUqKUKGOUMcoUZYoyR5mjRJSIskRZoqzRjVG2KHuUI8oZ5YpyR3kiG1HkIo7iKG+UL0pGN0X5o5uj1KhAVDAqFPmocFQkKhoVi26Jike3RiWi26KS0e1Rqah0VCYqG90RlYvujMpHd0UVorujilGlqHJUJbonqhrdG1WL7ouqR/dHNaIHoprRg1Gt6C9R7eihqE70cFQ3eiSqFz0a1Y8aRA2jRlHjP3X+EM5lf9x3td1sd9vD9rS9bG/bx/a1/Wx/+5IdYF+2A+0rdpAdbIfYV+1Q+5odZl+3w+0IO9K+YUfZ0XaMHWvH2fF2gn3TTrRv2Un2bTvZTrFT7TQ73c6wM+07dpadbefYd+1c+56dZ+fbBXahXWTft4vtErvUfmCX2Q/tcrvCrrSr7Gq7xq616+x6u8FutJvsZrvFbrXb7Hb7kd1hd9pddrfdY/faffZju99+Yg/YT+1B+5k9ZD+3h+0X9oj90h61X9lj9mt73H5jT9hv7Un7nT1lT9sz9nt71v5gz9nz9oL90V60P9lL9md72YYrJ/dX3t7JkKF0lI5SKIUyUkbKRJkoM2WmBCUoC2WhrJSVslE2ykE5KBflojyUh65gYspLeSlJScpP+SmVUqkgFSRPnopQESpGxag4FacSVIJKUkkqRaWoDJWhO+gOupPupLvoLrqb7qZKVImqUBWqSlWpGlWj6lSdalANqkk1qRbVotpUm+pQHapLdake1aP6VJ8aUkNqTI2pCTWhptSUmlNzakEtqBW1otbUmtpQG2pLbakdtaP21J46UAfqSB2pM3WmLtSFulJX6k7dqSf1pN7Um/pSX+pP/WkADaCBNJAG0SAaQkNoKA2lYTSMhtMIGklv0CgaTWNoLI2j8TSBJtBEmkiTaBJNpsk0labSdJpOM2kmzaJZNIfm0FyaS/NoHi2gBbSIFtFiWkxLaSkto2W0nJbTSlpJq2k1raW1tJ7W00baSJtpM22lrbSdttMO2kG7aBftoT20j/bRftpPB+gAHaSDdIgOBQSgI3SEjtJROkbH6DgdpxN0gk7SSTpFp+gMnaGzdJbO0Tm6QBfoIv1El+hnukyBUlwGl9Fd4zK5a11md5371ziHy+lyudwuj7Mum8v+TzE551JdAVfw75eYrqhLTbnyWMh5V9gVcUVdKVfalXFl3R2unLvTlf9NXNXd66q5+1x1d7+r4u75p7iGe8DVdI+4Wu5RV9s1cHVcI1fXPeLquUddfdfANXSNXAvX0rVyT7rW7inXxj39m3ixW+LWuw1uo9vk9rtP3AX3ozvuvnEX3U+uq+vm+ruX3AD3shvoXnGD3ODfxCPdG26UG+3GuLFunBv/m3iqm+amuxlupnvHzXKzfxMvcu+7uW6pm+fmuwVu4V/jKzUtdR+4Ze5Dt9ytcCvdKrfarXFr3br/Xesqt8VtddvcPvex2+F2ul1ut9vj9v41vrKOA+5Td9B95o65r91h94U74k64o+6rv8ZX1nfCfetOuu/cKXfanXHfu7PuB3fOnb+y/nBl7d+7n91lFxwwsmLNhiNOx+k5hTNwRr6GM/G1nJmv4wRfz1n4Bs7KN3I2zs45OCfn4tychy0TO2aOOS/n4yTfxPn5Zk7lAlyQC7HnwlyEi3IxvoWL861cgm/jknw7l+LSXIbL8h1cju/k8nwXV+C7uSJX4spche/hqnwvV+P7uDrfzzX4Aa7JD3It/gvX5oe4Dj/MdfkRrsePcn1uwA25ETfmx7gJP85NuRk35ye4BbfkVvwkt+anuA0/zW35GW7Hz3J7fo478PPckTtxZ36Bu/CL3JW7cXfuwT25F/fmPtyX+3F/fokH8Ms8kF/hQTyYh/CrPJRf42H8Og/nETyS3+BRPJrH8Fgex+N5Ar/JE/ktnsRv82SewlN5Gk/nGTyT3+FZPJvn8Ls8l9/jeTyfF/BCXsTv82Jewkv5A17GH/JyXsEreRWv5jW8ltfxet7AG3kTb+YtvJW38Xb+iHfwTt7Fu3kP7+V9/DHv5wy//MB9xof4cz7MX/AR/pKP8ld8jL/m4/wNn+Bv+SR/x6f4NJ/h7/ks/8Dn+Dxf4B/5Iv/El/hnvsyBIcZYxTo2cRSni9PHKXGGOGN8TZwpvjbOHF8XJ+Lr4yzxDXHW+MY4W5w9zhHnjHPFueM8sY0pdjHHcZw3zhcn45vi/PHNcWpcIC4YF4p9XDguEheNi8W3xMXjW+MS8W1xyfj2uFRcOn7k/rLxHXG5+M64fHxXXCG+O64YV4orx1Xie+Kq8b1xtfi+uHp8f1w8fiCuGT8Ywy+fV6kTPxzXjR+J68WPxvXjBnHDuFHcOH4sbhI/HjeNm8XN4yfiFnHLuFX8ZNw6fipuEz/9u/u7xz3innGvuFccwn16QXJhclHy/eTi5JLk0uQHyWXJD5PLkyuSK5OrkquTa5Jrk+uS65MbkhuTm5Kbk1uSW5PbkiFUSQ8evfLaGx/5dD69T/EZfEZ/jc/kr/WZ/XU+4a/3WfwNPqu/0Wfz2X0On9Pn8rl9Hm89eefZxz6vz+eT/iaf39/sU30BX9AX8t4X9kV8I9/YN/ZN/OO+qW/mm/sn/BO+pW/pn/RP+qd8G/+0b+uf8e38s769f84/55/3HX0n39m/4Lv4F31X38139919T9/T9/a9fV/f1/f3/f0AP8AP9AP9ID/ID/FD/FA/1A/zw/xwP9yP9CP9KD/Kj/Fj/Dg/zk/wE/xEP9FP8pN8BABT/VQ/3U/3M/1MP8vP8nP8HD83da6f5+f5BX6BX+QX+cV+sV/ql/plfplf7pf7lX6lX+1X+7V+rV/v1/uNfqPf7Df7rX6r3+63+x1+h9/ld/k9fo/f5/f5/X6/P+AP+IP+oD/kD/nD/rA/4r/0R/1X/pj/2h/33/gT/lt/0n/nT/nT/oz/3p/1P/hz/ry/4H/0F/1P/pL/2V/2wU9IvJmYmHgrMSnxdmJyYkpiamJaYnpiRmJm4p3ErMTsxJzEu4m5ifcS8xLzEwsSCxOLEu8nFieWJJYmPkgsS3yYWJ5YkViZWJVYnVhjIOTeEYe8IV9IhptC/nBzSA0FQsFQKPhQOBQJRUOxcEsoHm4NJcJtoWS4PZQKpUOZ8GioHxqEhqFRaBweC03C46FpaBaahydCi9AytApPhtbhqdAmPB3ahmdCu/BsaB+eCx3C86Fj6BQ6hxdCl/Bi6Bq6he6hR+gZeoXeoU/oG/qF/uGlMCC8HAaGV8KgMDgMCa+GoeG1MCy8HoaHEWFkeCOMCqPDmDA2jAvjw4TwZpgY3gqTwtthcpgSpoZpYXqYEWaGd8KsMDvMCe+GueG9MC/MDwvCwrAovB8WhyVhafggLAsfhuVhRVgZVoXVYU1YG9aF9WFD2Bg2hc1hS9gatoXt4aOwI+wMu8LusCfsDfvCx2F/+CQcCJ+Gg+GzcCh8Hg6HL8KR8GU4Gr4Kx8LX4Xj4JpwI34aT4btwKpwOZ8L34Wz4IZwL58OF8GO4GH4Kl8LP4fIf/MxapT/zFroQQgghxP9Hev3O/h7/5jkDAOqX8U8hhGt35jz6j/s1AGzO9rdxH5WrRQIAnurW4aG/bxUrdu/e/ZfXLtcQ5ZsPAIl/OcAv8QpoDi2hNTSDYv+2vj6q00X+nfmTtwFk/IecFPg1/nX+z/+D+R97YuTikvGFLP/J/PMBUvP9mnPlKvzv8QpofmU10AyK/wfzZ2/yO/Vn+GICQNN/yMkEAE0z/Gv9ReBxeBpa/9MrhRBCCCGEEEKIv+mjyrT7vevnK9fnucyvOenh1/j3rs+FEEIIIYQQQghx9T3bqfOTj7Vu3aydDGQggzQ2aPmfvOZq/2YSQgghhBBC/Nl+Pen/9bkMV7MgIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiDfp/8Z/GrvYahRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiKvtfwUAAP//D5g3fQ==") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$MAP_CREATE(0x2000000000000000, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc000000140001000000000000000000ffffffff000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400"], 0xfc}}, 0x0) 4.742221919s ago: executing program 1 (id=721): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r4, 0x0, 0xc, &(0x7f0000000000)=0xb, 0x4) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x2d, 0x0) (fail_nth: 6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000002c00)={0xb0, 0x0, 0x0, [{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}}, {0x0, 0x0, 0x1, 0x0, '/'}}]}, 0xb0) 4.737138459s ago: executing program 3 (id=722): bpf$MAP_CREATE(0x141e000000000000, &(0x7f00000000c0)=@base={0x6, 0x4, 0x6c03, 0xee, 0x0, 0xffffffffffffffff, 0xa803}, 0x48) 4.650610465s ago: executing program 2 (id=723): openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) ptrace$peeksig(0x4209, r0, &(0x7f0000000040)={0x0, 0x0, 0x6}, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}]) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x10) recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x40012002, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x2004, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000800000000007fff000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES32=r4, @ANYRESHEX=r2, @ANYRES16=0x0, @ANYRESOCT=r1, @ANYRES8=0x0, @ANYRES8=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}}, 0x0) socket$inet6(0xa, 0x0, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00001400000000000000000000000800120000000200000000000000000006000000000000000000000000000000ad1e0001000017000000000000000000ac141400000000000000000000000000050005003616686a0a00001000000000fe8000000000000000000000001800aa000000000000000005000600000000000a"], 0xa0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00'}, 0x10) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x34) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r8) 4.600025169s ago: executing program 3 (id=724): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x11c2, 0x2208, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x8, 0x7fe2, 0x1, 0x0, r1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xb, &(0x7f00000003c0)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x0, 0x8}, 0x48) setgid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x38}, 0x1, 0x300}, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000500000005006874a7"], 0x0, 0x0, 0x0, 0x0}, 0x0) 4.229559387s ago: executing program 4 (id=725): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff85000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000790000ff000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x804810, &(0x7f0000000d40), 0x9, 0x61c, &(0x7f0000000700)="$eJzs3U1rXFUfAPD/nbwnz/MkDQ9qXWhAtAVt0qStFBG0CK5KqS8LwY1jk5ba6QtNRFMrTaFuBHHjQnDlwrrwO2hBcOUXcOHGlVSKSDdK0ZE7uTNOk7nJTMzMtJnfD8Y5556bOeea/HvOnDnnTgA9ayr9TyFid0RcSCIm68r6IyucWj3v9m+XT6SPJMrlV35N4vKVZKX+tZLseSwi0oI/xyP5LiIm+9bXu7h86UyxVFq4mOVnls5emFlcvrTv9NniqYVTC+fmnp47fOjgocOz++t+6uSLrV7frrr00WtvvTP+4bHXv/jsTjL75Y/Hkni+VpZeV6uvvZmpmIpypv54+v/18HZX1iV9tb+TfyRrD6z1QhsbREuqv7+BiHgwxqOv7rc5Hh+81NXGAW1VTqLWRwG9JhH/0KOq44Dqe/vm3gcPtnlUAnTCrSMRT9TifyAiqvHfvzo3GMOVuYHR28ld8zxJROzfhvrTOr7/9ti19BFtmocDGlu5OpTN26/t/5NKbE7EcCU3ertwV/wXsmnciWz+8OWNqxnPK5hak8/qH9rq9QDNW7kaEQ81Gv9vHv9vZM/p8Te3WH9O/AMAAAAAAABbcONIRDzV6PO/Qm39z2CD9T9jEXW757Zu88//Cje3oRqggVtHIp5tuP63UD1loi/L/beyHmAgOXm6tLA/Iv4XEXtjYCjNz9a/6Fd1Px0R+z6a/DSv/vr1f+kjrb+6FjBrx83+NauB5otLxW24dOh5t65GPNyfv/4n7f+TBv1/Gt8Xmqxj8vHrx/PKNo9/oF3Kn0fsadj/J7Vzko3vzzFTGQ/MVEcF6z3y3sdf59Uv/qF70v5/dOP4H0rq79ez2NrrD0bEgeX+cl75Vsf/g8mrfVG3E/Hd4tLSxdmIweTo+uNzrbUZ7ifDzZ/6fkRU4qEaL2n8731s4/m/2vi/Lg5Hsnt8NeOBv8Z+yivT/0P3pPE/v3H/P3F3/996Yu76xDd59R9vqv8/WOnT92ZHzP/BxpoN0G63EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuR4WI+E8khelaulCYno4Yi4j/x2ihdH5x6cmT598+N5+WVb7/v1D9pt/x1XxS/f7/ibr83Jr8gYjYFRGf9I1U8tMnzpfmu33xAAAAAAAAAAAAAAAAAAAAcI8YW31at/8/9XNfV5sGdEJ/9izeoff0d7sBQNeIf+hd4h96V378/36nXNHR5gAd1Gz/X77S5oYAHbfF8b+PC2AH8P4fetVAc6cNt7sdQDfo/wEAAAAAYEfZ9eiNH5KIWHlmpPJIDWZltQ8GR7rVOqCdCnkFQ51tB9B51vBC77L0B3pXk4t/gR0sqaX+aLjZP3/1f9KeBgEAAAAAAAAAAAAA6+zZ3cT+f2BHyt3/D+x4G+z/b7Sxx+0CYAex/x96l9t8AdXBft43/dv/DwAAAAAAAAAAAAD3gOFLZ4ql0sLFxeWmE1daOfnfJ36JvKLnOtmM7UqsFO+JZtwPiYGIWFNUHl/9sz1TLL0WnW1PNWI6UddgB+vKSXTp3yMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCdvwMAAP//emUoLA==") close(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000640)={0x1}, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="1800000000faff000000004800000000850000e0683b21000e000000efdc52a10de0988a41d20501c3494d97acff03000052abfbd8f2c3e381", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000000000085000000860000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000e40), 0x0, 0x0) 4.140799673s ago: executing program 2 (id=726): write$vga_arbiter(0xffffffffffffffff, 0x0, 0xd) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000000000320, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000f2ff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000202070250000000000202d437b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='mm_page_alloc\x00', r4}, 0x10) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0) pipe2(0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1403000027fe9029120001000020000000000000"], 0x14}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b708000006000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.736133913s ago: executing program 1 (id=727): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f00000001c0)={0x0, 0x0, 0x1, 0x2}, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r2}, 0x10) r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x1, 0x0) ioctl$MON_IOCT_RING_SIZE(r3, 0x9204, 0xdd218) 3.735776853s ago: executing program 1 (id=728): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r9, r8, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r9}, &(0x7f0000000000), &(0x7f0000000080)=r5}, 0x20) recvmsg(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x8e80}], 0x1}, 0x0) sendmsg$inet(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 3.663745659s ago: executing program 4 (id=729): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x60, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xe, 0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x60}}, 0x0) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000200)={&(0x7f0000000340)={0x1d, r1, 0x3f420f00}, 0x10, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r0, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x4}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x4, 0x1, 0x0, r6, 0x0, '\x00', r1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10) r9 = socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800040000000000050017"], 0x44}}, 0x0) 3.032366525s ago: executing program 0 (id=730): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[], [{@appraise}], 0x2c}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="be"], 0x1) r2 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x107000, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r2, &(0x7f0000000200)={0x80000002}) socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmmsg$sock(r3, &(0x7f00000044c0)=[{{0x0, 0x0, &(0x7f0000000600)}}], 0x4e8, 0x0) (fail_nth: 11) 3.020703166s ago: executing program 4 (id=731): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") r0 = syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000280)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5f0, &(0x7f0000000640)="$eJzs3c9vVNUeAPDvnWlLf/BeC3l57+FCmhgDidDSAoYYF7A1pMEfcePGSgsiBRpao0UTSoIbE+PGGBNXLsT/QolsWenKhRtXhoSoYWnimDu9t3TaO6WddjrI/XySoffeM7fne5l+e86cnnMngNIaTv+pROyLiNkkYjBZXC7riqxweOl5D/748Gz6SKJWe/W3JJLsWP78JPs6kJ3cGxE/fJ/E3uraeucWrl2cnJmZvprtj85fmh2dW7h2+MKlyfPT56cvjz8/fuL4seMnxo60dF3XC46dvvnOe4MfT7zx9Zd/JmPf/DyRxMl4KXviyuvYLsMxXP8/SdYWDZzY7so6pJr9nKx8iZOuDgbEpuSvX3dE/C8GoxoPX7zB+OjljgYHtFUtiagBJZXIfyipvB+Qv7df/T64UtBnONS/I10ToM3un1oaAFib/11LY4PRWx8b6H+QxMphnSQiWhuZa7Q7Iu7embh57s7EzWgchysYNQS20+KNiPh/Uf4n9fwfit4Yqud/pSH/037BmexrevyVFutfPVTcjnF4oNhS/veum//RJP/fXJH/b7VY//DDzbf7GvK/r9VLAgAAAAAAgNK6fSoiDhX9/b+yPP8nCub/DETEyW2of3jV/tq//1fubUM1QIH7pyJeLJz/W8ln/w5Vs61/1ecDdCfnLsxMH4mIf0fEwejele6PrVPH4U/2ftGsbDib/5c/0vrvZnMBszjude1qPGdqcn5yq9cNRNy/EfFU4fzfZLn9Twra//T3wewG69j77K0zzcoenf9Au9S+ijhQ2P4/vGtFsv79OUbr/YHRvFew1tMffPpts/pbzX+3mICtS9v//vXzfyhZeb+euc3XcXShq9asrNX+f0/yWn19UE927P3J+fmrYxE9yelqerTh+PjmY4YnUZ4Peb6k+X/wmfXH/4r6/30Rsbjqeye/N64pzv33r4FfmsWj/w+dk+b/1Kba/81vjN8a+q5Z/Rtr/4/V2/qD2RHjf7Dk8zxNexqPF6RjV1HRTscLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+CSkTsjqQysrxdqYyMRAxExH+ivzJzZW7+uXNX3r08lZbVP/+/kn/S7+DSfpJ//v/Qiv3xVftHI2JPRHxW7avvj5y9MjPV6YsHAAAAAAAAAAAAAAAAAACAx8RAk/X/qV+rnY4OaLuuTgcAdExB/v/YiTiAnaf9h/KS/1Be8h/KS/5Decl/KC/5D+W10fzvbXMcwM7T/gMAAAAAwBNlz/7bPyURsfhCX/2R6snKujsaGdBulU4HAHSMW/xAeZn6A+XlPT6QPKK8cOp/spEz1zN7dgsnAwAAAAAAAAAAAEDpHNhn/T+UlfX/UF7W/0N55ev/93c4DmDneY8PxCNW8jf/6L+trP8HAAAAAAAAAAAAADZjbuHaxcmZmemrNl5/PMLYyY1arXY9/Sl4XOL5h2/kU+G3+n2q0ZYI87V+Gzurc7+TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARn8HAAD//9zcJCQ=") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioperm(0x0, 0x2, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fcntl$dupfd(r3, 0x406, r0) setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000001800)={0x2, {{0xa, 0x4e21, 0x2b, @mcast1, 0x443}}, 0x1, 0x2, [{{0xa, 0x4e22, 0x5, @local, 0x7407}}, {{0xa, 0x4e22, 0xcc9, @mcast2, 0x6}}]}, 0x190) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70200001400894fb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x2d) r10 = syz_open_procfs(0xffffffffffffffff, 0x0) r11 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r11, r10, 0x0, 0x80000000) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 2.888966616s ago: executing program 1 (id=732): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x24044040) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r6, &(0x7f0000000500)="04", 0x1, 0x20000004, 0x0, 0x0) r7 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r7, &(0x7f0000000480)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) r8 = dup2(r7, r7) sendmmsg$inet6(r8, &(0x7f0000003f00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="3840000000000007e4ce8b2e44e6fb44858386d2a320b7531a3aff6b5b01702b8de4ab9c33af8b87", 0x28}], 0x1}}], 0x1, 0x0) syz_open_procfs(0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fcntl$setstatus(r4, 0x4, 0x800) socketpair$unix(0x1, 0x0, 0x0, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r9, 0x0, 0x2e, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @empty}}}, 0x108) 2.052088338s ago: executing program 0 (id=733): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000840)=""/262, 0x37, 0x106, 0x1}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8), 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6}, 0x0, &(0x7f00000002c0)}, 0x20) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x40006}) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r7) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x7, 0x4, 0x80, 0x7, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@getnexthop={0x20, 0x76, 0x401, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x1, 0x8000}]}, 0x20}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 2.037717249s ago: executing program 4 (id=734): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000900)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000feff17110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r10, r9, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r10}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20) recvmsg(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x8e80}], 0x1}, 0x0) sendmsg$inet(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 2.018185111s ago: executing program 1 (id=735): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f0000000040)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x100002, 0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@setlink={0x20, 0x13, 0x501}, 0x20}}, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x7a11, 0x0, 0x0) 1.120813157s ago: executing program 0 (id=736): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000b8e9850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0) (fail_nth: 6) 1.006351266s ago: executing program 4 (id=737): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b00000000000000001804", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000180)='./bus\x00', 0x910cc3, 0x0, 0x8, 0x0, &(0x7f0000000040)) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) mount$incfs(0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007", @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$fuse(0x0, &(0x7f0000000440)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0xd8, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000540)='./bus\x00', 0x100000, &(0x7f0000000440)=ANY=[], 0x4, 0x0, 0x0) openat$incfs(0xffffffffffffff9c, 0x0, 0x1a10c1, 0x0) rmdir(&(0x7f0000001100)='./file1\x00') 953.71103ms ago: executing program 1 (id=738): r0 = geteuid() lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$f2fs(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000540)={[{@alloc_mode_reuse}, {@checkpoint_diasble}, {@alloc_mode_def}, {@fastboot}, {@inline_data}, {@nogc_merge}, {@extent_cache}, {@nodiscard}, {@heap}, {@inline_data}, {@io_bits={'io_bits', 0x3d, 0x7b}}, {@compress_chksum}, {@user_xattr}, {@noextent_cache}, {@block_mode}], [{@uid_gt={'uid>', r1}}, {@euid_gt={'euid>', r0}}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0) r5 = dup(r3) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f00003d2000/0x3000)=nil, 0x3000, 0x1000001, 0x13, r3, 0xdb8a7000) 87.019194ms ago: executing program 4 (id=739): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x30000, 0x0, 0x41, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x3014490, &(0x7f0000000400)={[{@nombcache}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@mblk_io_submit}, {@mblk_io_submit}, {@i_version}, {@barrier_val}, {@grpjquota}, {}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2006}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="104146d2ca200d346849ff53dc41856e50f4eceb7c2c57e3a1d56f28ed524660350adf0a243b7b8d93d9edacc821a3ba3654654e76587ab7fad709aad9eeee8630c60391f89bf8c2657373e8915698ebc9148a6a695302f4010f63e4d54c7d9f4a532468c78a5c5bbc35fa6cd540659559f4211911735504382ad2bd1d3d357e59da98bb548d", @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) syz_open_procfs(0x0, &(0x7f0000000380)='net/protocols\x00') r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r6 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) 45.315437ms ago: executing program 2 (id=740): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000900)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, r5, 0x26}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000002c40)=""/4096, 0x8e80}], 0x1}, 0x0) 0s ago: executing program 0 (id=741): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0x552d, &(0x7f000000d000)="$eJzs3M1rI2UYAPAn7Xa7X65FPHjbgUVoYRM23Q/0VnUXP7BLWfXgSdMkDdlNMqVJ09qTB4/iwf9EFDx59G/w4NmbeFC8CUpmJrpdFVybtN3294PJM/PmnWeeN5TCMxMSwKm1kPz6cykux/mImI2ISxHZfqnYMit5eCEirkTEzCNbqRj/c+BsRFyIiMtxbnx6qXjr82vDq7d+euuXb76bP3Pxi6+/P5IFA8fCixHR3cz3d7p5TFt5fFCM14btLHZvDouYv9F9WBynedxprmcZdmrjebUs3mjl89PN7f4obnRq9VFstTey8c1efsH+sDXOk53woLaVHTea61ls99Mstvbyunb38v+Xe/1BnqdR5PsoSx+DwTjm483dZr6ezYdZrPcGxXieN200d0dxWMTiclFPO42sjvWDfNLH29vt3vZuMmxu9dtpL7lVqb5Uqd4uV7fSRnPQvFmudRu3byaLrc5oWnnQrHVXWmna6jQr9bS7lCy26vVytZos3mmut2u9pFqt3KhcL99aKvauJa/fey/pNJLFUXy13dsetDv9ZCPdSvIzlpLlyo2Xl5Kr1eSd1bVk7f7du6tr735w5/17r6y++Vox6W9lJYvL15eXy9Xr5eXq0ila/ydF0RNcPxxI6cmmz0+rDoCnyBT7/4iFPKf+H3jc9Pr/rfsR0+//Q/8/EU9V/3va+/8prB8O5An7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATo4f5r58I9tZyI8vFuPPFEPPFceliJiJiN//wWyc3Zdztsgz9y/z5x6r4dtSZBlG15gvtgsRsVJsvz077U8BAAAATq6vPr7yWd6t5y8LR10Qhym/aTNz6cMJ5StFxNzCjxPKNjN6eX5CybK/7zOxO6Fs2Q2scxNKlt9yOzOpbP/J7L5w7pFQysPMoZYDAAAciv2dwOF2IQAAABymT4+6AI5GKcaPMsfPgrNv3v/1QPD8viMAAADgKM3/v9NKk64DAAAAOHay/t/v/wEAAMDJlv/+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAHO3eUozQQxwH435YKikZifDTxKPoGx/AIPvpoOICX4Ah4BS/AGfDNIxjY0OmSZcNudtNp2d18X9IO0ww/Zgg8zEwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1evH75+dfXXN2+27yjAYAAAA4Z1uvF82LWapP2+fv2kcf2noREWVEnJu7V/HqJLOKiE8RUd/Rvr7Vhz8RTcLhM8bt9SYivrbX//d9fwsAAADwcm2Wq3marafb7NIdYkhp0aZ8+y1TXhER9exfprTykPcxU1jz+x7Fj0xpzQLWJFNYWnIb5Up7kObvfly1m9woilSU978/29gBAIABVSfFsLMQAAAAhvT9cPty6V7QXfW45kVcb2UetwLHqWi3916f1AAAAIBnqLh0BwAAAIDeNfP/vs7/mzr/DwAAAJ6EdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdrW68VmuZp3zdntu8kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAK/bnHQVCIAzCYO/6zmTuf1hp0NTUpAqEj78xGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42J/fDIhhKIqjd2Yy/75V9r/YuqS6hCrnEH7yJDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu5H/EY50zXo0tyUjybLx7PZN8Omp8O2r8+mCuD8e8cCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY2bmf1ziqOADgb2Z2tmlVXKPkEBELHvRi021t7U08KMGDf4IQ0m2N3fqjzcGWIuTiTXLuRfQoIijx1v+h5xZ6qbcecqjguTK/kpc04KpkZtP9fODN+84wmfd9sxDynTdZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYY/v93TgrNoMqTutj9x7fWi36+/v6wp3NB4tFK+KkzaSPhtfinWQh2plrPxkAAABmQ9bU9yGEh/nWctGng7L+z5tzipr/hxequKnn99f9Td/U/kX7/bdHr+wMNKjGKS56aW08Ov10Kr3Dm+V0e/Efz+iVd7589pKVH0j60cbL23l5P5Pv7t79oF+Gx9rIFgD4L041fR00fw8V/bDLxACYGb2o8G7q/2zQbU4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdjeCM81cRJCWOztxoX7j2+tHtTf2Xyw2LTzt29vxtcsLpGHEC6tjUenw1yLs5lu12/cvLIyHo+utR+8HkLoavT36ulf+WSCk0M4pDROdnTnZyxI6w97WvI5GkGHv5QAAHgm5XUr6vqH+dZycSyZD+HJj3vr/zejOExY/z/69Py9eKy4/h+2NsPpt7R+9cul6zduvr12deXy6PLo83fODN8dnr1w7tyFpfJZSbXtOk0AAACOsH7d4vo/nX96/f9EFIcJ6/+vvh9+E4+Vqf8PtLvo13UmAAAAs+2lk3/9mRxwPOn3w9cr6+vXhtV2Z/9Mte0g1X/tWN3i+j+b7zorAAAAoA3bG8me9f+LURwmXP9//qdXf4mvmYUQjtfr/6dWvxhfbG86U+1//Idw6E34413PEQAAgHY92fciw/G6xev/efn+f7pzZhpCeOuNKq6/BnCi+j/78Nuf47Hi9//PHvI8p126UN2Psl8IobfQdUYAAAA8y+bKNijr/z/yreXPfj3xcd/7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABt+zsAAP//RP895g==") creat(&(0x7f0000000340)='./bus\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa1000a, &(0x7f00000003c0)=ANY=[], 0x21, 0x1507, &(0x7f0000001b00)="$eJzs3Au4TtX2MPAx5pyLTdKb5D7HHIs3bUyXJLkkySVJkiNJbgkhSZKQ3G9JSELuSe4huYXkfr/lniRJkiQkJJnf45zO1zmn8//39f/3fZ7vv8fvedbzzvGud8w15h5773ettZ93f9NhSOW6VSrUZmb4b8G/PXQHgBQA6A8A1wFABAAlspTIcmV/Bo3d/3sHEX+uh6Zf7QrE1ST9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/9M26b8Qadn2GTmvly3tbnL/Py2T9///QY4WHvvFxsI3dvwDKdL/tE36n7ZJ/9M26X/aJv1P26T/aZv0P22T/guRlv3X7x3L3w7+J2xX+/tPCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIUTacCH8ygDA38dXuy4hhBBCCCGEEEL8eUL6q12BEEIIIYQQQggh/u9DUKDBQATpID2kQAbICNdAJrgWMsN1kIDrIQvcAFnhRsgG2SEH5IRckBvygAUCBwwx5IV8kISbID/cDKlQAApCIfBQGIpAUSgGt0BxuBVKwG1QEm6HUlAaykBZuAPKwZ1QHu6CCnA3VIRKUBmqwD1QFe6FanAfVIf7oQY8ADXhQagFf4Ha8BDUgYehLjwC9eBRqA8NoCE0gsb/pfwXoAu8CF2hG3SHHtATekFv6AN9oR/0h5dgALwMA+EVGASDYQi8CkPhNRgGr8NwGAEj4Q0YBaNhDIyFcTAeJsCbMBHegknwNkyGKTAVpsF0mAEz4R2YBbNhDrwLc+E9mAfzYQEshEXwPiyGJbAUPoBl8CEshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHj2AH7IRdsBv2wF7YBx/DfvgEDsCncBA++4P55/8lvyMCAipUaNBgOkyHKZiCGTEjZsJMmBkzYwITmAWzYFbMitkwG+bAHJgLc2EezIOEhIyMeTEvJjGJ+TE/pmIqFsSC6NFjESyCxfAWLI7FsQSWwJJYEkthaSyNZbEslsNyWB7LYwWsgBWxIlbGyngP3oP3YjWshtWxOtbAGlgTa2ItrIW1sTbWwTpYF+tiPayH9bE+NsSG2BgbYxNsgk2xKTbH5tgCW2ArbIWtsTW2wTbYFttiO2yH7bE9dsAO2BE7YSd8AV/AF/FF7IYVVQ/siT2xN/bGvtgP++FLOABfxpfxFRyEg3EIvoqv4ms4DM/hcByBI3EkllOjcQyORVbjcQJOwIk4ESfhJJyMU3AKTsPpOANn4kychbNxNr6Lc/E9fA/n43xciItwES7GJbgUl+IyPI/LcQWuxFW4GtfgalyH63EdbsRNuBG34BbchtvwI/wId+JO3I27cS8aAPwYP8FPcBAexIN4CA/hYTyMR/AIHsWjeAyP4XE8jifwBJ7Ek3gKT+MZPI1n8Syew/N4AS/gRbyIl/C5XF/V2VtgwyBQVxhlVDqVTqWoFJVRZVSZVCaVWWVWCZVQWVQWlVVlVdlUNpVD5VC5VC6VR+VRpEixilVelVclVVLlV/lVqkpVBVVB5ZVXRVQRVUwVU8VVcVVC3aZKqttVKVVaNfNlVVlVTjX35dVdqoKqoCqqSqqyqqKqqKqqqqqmqqnqqrqqoWqomupBVUv1wL74kLrSmbpqMNZTQ7C+aqAaqkbqNXxMNVHDsKlqppqrJ9QIHI6tVBPfWj2l2qgx2FY9o8bis6q9Go8d1POqo+qkOqsXVBfV1HdV3dRk7KF6qmnYW/VRfVU/NQsrqSsdq6xeUYPUYDVEvaoW4mtqmHpdDVcj1Ej1hhqlRqsxaqwap8arCepNNVG9pSapt9VkNUVNVdPUdDVDzVTvqFlqtpqj3lVz1XtqnpqvFqiFapF6Xy1WS9RS9YFapj5Uy9UKtVKtUqvVGrVWrVPr1Qa1UW1Sm9UWtVVtU9vVR2qH2ql2qd1qj9qr9qmP1X71iTqgPlUH1WfqkPpcHVZfqCPqS3VUfaWOqa/VcfWNOqG+VSfVd+qUOq3OqO/VWfWDOqfOqwvqR3VR/aQuqZ/VZRUUaNRKa210pNPp9DpFZ9AZ9TU6k75WZ9bX6YS+XmfRN+is+kadTWfXOXROnUvn1nm01aSdZh3rvDqfTuqbdH59s07VBXRBXUh7XVgX0UV1MX2LLq5v1SX0bbqkvl2X0qV1GV1W36HL6Tt1eX2XrqDv1hV1JV1ZV9H36Kr6Xl1N36er6/t1Df2Arqkf1LX0X3Rt/ZCuox/WdfUjup5+VNfXDXRD3Ug31o/pJvpx3VQ30831E7qFbqlb6Sd1a/2UbqOf1m31M7qdfla318/pDvp53VF30p31z/qyDrqr7qa76x66p+6le+s+uq/up/vrl/QA/bIeqF/Rg/RgPUS/qofq1/Qw/boerkfokfoNPUqP1mP0WD1Oj9cT9Jt6on5LT9Jv68l6ip6qp+npeobu+8tMc/4P8t/6N/kD/3r0bXq7/kjv0Dv1Lr1b79F79T69T+/X+/UBfUAf1Af1IX1IH9aH9RF9RB/VR/UxfUwf18f1CX1Cn9Qn9Sl9Wv+ov9dn9Q/6nD6vz+sf9UV9UV/65WsABo0y2hgTmXQmvUkxGUxGc43JZK41mc11JmGuN1nMDSarudFkM9lNDpPT5DK5TR5jDRln2MQmr8lnkuYm/OWEwhQ0hYw3hU0RU/SP5Jv85maTagr8U/7v1dfYNDZNTBPT1DQ1zU1z08K0MK1MK9PatDZtTBvT1rQ17Uw70960Nx1MB9PRdDSdTWfTxXQxXU1X0910Nz1NL9Pb9DF9TT/T37xkBpgBZqAZaAaZQWaIGWKGmqFmmBlmhpvhZqQZaUaZUWaMGWPGmXFmgplgJpqJZpKZZCabyWaqmWqmm+lmpplpZplZZo6ZY+aauWaemWcWmAVmkVlkFpvFZqlZapaZZWa5WWFWmFVmlVlj1ph1Zp3ZYDaYTWaT2WK2mOVmu9ludpgdZpfZZfaYPWaf2Wf2m/3mgDlgDpqD5pA5ZA6bw+aIOWKOmqPmmDlmjpvj5oQ5YU6ak+aUOWXOmDPmrDlrzplz5oK5YC6ai+aSuWQum8tXTvsiFanIRCZKF6WLUqKUKGOUMcoUZYoyR5mjRJSIskRZoqzRjVG2KHuUI8oZ5YpyR3kiG1HkIo7iKG+UL0pGN0X5o5uj1KhAVDAqFPmocFQkKhoVi26Jike3RiWi26KS0e1Rqah0VCYqG90RlYvujMpHd0UVorujilGlqHJUJbonqhrdG1WL7ouqR/dHNaIHoprRg1Gt6C9R7eihqE70cFQ3eiSqFz0a1Y8aRA2jRlHjP3X+EM5lf9x3td1sd9vD9rS9bG/bx/a1/Wx/+5IdYF+2A+0rdpAdbIfYV+1Q+5odZl+3w+0IO9K+YUfZ0XaMHWvH2fF2gn3TTrRv2Un2bTvZTrFT7TQ73c6wM+07dpadbefYd+1c+56dZ+fbBXahXWTft4vtErvUfmCX2Q/tcrvCrrSr7Gq7xq616+x6u8FutJvsZrvFbrXb7Hb7kd1hd9pddrfdY/faffZju99+Yg/YT+1B+5k9ZD+3h+0X9oj90h61X9lj9mt73H5jT9hv7Un7nT1lT9sz9nt71v5gz9nz9oL90V60P9lL9md72YYrJ/dX3t7JkKF0lI5SKIUyUkbKRJkoM2WmBCUoC2WhrJSVslE2ykE5KBflojyUh65gYspLeSlJScpP+SmVUqkgFSRPnopQESpGxag4FacSVIJKUkkqRaWoDJWhO+gOupPupLvoLrqb7qZKVImqUBWqSlWpGlWj6lSdalANqkk1qRbVotpUm+pQHapLdake1aP6VJ8aUkNqTI2pCTWhptSUmlNzakEtqBW1otbUmtpQG2pLbakdtaP21J46UAfqSB2pM3WmLtSFulJX6k7dqSf1pN7Um/pSX+pP/WkADaCBNJAG0SAaQkNoKA2lYTSMhtMIGklv0CgaTWNoLI2j8TSBJtBEmkiTaBJNpsk0labSdJpOM2kmzaJZNIfm0FyaS/NoHi2gBbSIFtFiWkxLaSkto2W0nJbTSlpJq2k1raW1tJ7W00baSJtpM22lrbSdttMO2kG7aBftoT20j/bRftpPB+gAHaSDdIgOBQSgI3SEjtJROkbH6DgdpxN0gk7SSTpFp+gMnaGzdJbO0Tm6QBfoIv1El+hnukyBUlwGl9Fd4zK5a11md5371ziHy+lyudwuj7Mum8v+TzE551JdAVfw75eYrqhLTbnyWMh5V9gVcUVdKVfalXFl3R2unLvTlf9NXNXd66q5+1x1d7+r4u75p7iGe8DVdI+4Wu5RV9s1cHVcI1fXPeLquUddfdfANXSNXAvX0rVyT7rW7inXxj39m3ixW+LWuw1uo9vk9rtP3AX3ozvuvnEX3U+uq+vm+ruX3AD3shvoXnGD3ODfxCPdG26UG+3GuLFunBv/m3iqm+amuxlupnvHzXKzfxMvcu+7uW6pm+fmuwVu4V/jKzUtdR+4Ze5Dt9ytcCvdKrfarXFr3br/Xesqt8VtddvcPvex2+F2ul1ut9vj9v41vrKOA+5Td9B95o65r91h94U74k64o+6rv8ZX1nfCfetOuu/cKXfanXHfu7PuB3fOnb+y/nBl7d+7n91lFxwwsmLNhiNOx+k5hTNwRr6GM/G1nJmv4wRfz1n4Bs7KN3I2zs45OCfn4tychy0TO2aOOS/n4yTfxPn5Zk7lAlyQC7HnwlyEi3IxvoWL861cgm/jknw7l+LSXIbL8h1cju/k8nwXV+C7uSJX4spche/hqnwvV+P7uDrfzzX4Aa7JD3It/gvX5oe4Dj/MdfkRrsePcn1uwA25ETfmx7gJP85NuRk35ye4BbfkVvwkt+anuA0/zW35GW7Hz3J7fo478PPckTtxZ36Bu/CL3JW7cXfuwT25F/fmPtyX+3F/fokH8Ms8kF/hQTyYh/CrPJRf42H8Og/nETyS3+BRPJrH8Fgex+N5Ar/JE/ktnsRv82SewlN5Gk/nGTyT3+FZPJvn8Ls8l9/jeTyfF/BCXsTv82Jewkv5A17GH/JyXsEreRWv5jW8ltfxet7AG3kTb+YtvJW38Xb+iHfwTt7Fu3kP7+V9/DHv5wy//MB9xof4cz7MX/AR/pKP8ld8jL/m4/wNn+Bv+SR/x6f4NJ/h7/ks/8Dn+Dxf4B/5Iv/El/hnvsyBIcZYxTo2cRSni9PHKXGGOGN8TZwpvjbOHF8XJ+Lr4yzxDXHW+MY4W5w9zhHnjHPFueM8sY0pdjHHcZw3zhcn45vi/PHNcWpcIC4YF4p9XDguEheNi8W3xMXjW+MS8W1xyfj2uFRcOn7k/rLxHXG5+M64fHxXXCG+O64YV4orx1Xie+Kq8b1xtfi+uHp8f1w8fiCuGT8Ywy+fV6kTPxzXjR+J68WPxvXjBnHDuFHcOH4sbhI/HjeNm8XN4yfiFnHLuFX8ZNw6fipuEz/9u/u7xz3innGvuFccwn16QXJhclHy/eTi5JLk0uQHyWXJD5PLkyuSK5OrkquTa5Jrk+uS65MbkhuTm5Kbk1uSW5PbkiFUSQ8evfLaGx/5dD69T/EZfEZ/jc/kr/WZ/XU+4a/3WfwNPqu/0Wfz2X0On9Pn8rl9Hm89eefZxz6vz+eT/iaf39/sU30BX9AX8t4X9kV8I9/YN/ZN/OO+qW/mm/sn/BO+pW/pn/RP+qd8G/+0b+uf8e38s769f84/55/3HX0n39m/4Lv4F31X38139919T9/T9/a9fV/f1/f3/f0AP8AP9AP9ID/ID/FD/FA/1A/zw/xwP9yP9CP9KD/Kj/Fj/Dg/zk/wE/xEP9FP8pN8BABT/VQ/3U/3M/1MP8vP8nP8HD83da6f5+f5BX6BX+QX+cV+sV/ql/plfplf7pf7lX6lX+1X+7V+rV/v1/uNfqPf7Df7rX6r3+63+x1+h9/ld/k9fo/f5/f5/X6/P+AP+IP+oD/kD/nD/rA/4r/0R/1X/pj/2h/33/gT/lt/0n/nT/nT/oz/3p/1P/hz/ry/4H/0F/1P/pL/2V/2wU9IvJmYmHgrMSnxdmJyYkpiamJaYnpiRmJm4p3ErMTsxJzEu4m5ifcS8xLzEwsSCxOLEu8nFieWJJYmPkgsS3yYWJ5YkViZWJVYnVhjIOTeEYe8IV9IhptC/nBzSA0FQsFQKPhQOBQJRUOxcEsoHm4NJcJtoWS4PZQKpUOZ8GioHxqEhqFRaBweC03C46FpaBaahydCi9AytApPhtbhqdAmPB3ahmdCu/BsaB+eCx3C86Fj6BQ6hxdCl/Bi6Bq6he6hR+gZeoXeoU/oG/qF/uGlMCC8HAaGV8KgMDgMCa+GoeG1MCy8HoaHEWFkeCOMCqPDmDA2jAvjw4TwZpgY3gqTwtthcpgSpoZpYXqYEWaGd8KsMDvMCe+GueG9MC/MDwvCwrAovB8WhyVhafggLAsfhuVhRVgZVoXVYU1YG9aF9WFD2Bg2hc1hS9gatoXt4aOwI+wMu8LusCfsDfvCx2F/+CQcCJ+Gg+GzcCh8Hg6HL8KR8GU4Gr4Kx8LX4Xj4JpwI34aT4btwKpwOZ8L34Wz4IZwL58OF8GO4GH4Kl8LP4fIf/MxapT/zFroQQgghxP9Hev3O/h7/5jkDAOqX8U8hhGt35jz6j/s1AGzO9rdxH5WrRQIAnurW4aG/bxUrdu/e/ZfXLtcQ5ZsPAIl/OcAv8QpoDi2hNTSDYv+2vj6q00X+nfmTtwFk/IecFPg1/nX+z/+D+R97YuTikvGFLP/J/PMBUvP9mnPlKvzv8QpofmU10AyK/wfzZ2/yO/Vn+GICQNN/yMkEAE0z/Gv9ReBxeBpa/9MrhRBCCCGEEEKIv+mjyrT7vevnK9fnucyvOenh1/j3rs+FEEIIIYQQQghx9T3bqfOTj7Vu3aydDGQggzQ2aPmfvOZq/2YSQgghhBBC/Nl+Pen/9bkMV7MgIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiDfp/8Z/GrvYahRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiKvtfwUAAP//D5g3fQ==") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$MAP_CREATE(0x2000000000000000, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc000000140001000000000000000000ffffffff000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400"], 0xfc}}, 0x0) kernel console output (not intermixed with test programs): or" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdae3b79eb9 code=0x7fc00000 [ 148.223702][ T2391] syz.3.473: attempt to access beyond end of device [ 148.223702][ T2391] loop3: rw=524288, sector=1049272, nr_sectors = 16 limit=16 [ 148.325027][ T2391] syz.3.473: attempt to access beyond end of device [ 148.325027][ T2391] loop3: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 148.346629][ T2391] syz.3.473: attempt to access beyond end of device [ 148.346629][ T2391] loop3: rw=524288, sector=384, nr_sectors = 16 limit=16 [ 148.362438][ T2391] syz.3.473: attempt to access beyond end of device [ 148.362438][ T2391] loop3: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 148.376038][ T2391] syz.3.473: attempt to access beyond end of device [ 148.376038][ T2391] loop3: rw=524288, sector=728, nr_sectors = 16 limit=16 [ 148.377102][ T297] EXT4-fs (loop4): unmounting filesystem. [ 148.390118][ T2391] syz.3.473: attempt to access beyond end of device [ 148.390118][ T2391] loop3: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 148.408894][ T2391] syz.3.473: attempt to access beyond end of device [ 148.408894][ T2391] loop3: rw=524288, sector=525152, nr_sectors = 16 limit=16 [ 148.425432][ T2391] syz.3.473: attempt to access beyond end of device [ 148.425432][ T2391] loop3: rw=524288, sector=13478624032, nr_sectors = 16 limit=16 [ 148.439652][ T2391] syz.3.473: attempt to access beyond end of device [ 148.439652][ T2391] loop3: rw=524288, sector=13478624040, nr_sectors = 16 limit=16 [ 150.254093][ T2421] netlink: 'syz.1.480': attribute type 4 has an invalid length. [ 150.261634][ T2421] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.480'. [ 150.299080][ T318] snd-usb-audio: probe of 2-1:0.2 failed with error -12 [ 150.306448][ T298] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 150.319164][ T318] usb 2-1: USB disconnect, device number 21 [ 150.330460][ T2425] loop1: detected capacity change from 0 to 512 [ 150.343825][ T2425] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 150.354446][ T2425] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 150.362272][ T2425] System zones: 1-12 [ 150.367199][ T2425] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2810: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 150.380278][ T2425] EXT4-fs (loop1): 1 truncate cleaned up [ 150.385746][ T2425] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 151.120569][ T2425] xt_TCPMSS: Only works on TCP SYN packets [ 151.137047][ T2435] loop0: detected capacity change from 0 to 512 [ 151.143253][ T2435] EXT4-fs: Ignoring removed mblk_io_submit option [ 151.149794][ T2435] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 151.160922][ T2435] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.484: corrupted in-inode xattr [ 151.172965][ T2435] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.484: couldn't read orphan inode 15 (err -117) [ 151.184956][ T2435] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 151.636458][ T298] usb 3-1: unable to read config index 0 descriptor/all [ 151.644320][ T298] usb 3-1: can't read configurations, error -71 [ 151.692285][ T2338] EXT4-fs (loop1): unmounting filesystem. [ 153.078760][ T1894] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 153.091903][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 153.103522][ T2475] netlink: 'syz.0.493': attribute type 4 has an invalid length. [ 153.111130][ T2475] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.493'. [ 153.336414][ T1894] usb 2-1: Using ep0 maxpacket: 16 [ 153.496557][ T1894] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 153.504791][ T1894] usb 2-1: config 0 has no interface number 0 [ 153.510921][ T1894] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 153.520819][ T1894] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 153.942952][ T2491] loop3: detected capacity change from 0 to 512 [ 153.949281][ T2491] EXT4-fs: Ignoring removed mblk_io_submit option [ 153.955834][ T2491] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 153.968018][ T2491] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz.3.497: corrupted in-inode xattr [ 153.980238][ T2491] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.497: couldn't read orphan inode 15 (err -117) [ 153.992094][ T2491] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 154.026481][ T1894] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 154.035542][ T1894] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 154.043394][ T1894] usb 2-1: Product: syz [ 154.047438][ T1894] usb 2-1: SerialNumber: syz [ 154.052188][ T1894] usb 2-1: config 0 descriptor?? [ 154.266232][ T2498] loop4: detected capacity change from 0 to 512 [ 154.272542][ T2498] EXT4-fs: Ignoring removed mblk_io_submit option [ 154.279173][ T2498] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 154.286453][ T386] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 154.290228][ T2498] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.499: corrupted in-inode xattr [ 154.308239][ T2498] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.499: couldn't read orphan inode 15 (err -117) [ 154.319989][ T2498] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 154.507001][ T2106] EXT4-fs (loop3): unmounting filesystem. [ 154.526434][ T386] usb 1-1: Using ep0 maxpacket: 16 [ 154.828095][ T386] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 154.836149][ T386] usb 1-1: config 0 has no interface number 0 [ 154.843081][ T297] EXT4-fs (loop4): unmounting filesystem. [ 154.862484][ T386] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 154.872008][ T386] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 154.943793][ T2511] loop4: detected capacity change from 0 to 1024 [ 154.951059][ T2511] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 154.959748][ T2511] EXT4-fs (loop4): orphan cleanup on readonly fs [ 154.966127][ T2511] Quota error (device loop4): v2_read_file_info: Can't read info structure [ 154.974656][ T2511] EXT4-fs warning (device loop4): ext4_enable_quotas:6999: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 154.980539][ T2507] loop2: detected capacity change from 0 to 40427 [ 154.995157][ T2511] EXT4-fs (loop4): Cannot turn on quotas: error -5 [ 155.001553][ T386] usb 1-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 155.002063][ T2511] EXT4-fs (loop4): 1 truncate cleaned up [ 155.011291][ T386] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 155.015990][ T2511] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 155.023854][ T386] usb 1-1: Product: syz [ 155.036493][ T386] usb 1-1: SerialNumber: syz [ 155.037017][ T2507] F2FS-fs (loop2): Found nat_bits in checkpoint [ 155.041511][ T386] usb 1-1: config 0 descriptor?? [ 155.066811][ T2507] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 155.189316][ T2520] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 155.197704][ T2520] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 16: comm syz.4.502: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 155.328376][ T386] snd-usb-audio: probe of 1-1:0.2 failed with error -12 [ 155.336896][ T386] usb 1-1: USB disconnect, device number 20 [ 155.430326][ T28] audit: type=1400 audit(1725229991.868:780): avc: denied { ioctl } for pid=2523 comm="syz.3.503" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=27368 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 155.776519][ T297] EXT4-fs (loop4): unmounting filesystem. [ 155.794254][ T2528] loop4: detected capacity change from 0 to 512 [ 155.800554][ T2528] EXT4-fs: Ignoring removed mblk_io_submit option [ 155.814108][ T2528] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 155.863845][ T2533] netlink: 'syz.2.505': attribute type 4 has an invalid length. [ 155.872067][ T1894] snd-usb-audio: probe of 2-1:0.2 failed with error -12 [ 155.872106][ T2533] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.505'. [ 155.879503][ T1894] usb 2-1: USB disconnect, device number 22 [ 155.906567][ T2528] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.504: corrupted in-inode xattr [ 155.918719][ T2528] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.504: couldn't read orphan inode 15 (err -117) [ 155.930692][ T2528] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 155.967611][ T2541] loop2: detected capacity change from 0 to 1024 [ 155.984169][ T2541] ext4: Bad value for 'resgid' [ 156.684536][ T2553] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 156.773432][ T2558] loop0: detected capacity change from 0 to 512 [ 156.780525][ T2558] EXT4-fs (loop0): can't mount with both data=journal and delalloc [ 156.789257][ T297] EXT4-fs (loop4): unmounting filesystem. [ 156.804986][ T28] audit: type=1400 audit(1725229993.238:781): avc: denied { ioctl } for pid=2562 comm="syz.2.514" path="/dev/input/event0" dev="devtmpfs" ino=168 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 156.830380][ T28] audit: type=1400 audit(1725229993.238:782): avc: denied { setopt } for pid=2562 comm="syz.2.514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 156.833725][ T2560] loop4: detected capacity change from 0 to 512 [ 156.857685][ T2560] EXT4-fs: Ignoring removed mblk_io_submit option [ 156.864238][ T2560] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 156.893570][ T2560] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.513: corrupted in-inode xattr [ 156.905672][ T2560] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.513: couldn't read orphan inode 15 (err -117) [ 156.917701][ T2560] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 157.042238][ T2573] loop0: detected capacity change from 0 to 256 [ 157.106145][ T2573] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 157.247632][ T2576] netlink: 'syz.3.518': attribute type 4 has an invalid length. [ 157.255191][ T2576] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.518'. [ 157.535681][ T297] EXT4-fs (loop4): unmounting filesystem. [ 157.634111][ T2589] loop0: detected capacity change from 0 to 512 [ 157.640376][ T2589] EXT4-fs: Ignoring removed mblk_io_submit option [ 157.647002][ T2589] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 157.658571][ T2589] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.523: corrupted in-inode xattr [ 157.671166][ T2589] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.523: couldn't read orphan inode 15 (err -117) [ 157.683532][ T2589] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 157.826437][ T386] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 158.017485][ T2598] loop2: detected capacity change from 0 to 512 [ 158.036286][ T2598] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 158.045323][ T2598] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038 (0x7fffffff) [ 158.110169][ T386] usb 2-1: Using ep0 maxpacket: 16 [ 158.195945][ T2603] loop3: detected capacity change from 0 to 512 [ 158.207891][ T2603] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 158.216876][ T2603] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038 (0x7fffffff) [ 158.266488][ T386] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 158.275520][ T2603] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 18: comm syz.3.526: lblock 23 mapped to illegal pblock 18 (length 1) [ 158.301302][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 158.341994][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 158.342730][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 158.368888][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 158.389454][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 158.410171][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 158.431343][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 158.451531][ T2603] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 18: comm syz.3.526: lblock 23 mapped to illegal pblock 18 (length 1) [ 158.465735][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 19: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 158.466613][ T386] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 158.486044][ T2603] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 20: comm syz.3.526: path /27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 158.494516][ T386] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.522180][ T386] usb 2-1: Product: syz [ 158.526339][ T386] usb 2-1: Manufacturer: syz [ 158.530899][ T386] usb 2-1: SerialNumber: syz [ 158.546802][ T386] usb 2-1: config 0 descriptor?? [ 158.587060][ T386] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 158.594613][ T386] usb 2-1: Detected FT232R [ 158.656433][ T60] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 158.696446][ T298] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 158.877333][ T1195] EXT4-fs (loop2): unmounting filesystem. [ 159.027139][ T2106] EXT4-fs (loop3): unmounting filesystem. [ 159.036485][ T386] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 159.036499][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.054039][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.063604][ T386] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 159.063905][ T298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.070478][ T60] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 159.083835][ T2616] netlink: 'syz.3.530': attribute type 4 has an invalid length. [ 159.089994][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.097357][ T386] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 159.105659][ T60] usb 1-1: config 0 descriptor?? [ 159.112970][ T298] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.113006][ T298] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 159.117772][ T2616] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.530'. [ 159.129509][ T386] usb 2-1: USB disconnect, device number 23 [ 159.150901][ T298] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.159291][ T298] usb 5-1: config 0 descriptor?? [ 159.164975][ T386] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 159.174140][ T315] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 159.181925][ T386] ftdi_sio 2-1:0.0: device disconnected [ 159.560060][ T2621] loop1: detected capacity change from 0 to 1024 [ 159.566482][ T315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.567183][ T2621] JBD2: no valid journal superblock found [ 159.577226][ T315] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.582847][ T2621] EXT4-fs (loop1): error loading journal [ 159.592357][ T315] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 159.592380][ T315] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.614991][ T315] usb 3-1: config 0 descriptor?? [ 159.627111][ T60] lg-g15 0003:046D:C222.0029: unknown main item tag 0x0 [ 159.633908][ T60] lg-g15 0003:046D:C222.0029: item fetching failed at offset 10/11 [ 159.637264][ T298] sony 0003:054C:0268.002A: unknown main item tag 0x0 [ 159.641881][ T60] lg-g15: probe of 0003:046D:C222.0029 failed with error -22 [ 159.648416][ T298] sony 0003:054C:0268.002A: unknown main item tag 0x0 [ 159.664037][ T298] sony 0003:054C:0268.002A: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0 [ 159.676002][ T298] sony 0003:054C:0268.002A: failed to claim input [ 159.819244][ T2623] loop1: detected capacity change from 0 to 256 [ 159.828538][ T2623] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d) [ 159.842064][ T2623] exFAT-fs (loop1): error, invalid access to FAT bad cluster (entry 0x00000005) [ 159.851158][ T2623] exFAT-fs (loop1): failed to initialize root inode [ 159.899907][ T298] usb 1-1: USB disconnect, device number 21 [ 159.914309][ T386] usb 5-1: USB disconnect, device number 15 [ 160.097030][ T315] sony 0003:054C:0268.002B: unknown main item tag 0x0 [ 160.103652][ T315] sony 0003:054C:0268.002B: unknown main item tag 0x0 [ 160.111117][ T315] sony 0003:054C:0268.002B: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0 [ 160.122783][ T315] sony 0003:054C:0268.002B: failed to claim input [ 160.286455][ T318] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 160.300386][ T315] usb 3-1: USB disconnect, device number 22 [ 160.413073][ T2630] loop1: detected capacity change from 0 to 1024 [ 160.420265][ T2630] JBD2: no valid journal superblock found [ 160.426136][ T2630] EXT4-fs (loop1): error loading journal [ 160.443177][ T2635] loop4: detected capacity change from 0 to 512 [ 160.449954][ T2635] EXT4-fs: Ignoring removed mblk_io_submit option [ 160.456753][ T2635] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 160.469160][ T2635] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.537: corrupted in-inode xattr [ 160.481302][ T2635] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.537: couldn't read orphan inode 15 (err -117) [ 160.496181][ T2635] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 160.646497][ T318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.662227][ T318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.674336][ T318] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 160.683312][ T318] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.683445][ T2630] loop1: detected capacity change from 0 to 256 [ 160.696787][ T318] usb 4-1: config 0 descriptor?? [ 160.708441][ T2630] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d) [ 160.720768][ T2630] exFAT-fs (loop1): error, invalid access to FAT bad cluster (entry 0x00000005) [ 160.729675][ T2630] exFAT-fs (loop1): failed to initialize root inode [ 161.115694][ T297] EXT4-fs (loop4): unmounting filesystem. [ 161.128406][ T2648] loop4: detected capacity change from 0 to 512 [ 161.137996][ T2648] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 161.146988][ T2648] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038 (0x7fffffff) [ 161.177419][ T318] sony 0003:054C:0268.002C: unknown main item tag 0x0 [ 161.184042][ T318] sony 0003:054C:0268.002C: unknown main item tag 0x0 [ 161.192064][ T318] sony 0003:054C:0268.002C: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0 [ 161.203869][ T318] sony 0003:054C:0268.002C: failed to claim input [ 161.336441][ T2657] netlink: 'syz.0.541': attribute type 4 has an invalid length. [ 161.344307][ T2657] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.541'. [ 161.528585][ T386] usb 4-1: USB disconnect, device number 15 [ 162.451515][ T297] EXT4-fs (loop4): unmounting filesystem. [ 162.584839][ T2683] FAULT_INJECTION: forcing a failure. [ 162.584839][ T2683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.598281][ T2683] CPU: 1 PID: 2683 Comm: syz.0.547 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 162.607735][ T2683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 162.617717][ T2683] Call Trace: [ 162.620840][ T2683] [ 162.623617][ T2683] dump_stack_lvl+0x151/0x1b7 [ 162.628136][ T2683] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 162.633443][ T2683] dump_stack+0x15/0x1c [ 162.637417][ T2683] should_fail_ex+0x3d0/0x520 [ 162.638301][ T2685] loop2: detected capacity change from 0 to 512 [ 162.641928][ T2683] should_fail+0xb/0x10 [ 162.641953][ T2683] should_fail_usercopy+0x1a/0x20 [ 162.641973][ T2683] _copy_to_user+0x1e/0x90 [ 162.648115][ T28] audit: type=1400 audit(1725229999.068:783): avc: denied { getopt } for pid=2681 comm="syz.2.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 162.651991][ T2683] bpf_test_finish+0x2f3/0x950 [ 162.652017][ T2683] ? convert_skb_to___skb+0x4f0/0x4f0 [ 162.657731][ T2686] fuse: Bad value for 'fd' [ 162.661106][ T2683] ? __kasan_check_write+0x14/0x20 [ 162.661129][ T2683] ? _copy_from_user+0x90/0xc0 [ 162.682997][ T2686] tmpfs: Bad value for 'nr_blocks' [ 162.684739][ T2683] ? bpf_test_init+0x169/0x190 [ 162.692679][ T2686] loop4: detected capacity change from 0 to 256 [ 162.694175][ T2683] bpf_prog_test_run_xdp+0x8ce/0x1130 [ 162.699280][ T2686] exfat: Unknown parameter '184467440737095516150x0000000000000000' [ 162.703732][ T2683] ? dev_put+0x80/0x80 [ 162.717348][ T2676] loop3: detected capacity change from 0 to 40427 [ 162.719781][ T2683] ? __kasan_check_write+0x14/0x20 [ 162.719803][ T2683] ? fput+0x15b/0x1b0 [ 162.725794][ T2676] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 162.732810][ T2683] ? dev_put+0x80/0x80 [ 162.732837][ T2683] bpf_prog_test_run+0x3b0/0x630 [ 162.732858][ T2683] ? bpf_prog_query+0x260/0x260 [ 162.732875][ T2683] ? selinux_bpf+0xd2/0x100 [ 162.777064][ T2683] ? security_bpf+0x82/0xb0 [ 162.781400][ T2683] __sys_bpf+0x59f/0x7f0 [ 162.785479][ T2683] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 162.790688][ T2683] ? __ia32_sys_read+0x90/0x90 [ 162.795290][ T2683] ? debug_smp_processor_id+0x17/0x20 [ 162.800494][ T2683] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 162.806402][ T2683] __x64_sys_bpf+0x7c/0x90 [ 162.810674][ T2683] x64_sys_call+0x87f/0x9a0 [ 162.814988][ T2683] do_syscall_64+0x3b/0xb0 [ 162.819249][ T2683] ? clear_bhb_loop+0x55/0xb0 [ 162.823763][ T2683] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 162.829498][ T2683] RIP: 0033:0x7ff9aff79eb9 [ 162.833736][ T2683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.853177][ T2683] RSP: 002b:00007ff9b0cab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 162.861423][ T2683] RAX: ffffffffffffffda RBX: 00007ff9b0115f80 RCX: 00007ff9aff79eb9 [ 162.869233][ T2683] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 162.877048][ T2683] RBP: 00007ff9b0cab090 R08: 0000000000000000 R09: 0000000000000000 [ 162.884855][ T2683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 162.892670][ T2683] R13: 0000000000000000 R14: 00007ff9b0115f80 R15: 00007ffd32d25088 [ 162.900497][ T2683] [ 162.903834][ T2676] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 162.912943][ T2676] F2FS-fs (loop3): invalid crc value [ 162.919829][ T2676] F2FS-fs (loop3): Found nat_bits in checkpoint [ 162.924283][ T2685] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 162.936527][ T2685] ext4 filesystem being mounted at /63/bus supports timestamps until 2038 (0x7fffffff) [ 162.937717][ T2693] loop0: detected capacity change from 0 to 512 [ 162.966713][ T2693] EXT4-fs: Ignoring removed mblk_io_submit option [ 162.977176][ T2693] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 162.988907][ T2693] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.549: corrupted in-inode xattr [ 163.000982][ T2676] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 163.007915][ T2676] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 163.009553][ T2693] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.549: couldn't read orphan inode 15 (err -117) [ 163.030015][ T2693] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 163.440658][ T435] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 163.456759][ T435] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 163.801111][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 163.835405][ T1195] EXT4-fs (loop2): unmounting filesystem. [ 165.537741][ T2723] loop2: detected capacity change from 0 to 512 [ 165.547291][ T2723] EXT4-fs: Ignoring removed mblk_io_submit option [ 165.553958][ T2723] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 165.565508][ T2723] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.556: corrupted in-inode xattr [ 165.577980][ T2723] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.556: couldn't read orphan inode 15 (err -117) [ 165.592069][ T2723] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 165.746751][ T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 166.037078][ T2736] loop1: detected capacity change from 0 to 16 [ 166.047078][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 166.052667][ T2736] erofs: (device loop1): mounted with root inode @ nid 36. [ 166.216558][ T24] usb 5-1: config 0 has no interfaces? [ 166.232866][ T1195] EXT4-fs (loop2): unmounting filesystem. [ 167.622154][ T2752] netlink: 'syz.1.561': attribute type 4 has an invalid length. [ 167.629748][ T2752] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.561'. [ 167.664915][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 167.670222][ T2757] loop0: detected capacity change from 0 to 16 [ 167.675179][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.687730][ T24] usb 5-1: Product: syz [ 167.691716][ T24] usb 5-1: Manufacturer: syz [ 167.696746][ T2757] erofs: (device loop0): mounted with root inode @ nid 36. [ 167.722780][ T24] usb 5-1: SerialNumber: syz [ 167.838394][ T24] usb 5-1: config 0 descriptor?? [ 167.864622][ T2754] loop1: detected capacity change from 0 to 40427 [ 167.871315][ T2754] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 167.878858][ T2754] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 168.130638][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 205 @ nid 36 [ 168.139690][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 197 @ nid 36 [ 168.148589][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 192 @ nid 36 [ 168.157593][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 180 @ nid 36 [ 168.166663][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 172 @ nid 36 [ 168.175564][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 168 @ nid 36 [ 168.184644][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 160 @ nid 36 [ 168.193721][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 149 @ nid 36 [ 168.203087][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 144 @ nid 36 [ 168.212183][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 140 @ nid 36 [ 168.221387][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 92 @ nid 36 [ 168.230370][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 168.239319][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 69 @ nid 36 [ 168.248353][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 64 @ nid 36 [ 168.257253][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 60 @ nid 36 [ 168.266363][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 168.275299][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 36 @ nid 36 [ 168.284380][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 32 @ nid 36 [ 168.293291][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 168.302678][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 19 @ nid 36 [ 168.311538][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 18 @ nid 36 [ 168.320378][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 17 @ nid 36 [ 168.329272][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 168.338213][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 12 @ nid 36 [ 168.347053][ T2761] erofs: (device loop0): z_erofs_readahead: readahead error at page 8 @ nid 36 [ 168.355862][ T2761] bio_check_eod: 49 callbacks suppressed [ 168.355874][ T2761] syz.0.564: attempt to access beyond end of device [ 168.355874][ T2761] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 168.374912][ T2761] syz.0.564: attempt to access beyond end of device [ 168.374912][ T2761] loop0: rw=524288, sector=1049272, nr_sectors = 16 limit=16 [ 168.388787][ T2761] syz.0.564: attempt to access beyond end of device [ 168.388787][ T2761] loop0: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 168.402236][ T2761] syz.0.564: attempt to access beyond end of device [ 168.402236][ T2761] loop0: rw=524288, sector=384, nr_sectors = 16 limit=16 [ 168.415815][ T2761] syz.0.564: attempt to access beyond end of device [ 168.415815][ T2761] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 168.429152][ T2761] syz.0.564: attempt to access beyond end of device [ 168.429152][ T2761] loop0: rw=524288, sector=728, nr_sectors = 16 limit=16 [ 168.442572][ T2761] syz.0.564: attempt to access beyond end of device [ 168.442572][ T2761] loop0: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 168.456229][ T2761] syz.0.564: attempt to access beyond end of device [ 168.456229][ T2761] loop0: rw=524288, sector=525152, nr_sectors = 16 limit=16 [ 168.469736][ T2761] syz.0.564: attempt to access beyond end of device [ 168.469736][ T2761] loop0: rw=524288, sector=13478624032, nr_sectors = 16 limit=16 [ 168.483750][ T2761] syz.0.564: attempt to access beyond end of device [ 168.483750][ T2761] loop0: rw=524288, sector=13478624040, nr_sectors = 16 limit=16 [ 168.598305][ T2754] F2FS-fs (loop1): invalid crc value [ 168.605321][ T24] usb 5-1: USB disconnect, device number 16 [ 168.609785][ T2673] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 168.653094][ T2754] F2FS-fs (loop1): Found nat_bits in checkpoint [ 168.707363][ T2754] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 168.714361][ T2754] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 168.764533][ T2774] loop4: detected capacity change from 0 to 128 [ 168.771312][ T2774] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 169.085445][ T2782] netlink: 172 bytes leftover after parsing attributes in process `syz.1.562'. [ 169.237440][ T28] audit: type=1400 audit(1725230005.608:784): avc: denied { getopt } for pid=2784 comm="syz.4.569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 169.330898][ T2787] loop1: detected capacity change from 0 to 512 [ 169.337184][ T2787] EXT4-fs: Ignoring removed mblk_io_submit option [ 169.343673][ T2787] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 169.354761][ T2787] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz.1.570: corrupted in-inode xattr [ 169.366697][ T2787] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.570: couldn't read orphan inode 15 (err -117) [ 169.378478][ T2787] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 169.426506][ T2673] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.437346][ T2673] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.446882][ T2673] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 169.459493][ T2673] usb 4-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 169.466420][ T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 169.468340][ T2673] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.483967][ T2673] usb 4-1: config 0 descriptor?? [ 169.509883][ T2791] loop2: detected capacity change from 0 to 512 [ 169.516486][ T2791] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 169.527813][ T2791] EXT4-fs (loop2): 1 truncate cleaned up [ 169.533257][ T2791] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 169.543435][ T28] audit: type=1400 audit(1725230005.978:785): avc: denied { unlink } for pid=2790 comm="syz.2.571" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 169.586790][ T2796] netlink: 'syz.0.573': attribute type 4 has an invalid length. [ 169.594348][ T2796] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.573'. [ 169.726424][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 169.906732][ T24] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 169.914982][ T24] usb 5-1: config 179 has no interface number 0 [ 169.924717][ T24] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 169.935723][ T24] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 169.936567][ T2338] EXT4-fs (loop1): unmounting filesystem. [ 169.947077][ T24] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 169.963557][ T24] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 169.973334][ T24] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 169.986544][ T24] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 169.996713][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.096480][ T2785] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 170.117377][ T24] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input6 [ 170.354593][ T2810] netlink: 24 bytes leftover after parsing attributes in process `syz.3.563'. [ 170.396761][ T28] audit: type=1400 audit(1725230006.798:786): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1058 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 170.562969][ T2673] betop 0003:11C2:2208.002D: item fetching failed at offset 4/5 [ 170.584845][ T2673] betop 0003:11C2:2208.002D: parse failed [ 170.590683][ T2673] betop: probe of 0003:11C2:2208.002D failed with error -22 [ 170.595276][ T28] audit: type=1400 audit(1725230006.808:787): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1058 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 170.622002][ T1195] EXT4-fs (loop2): unmounting filesystem. [ 170.927462][ T24] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 170.958704][ T386] usb 5-1: USB disconnect, device number 17 [ 170.976477][ T386] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 171.206414][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 171.356533][ T24] usb 3-1: config 0 has no interfaces? [ 171.537163][ T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 171.546065][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.553974][ T24] usb 3-1: Product: syz [ 171.558018][ T24] usb 3-1: Manufacturer: syz [ 171.562398][ T24] usb 3-1: SerialNumber: syz [ 171.567902][ T24] usb 3-1: config 0 descriptor?? [ 171.628136][ T644] usb 4-1: USB disconnect, device number 16 [ 171.642408][ T2829] loop3: detected capacity change from 0 to 512 [ 171.765061][ T2829] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 171.774068][ T2829] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038 (0x7fffffff) [ 172.334902][ T2831] loop0: detected capacity change from 0 to 40427 [ 172.341532][ T2831] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 172.349051][ T2831] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 172.357745][ T2831] F2FS-fs (loop0): invalid crc value [ 172.364489][ T2831] F2FS-fs (loop0): Found nat_bits in checkpoint [ 172.390417][ T2831] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 172.397412][ T2831] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 172.762524][ T2851] netlink: 172 bytes leftover after parsing attributes in process `syz.0.580'. [ 172.915286][ T2106] EXT4-fs (loop3): unmounting filesystem. [ 172.934105][ T2854] loop4: detected capacity change from 0 to 512 [ 172.940815][ T2854] EXT4-fs: Ignoring removed mblk_io_submit option [ 172.967178][ T2854] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 172.992313][ T2854] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz.4.585: corrupted in-inode xattr [ 173.007554][ T2854] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.585: couldn't read orphan inode 15 (err -117) [ 173.019679][ T2854] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 173.031452][ T2860] netlink: 'syz.0.584': attribute type 4 has an invalid length. [ 173.038982][ T2860] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.584'. [ 173.737115][ T1042] usb 3-1: USB disconnect, device number 23 [ 174.077420][ T297] EXT4-fs (loop4): unmounting filesystem. [ 174.216444][ T386] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 174.293070][ T2879] loop0: detected capacity change from 0 to 40427 [ 174.299974][ T2879] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 174.307656][ T2879] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 174.316460][ T2879] F2FS-fs (loop0): invalid crc value [ 174.322918][ T2879] F2FS-fs (loop0): Found nat_bits in checkpoint [ 174.360480][ T2879] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 174.367410][ T2879] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 174.431703][ T28] audit: type=1326 audit(1725230010.868:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.454948][ T28] audit: type=1326 audit(1725230010.868:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.478091][ T28] audit: type=1326 audit(1725230010.868:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.496432][ T386] usb 4-1: device descriptor read/64, error -71 [ 174.507333][ T28] audit: type=1400 audit(1725230010.868:791): avc: denied { ioctl } for pid=2878 comm="syz.0.590" path="/90/bus/cgroup.controllers" dev="loop0" ino=10 ioctlcmd=0x5404 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 174.532311][ T28] audit: type=1326 audit(1725230010.868:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.546994][ T8] bio_check_eod: 51 callbacks suppressed [ 174.547012][ T8] kworker/u4:0: attempt to access beyond end of device [ 174.547012][ T8] loop0: rw=1, sector=45096, nr_sectors = 128 limit=40427 [ 174.555642][ T28] audit: type=1326 audit(1725230010.868:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.630739][ T28] audit: type=1326 audit(1725230010.868:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.654230][ T28] audit: type=1326 audit(1725230010.868:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 174.677336][ T28] audit: type=1326 audit(1725230010.868:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.0.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9aff79eb9 code=0x7ffc0000 [ 175.145990][ T386] usb 4-1: device descriptor read/64, error -71 [ 176.860279][ T2922] loop3: detected capacity change from 0 to 512 [ 176.941093][ T2924] loop1: detected capacity change from 0 to 512 [ 176.948658][ T2924] EXT4-fs: Ignoring removed mblk_io_submit option [ 176.956151][ T2924] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 176.981364][ T1042] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 177.003945][ T2922] EXT4-fs (loop3): 1 truncate cleaned up [ 177.011096][ T2922] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 177.019922][ T2924] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz.1.600: corrupted in-inode xattr [ 177.031846][ T2924] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.600: couldn't read orphan inode 15 (err -117) [ 177.043653][ T2924] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 177.044239][ T2106] EXT4-fs (loop3): unmounting filesystem. [ 177.066472][ T60] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 177.326476][ T60] usb 3-1: Using ep0 maxpacket: 8 [ 177.356530][ T1042] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.367386][ T1042] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.376944][ T1042] usb 1-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 177.385784][ T1042] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.394029][ T1042] usb 1-1: config 0 descriptor?? [ 177.446788][ T60] usb 3-1: config 0 has no interfaces? [ 177.570807][ T2338] EXT4-fs (loop1): unmounting filesystem. [ 177.656913][ T60] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 177.726410][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.734322][ T60] usb 3-1: Product: syz [ 177.738417][ T60] usb 3-1: Manufacturer: syz [ 177.742729][ T60] usb 3-1: SerialNumber: syz [ 177.745796][ T28] audit: type=1326 audit(1725230014.178:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2944 comm="syz.4.604" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcae3579eb9 code=0x0 [ 177.747716][ T60] usb 3-1: config 0 descriptor?? [ 177.877004][ T1042] sony 0003:054C:0268.002E: unknown main item tag 0x0 [ 177.883668][ T1042] sony 0003:054C:0268.002E: unknown main item tag 0x0 [ 177.890967][ T1042] sony 0003:054C:0268.002E: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.0-1/input0 [ 177.902655][ T1042] sony 0003:054C:0268.002E: failed to claim input [ 177.916426][ T24] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 178.080443][ T1042] usb 1-1: USB disconnect, device number 22 [ 178.346484][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.357462][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.366957][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 178.375818][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.384229][ T24] usb 2-1: config 0 descriptor?? [ 178.628120][ T2957] FAULT_INJECTION: forcing a failure. [ 178.628120][ T2957] name failslab, interval 1, probability 0, space 0, times 0 [ 178.640643][ T2957] CPU: 1 PID: 2957 Comm: syz.4.607 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 178.650102][ T2957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 178.660088][ T2957] Call Trace: [ 178.663207][ T2957] [ 178.665983][ T2957] dump_stack_lvl+0x151/0x1b7 [ 178.670499][ T2957] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 178.675811][ T2957] ? release_sock+0x163/0x1b0 [ 178.680420][ T2957] dump_stack+0x15/0x1c [ 178.684418][ T2957] should_fail_ex+0x3d0/0x520 [ 178.688924][ T2957] ? __alloc_skb+0xcc/0x2d0 [ 178.693258][ T2957] __should_failslab+0xaf/0xf0 [ 178.697859][ T2957] should_failslab+0x9/0x20 [ 178.702200][ T2957] kmem_cache_alloc_node+0x3e/0x2d0 [ 178.707244][ T2957] __alloc_skb+0xcc/0x2d0 [ 178.711399][ T2957] netlink_sendmsg+0x7a6/0xd30 [ 178.716001][ T2957] ? netlink_getsockopt+0x540/0x540 [ 178.721035][ T2957] ? security_socket_sendmsg+0x82/0xb0 [ 178.726764][ T2957] ? netlink_getsockopt+0x540/0x540 [ 178.731795][ T2957] ____sys_sendmsg+0x5d3/0x9a0 [ 178.736399][ T2957] ? __sys_sendmsg_sock+0x40/0x40 [ 178.741257][ T2957] __sys_sendmsg+0x2a9/0x390 [ 178.745681][ T2957] ? ____sys_sendmsg+0x9a0/0x9a0 [ 178.750541][ T2957] ? __kasan_check_write+0x14/0x20 [ 178.755488][ T2957] ? mutex_unlock+0xb2/0x260 [ 178.759921][ T2957] ? __kasan_check_write+0x14/0x20 [ 178.764863][ T2957] ? __ia32_sys_read+0x90/0x90 [ 178.769463][ T2957] ? debug_smp_processor_id+0x17/0x20 [ 178.774668][ T2957] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 178.780571][ T2957] __x64_sys_sendmsg+0x7f/0x90 [ 178.785176][ T2957] x64_sys_call+0x16a/0x9a0 [ 178.789512][ T2957] do_syscall_64+0x3b/0xb0 [ 178.793763][ T2957] ? clear_bhb_loop+0x55/0xb0 [ 178.798279][ T2957] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 178.804005][ T2957] RIP: 0033:0x7fcae3579eb9 [ 178.808258][ T2957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.827710][ T2957] RSP: 002b:00007fcae43db038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.835951][ T2957] RAX: ffffffffffffffda RBX: 00007fcae3715f80 RCX: 00007fcae3579eb9 [ 178.843756][ T2957] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 178.851576][ T2957] RBP: 00007fcae43db090 R08: 0000000000000000 R09: 0000000000000000 [ 178.859377][ T2957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.867198][ T2957] R13: 0000000000000000 R14: 00007fcae3715f80 R15: 00007ffe71da50c8 [ 178.875005][ T2957] [ 178.922504][ T2961] xt_TCPMSS: Only works on TCP SYN packets [ 179.127677][ T24] lg-g15 0003:046D:C222.002F: unknown main item tag 0x0 [ 179.134636][ T24] lg-g15 0003:046D:C222.002F: item fetching failed at offset 10/11 [ 179.143301][ T24] lg-g15: probe of 0003:046D:C222.002F failed with error -22 [ 179.206437][ T386] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 179.327678][ T24] usb 2-1: USB disconnect, device number 24 [ 179.500901][ T28] audit: type=1400 audit(1725230015.938:798): avc: denied { sys_module } for pid=2967 comm="syz.0.610" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 179.529496][ T2968] loop0: detected capacity change from 0 to 2048 [ 179.535834][ T28] audit: type=1400 audit(1725230015.968:799): avc: denied { mounton } for pid=2967 comm="syz.0.610" path="/95/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 179.536688][ T2968] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 179.636485][ T386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.647240][ T386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.656818][ T386] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 179.665703][ T386] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.674302][ T386] usb 5-1: config 0 descriptor?? [ 179.774926][ T2973] loop0: detected capacity change from 0 to 1024 [ 179.781942][ T2973] JBD2: no valid journal superblock found [ 179.787965][ T2973] EXT4-fs (loop0): error loading journal [ 179.809303][ T60] usb 3-1: USB disconnect, device number 24 [ 179.933838][ T2963] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 180.593579][ T2963] device pim6reg1 entered promiscuous mode [ 181.424024][ T2997] loop2: detected capacity change from 0 to 512 [ 181.555390][ T2997] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.616: iget: bad extended attribute block 1 [ 181.568891][ T2997] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.616: couldn't read orphan inode 15 (err -117) [ 181.638604][ T2997] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 182.446489][ T60] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 182.636246][ T386] usbhid 5-1:0.0: can't add hid device: -71 [ 182.642367][ T386] usbhid: probe of 5-1:0.0 failed with error -71 [ 182.648996][ T386] usb 5-1: USB disconnect, device number 18 [ 182.706464][ T318] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 182.866465][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.877214][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.886713][ T60] usb 1-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 182.895575][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.903795][ T60] usb 1-1: config 0 descriptor?? [ 183.006462][ T386] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 183.116501][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.127467][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.137104][ T318] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 183.156022][ T318] usb 2-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 183.164934][ T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.173413][ T318] usb 2-1: config 0 descriptor?? [ 183.256438][ T386] usb 5-1: Using ep0 maxpacket: 16 [ 183.469590][ T60] sony 0003:054C:0268.0030: unknown main item tag 0x0 [ 183.476216][ T60] sony 0003:054C:0268.0030: unknown main item tag 0x0 [ 183.483615][ T60] sony 0003:054C:0268.0030: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.0-1/input0 [ 183.495278][ T60] sony 0003:054C:0268.0030: failed to claim input [ 183.691936][ T60] usb 1-1: USB disconnect, device number 23 [ 183.746631][ T386] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 183.755562][ T386] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.827894][ T3018] netlink: 24 bytes leftover after parsing attributes in process `syz.1.615'. [ 183.989653][ T318] betop 0003:11C2:2208.0031: item fetching failed at offset 4/5 [ 183.997302][ T386] usb 5-1: Product: syz [ 184.002064][ T318] betop 0003:11C2:2208.0031: parse failed [ 184.002074][ T1195] EXT4-fs (loop2): unmounting filesystem. [ 184.013530][ T386] usb 5-1: Manufacturer: syz [ 184.017980][ T318] betop: probe of 0003:11C2:2208.0031 failed with error -22 [ 184.025634][ T386] usb 5-1: SerialNumber: syz [ 184.031154][ T386] r8152-cfgselector 5-1: config 0 descriptor?? [ 184.039203][ T28] audit: type=1400 audit(1725230020.478:800): avc: denied { ioctl } for pid=3019 comm="syz.2.621" path="socket:[30036]" dev="sockfs" ino=30036 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 184.356486][ T1042] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 184.397510][ T386] r8152-cfgselector 5-1: Unknown version 0x0000 [ 184.438175][ T3028] loop0: detected capacity change from 0 to 128 [ 184.616491][ T1042] usb 3-1: Using ep0 maxpacket: 8 [ 184.666890][ T3006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.675847][ T3006] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.720065][ T386] r8152-cfgselector 5-1: Unknown version 0x0000 [ 184.736395][ T386] r8152-cfgselector 5-1: USB disconnect, device number 19 [ 184.736475][ T1042] usb 3-1: config 0 has no interfaces? [ 184.906500][ T1042] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 184.915401][ T1042] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.923238][ T1042] usb 3-1: Product: syz [ 184.927171][ T1042] usb 3-1: Manufacturer: syz [ 184.931583][ T1042] usb 3-1: SerialNumber: syz [ 184.936507][ T1042] usb 3-1: config 0 descriptor?? [ 185.212541][ T1042] usb 2-1: USB disconnect, device number 25 [ 185.364575][ T3041] loop1: detected capacity change from 0 to 256 [ 185.580634][ T28] audit: type=1400 audit(1725230022.018:801): avc: denied { mounton } for pid=3040 comm="syz.1.627" path="/28/bus/bus" dev="loop1" ino=1048649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 185.612265][ T3052] loop4: detected capacity change from 0 to 256 [ 185.623635][ T3052] FAT-fs (loop4): Directory bread(block 64) failed [ 185.630040][ T3052] FAT-fs (loop4): Directory bread(block 65) failed [ 185.636344][ T3052] FAT-fs (loop4): Directory bread(block 66) failed [ 185.642679][ T3052] FAT-fs (loop4): Directory bread(block 67) failed [ 185.649533][ T3052] FAT-fs (loop4): Directory bread(block 68) failed [ 185.655890][ T3052] FAT-fs (loop4): Directory bread(block 69) failed [ 185.662313][ T3052] FAT-fs (loop4): Directory bread(block 70) failed [ 185.668696][ T3052] FAT-fs (loop4): Directory bread(block 71) failed [ 185.675014][ T3052] FAT-fs (loop4): Directory bread(block 72) failed [ 185.681405][ T3052] FAT-fs (loop4): Directory bread(block 73) failed [ 185.713255][ T28] audit: type=1400 audit(1725230022.148:802): avc: denied { unmount } for pid=2338 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 185.740338][ T3058] netlink: 16 bytes leftover after parsing attributes in process `syz.1.631'. [ 185.750256][ T3057] netlink: 16 bytes leftover after parsing attributes in process `syz.1.631'. [ 185.767801][ T28] audit: type=1400 audit(1725230022.208:803): avc: denied { ioctl } for pid=3061 comm="syz.1.632" path="/dev/usbmon7" dev="devtmpfs" ino=160 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 185.844032][ T3065] 9pnet: Could not find request transport: œe¼À³í”µ=0x000000000000000901777777777777777777777 [ 185.887925][ T28] audit: type=1400 audit(2000000000.000:804): avc: denied { connect } for pid=3051 comm="syz.4.630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 185.914163][ T28] audit: type=1326 audit(2000000000.000:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3051 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae3579eb9 code=0x7ffc0000 [ 185.947141][ T28] audit: type=1326 audit(2000000000.000:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3051 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae3579eb9 code=0x7ffc0000 [ 185.970345][ T28] audit: type=1326 audit(2000000000.000:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3051 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fcae3579eb9 code=0x7ffc0000 [ 185.993517][ T28] audit: type=1326 audit(2000000000.000:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3051 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae3579eb9 code=0x7ffc0000 [ 186.016915][ T28] audit: type=1326 audit(2000000000.000:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3051 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae3579eb9 code=0x7ffc0000 [ 186.040184][ T28] audit: type=1326 audit(2000000000.000:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3051 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fcae3579eb9 code=0x7ffc0000 [ 187.061396][ T3081] loop3: detected capacity change from 0 to 512 [ 187.068927][ T3081] EXT4-fs: Ignoring removed mblk_io_submit option [ 187.075595][ T3081] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 187.115566][ T386] usb 3-1: USB disconnect, device number 25 [ 187.138438][ T3089] loop2: detected capacity change from 0 to 2048 [ 187.161287][ T3081] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz.3.636: corrupted in-inode xattr [ 187.174760][ T3081] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.636: couldn't read orphan inode 15 (err -117) [ 187.187769][ T3089] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 187.200245][ T3081] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 187.266493][ T3089] loop2: detected capacity change from 2048 to 2047 [ 187.273228][ T3094] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.638: bg 0: block 14130: padding at end of block bitmap is not set [ 187.871697][ T1195] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /78/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 187.894464][ T10] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #18: comm kworker/u4:1: corrupted in-inode xattr [ 187.906765][ T10] EXT4-fs error (device loop2): ext4_map_blocks:721: inode #18: block 62218: comm kworker/u4:1: lblock 0 mapped to illegal pblock 62218 (length 1) [ 187.921963][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117 [ 187.934056][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost [ 187.934056][ T10] [ 187.943783][ T8] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #18: comm kworker/u4:0: corrupted in-inode xattr [ 187.956206][ T1195] EXT4-fs (loop2): Inode 18 (ffff88813473e138): i_reserved_data_blocks (1) not cleared! [ 187.966240][ T1195] EXT4-fs (loop2): unmounting filesystem. [ 188.104338][ T3108] loop4: detected capacity change from 0 to 2048 [ 188.149743][ T2106] EXT4-fs (loop3): unmounting filesystem. [ 188.224499][ T3111] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.231528][ T3111] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.239325][ T3111] device bridge_slave_0 entered promiscuous mode [ 188.249012][ T3111] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.255972][ T3111] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.263123][ T3111] device bridge_slave_1 entered promiscuous mode [ 188.301970][ T3111] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.308827][ T3111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.315891][ T3111] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.322710][ T3111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.447934][ T1042] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 188.776897][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.784771][ T318] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.792091][ T318] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.810514][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.818806][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.825664][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.827290][ T1042] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 188.844287][ T1042] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.855524][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.863980][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.870853][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.885787][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.893982][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.901926][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.080811][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.088948][ T1042] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 189.105949][ T1042] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.115604][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.123578][ T1042] usb 2-1: Product: syz [ 189.128632][ T8] device bridge_slave_1 left promiscuous mode [ 189.134582][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.141592][ T1042] usb 2-1: Manufacturer: syz [ 189.146127][ T1042] usb 2-1: SerialNumber: syz [ 189.146289][ T8] device bridge_slave_0 left promiscuous mode [ 189.156734][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.164695][ T8] device veth1_macvtap left promiscuous mode [ 189.170540][ T8] device veth0_vlan left promiscuous mode [ 189.217407][ T1042] usb 2-1: selecting invalid altsetting 1 [ 189.260426][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.267931][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.275700][ T3111] device veth0_vlan entered promiscuous mode [ 189.286064][ T3111] device veth1_macvtap entered promiscuous mode [ 189.292694][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.300626][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.308762][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 189.426539][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 189.488908][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 189.496991][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 189.505819][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.513826][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.553123][ T3137] netlink: 'syz.2.644': attribute type 4 has an invalid length. [ 189.560788][ T3137] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.644'. [ 189.676433][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 189.681439][ T3142] loop0: detected capacity change from 0 to 512 [ 189.697877][ T3142] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 189.706789][ T3142] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038 (0x7fffffff) [ 189.796495][ T24] usb 5-1: config 0 has no interfaces? [ 189.875315][ T1894] kernel write not supported for file bpf-prog (pid: 1894 comm: kworker/1:9) [ 189.892351][ T3147] loop2: detected capacity change from 0 to 512 [ 189.896476][ T1042] cdc_ncm 2-1:1.1: SET_NTB_FORMAT failed [ 189.906357][ T3147] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz.2.650: iget: bad extended attribute block 1 [ 189.918984][ T3147] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.650: couldn't read orphan inode 15 (err -117) [ 189.924761][ T1042] usb 2-1: selecting invalid altsetting 1 [ 189.930797][ T3147] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 189.941614][ T1042] cdc_ncm 2-1:1.1: bind() failure [ 189.960213][ T1042] usb 2-1: USB disconnect, device number 26 [ 189.966622][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 189.978316][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.987575][ T24] usb 5-1: Product: syz [ 190.011161][ T24] usb 5-1: Manufacturer: syz [ 190.015731][ T24] usb 5-1: SerialNumber: syz [ 190.038680][ T24] usb 5-1: config 0 descriptor?? [ 190.138473][ T3150] loop3: detected capacity change from 0 to 2048 [ 190.152392][ T3150] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 190.216440][ T3150] loop3: detected capacity change from 2048 to 2047 [ 190.225550][ T3150] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.652: bg 0: block 14130: padding at end of block bitmap is not set [ 190.338019][ T2106] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /51/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 190.366054][ T8] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #18: comm kworker/u4:0: corrupted in-inode xattr [ 190.378661][ T8] EXT4-fs error (device loop3): ext4_map_blocks:721: inode #18: block 62218: comm kworker/u4:0: lblock 0 mapped to illegal pblock 62218 (length 1) [ 190.411827][ T8] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117 [ 190.613347][ T8] EXT4-fs (loop3): This should not happen!! Data will be lost [ 190.613347][ T8] [ 190.669512][ T8] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #18: comm kworker/u4:0: corrupted in-inode xattr [ 190.685908][ T2106] EXT4-fs (loop3): Inode 18 (ffff8881372d05b8): i_reserved_data_blocks (1) not cleared! [ 190.696736][ T2106] EXT4-fs (loop3): unmounting filesystem. [ 190.713308][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 190.994373][ T3156] loop1: detected capacity change from 0 to 40427 [ 191.008227][ T3156] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 191.025941][ T3156] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 191.058468][ T3161] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.065325][ T3161] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.073239][ T3156] F2FS-fs (loop1): invalid crc value [ 191.093156][ T3161] device bridge_slave_0 entered promiscuous mode [ 191.100086][ T3156] F2FS-fs (loop1): Found nat_bits in checkpoint [ 191.129643][ T3161] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.142926][ T3158] loop0: detected capacity change from 0 to 40427 [ 191.149628][ T3161] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.156573][ T3158] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 191.163972][ T3158] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 191.172440][ T3161] device bridge_slave_1 entered promiscuous mode [ 191.179380][ T3111] EXT4-fs (loop2): unmounting filesystem. [ 191.185938][ T3158] F2FS-fs (loop0): invalid crc value [ 191.191468][ T3156] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 191.193587][ T3158] F2FS-fs (loop0): Found nat_bits in checkpoint [ 191.198417][ T3156] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 191.285047][ T3158] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 191.292194][ T3158] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 191.362305][ T3161] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.369189][ T3161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.376301][ T3161] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.383077][ T3161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.937754][ T3178] netlink: 172 bytes leftover after parsing attributes in process `syz.1.654'. [ 192.296446][ T3180] netlink: 172 bytes leftover after parsing attributes in process `syz.0.655'. [ 192.536802][ T1127] syz-executor: attempt to access beyond end of device [ 192.536802][ T1127] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 192.543718][ T644] usb 5-1: USB disconnect, device number 20 [ 192.557363][ T2338] syz-executor: attempt to access beyond end of device [ 192.557363][ T2338] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 192.573069][ T1042] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.589650][ T1042] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.626877][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.634464][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.645410][ T1042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.656828][ T1042] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.673846][ T3183] syz.4.661[3183] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.673913][ T3183] syz.4.661[3183] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.720388][ T1042] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.736209][ T3191] loop0: detected capacity change from 0 to 512 [ 192.738279][ T1042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.751723][ T8] device bridge_slave_1 left promiscuous mode [ 192.758291][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.765725][ T8] device bridge_slave_0 left promiscuous mode [ 192.771780][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.779633][ T8] device veth1_macvtap left promiscuous mode [ 192.785456][ T8] device veth0_vlan left promiscuous mode [ 192.869281][ T3195] loop4: detected capacity change from 0 to 1024 [ 192.876087][ T3195] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 192.887553][ T3195] EXT4-fs (loop4): invalid journal inode [ 192.893285][ T3195] EXT4-fs (loop4): can't get journal size [ 192.899323][ T3195] EXT4-fs error (device loop4): ext4_protect_reserved_inode:182: inode #2: comm syz.4.663: blocks 48-48 from inode overlap system zone [ 192.916660][ T3197] incfs: Options parsing error. -22 [ 192.916907][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.926953][ T3197] incfs: mount failed -22 [ 192.930034][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.936566][ T3195] EXT4-fs (loop4): failed to initialize system zone (-117) [ 192.942033][ T1894] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.955545][ T1894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.956451][ T3195] EXT4-fs (loop4): mount failed [ 192.976499][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.985181][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.993420][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.001758][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.009410][ T24] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 193.021820][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 193.030033][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.042412][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 193.050295][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 193.060360][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 193.099428][ T1894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 193.108957][ T3161] device veth0_vlan entered promiscuous mode [ 193.119276][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.127210][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.136182][ T3161] device veth1_macvtap entered promiscuous mode [ 193.147143][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 193.154638][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.163343][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 193.374785][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 193.383190][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 193.395500][ T3205] loop0: detected capacity change from 0 to 512 [ 193.411129][ T3205] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 193.420322][ T3205] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038 (0x7fffffff) [ 193.426545][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.450083][ T3210] loop3: detected capacity change from 0 to 512 [ 193.453273][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.456627][ T3210] EXT4-fs: Ignoring removed mblk_io_submit option [ 193.472794][ T3210] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 193.476704][ T24] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 193.483970][ T3210] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz.3.657: corrupted in-inode xattr [ 193.503254][ T3210] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.657: couldn't read orphan inode 15 (err -117) [ 193.505617][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.515157][ T3210] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 193.542698][ T24] usb 3-1: config 0 descriptor?? [ 194.037317][ T24] sony 0003:054C:0268.0032: unknown main item tag 0x0 [ 194.043960][ T24] sony 0003:054C:0268.0032: unknown main item tag 0x0 [ 194.057041][ T24] sony 0003:054C:0268.0032: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0 [ 194.068762][ T24] sony 0003:054C:0268.0032: failed to claim input [ 194.236435][ T644] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 194.256408][ T318] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 194.264116][ T24] usb 3-1: USB disconnect, device number 26 [ 194.271643][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 194.294824][ T3222] FAULT_INJECTION: forcing a failure. [ 194.294824][ T3222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.308058][ T3222] CPU: 0 PID: 3222 Comm: syz.0.668 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 194.317509][ T3222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 194.327402][ T3222] Call Trace: [ 194.330526][ T3222] [ 194.333305][ T3222] dump_stack_lvl+0x151/0x1b7 [ 194.337822][ T3222] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 194.343112][ T3222] ? restore_sigcontext+0x633/0x700 [ 194.348147][ T3222] dump_stack+0x15/0x1c [ 194.352147][ T3222] should_fail_ex+0x3d0/0x520 [ 194.356654][ T3222] should_fail+0xb/0x10 [ 194.360644][ T3222] should_fail_usercopy+0x1a/0x20 [ 194.365507][ T3222] _copy_from_user+0x1e/0xc0 [ 194.369930][ T3222] restore_altstack+0x95/0x150 [ 194.374535][ T3222] ? __ia32_sys_sigaltstack+0x260/0x260 [ 194.379929][ T3222] __do_sys_rt_sigreturn+0x160/0x1e0 [ 194.385033][ T3222] ? x32_copy_siginfo_to_user+0x270/0x270 [ 194.390593][ T3222] ? debug_smp_processor_id+0x17/0x20 [ 194.395805][ T3222] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 194.401705][ T3222] ? exit_to_user_mode_prepare+0x39/0xa0 [ 194.407168][ T3222] x64_sys_call+0x91/0x9a0 [ 194.411420][ T3222] do_syscall_64+0x3b/0xb0 [ 194.415669][ T3222] ? clear_bhb_loop+0x55/0xb0 [ 194.420182][ T3222] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 194.425911][ T3222] RIP: 0033:0x7ff9aff79eb7 [ 194.430162][ T3222] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 194.449608][ T3222] RSP: 002b:00007ff9b0cab038 EFLAGS: 00000246 [ 194.455504][ T3222] RAX: 0000000000000013 RBX: 00007ff9b0115f80 RCX: 00007ff9aff79eb9 [ 194.463314][ T3222] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004 [ 194.471128][ T3222] RBP: 00007ff9b0cab090 R08: 0000000000000000 R09: 0000000000000000 [ 194.478942][ T3222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.486751][ T3222] R13: 0000000000000000 R14: 00007ff9b0115f80 R15: 00007ffd32d25088 [ 194.494571][ T3222] [ 194.503755][ T3161] EXT4-fs (loop3): unmounting filesystem. [ 194.522324][ T3225] loop3: detected capacity change from 0 to 1024 [ 194.528896][ T3225] EXT4-fs: Ignoring removed bh option [ 194.537704][ T3225] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 194.553249][ T3161] EXT4-fs (loop3): unmounting filesystem. [ 194.606464][ T644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.617407][ T644] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 194.627063][ T644] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 194.639907][ T644] usb 5-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 194.648932][ T644] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.657925][ T644] usb 5-1: config 0 descriptor?? [ 194.691172][ T3229] loop3: detected capacity change from 0 to 40427 [ 194.697896][ T3229] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 194.705369][ T3229] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 194.714257][ T3229] F2FS-fs (loop3): invalid crc value [ 194.720879][ T3229] F2FS-fs (loop3): Found nat_bits in checkpoint [ 194.744704][ T3229] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 194.751701][ T3229] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 194.766493][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 194.777374][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 194.786967][ T318] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 194.795868][ T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.804406][ T318] usb 2-1: config 0 descriptor?? [ 194.921436][ T3238] netlink: 172 bytes leftover after parsing attributes in process `syz.3.670'. [ 195.043962][ T3240] loop0: detected capacity change from 0 to 512 [ 195.050385][ T3240] EXT4-fs: Ignoring removed mblk_io_submit option [ 195.057103][ T3240] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 195.068283][ T3240] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.672: corrupted in-inode xattr [ 195.080359][ T3240] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.672: couldn't read orphan inode 15 (err -117) [ 195.092149][ T3240] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 195.176447][ T316] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 195.282667][ T3244] netlink: 24 bytes leftover after parsing attributes in process `syz.4.666'. [ 195.300437][ T644] betop 0003:11C2:2208.0033: item fetching failed at offset 4/5 [ 195.313817][ T644] betop 0003:11C2:2208.0033: parse failed [ 195.319682][ T644] betop: probe of 0003:11C2:2208.0033 failed with error -22 [ 195.384483][ T318] lg-g15 0003:046D:C222.0034: unknown main item tag 0x0 [ 195.391363][ T318] lg-g15 0003:046D:C222.0034: item fetching failed at offset 10/11 [ 195.399301][ T318] lg-g15: probe of 0003:046D:C222.0034 failed with error -22 [ 195.426401][ T3161] syz-executor: attempt to access beyond end of device [ 195.426401][ T3161] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 195.579372][ T1894] usb 2-1: USB disconnect, device number 27 [ 195.766042][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 195.773258][ T316] usb 3-1: Using ep0 maxpacket: 8 [ 195.788332][ T3253] loop0: detected capacity change from 0 to 512 [ 195.794619][ T3253] EXT4-fs: Ignoring removed mblk_io_submit option [ 195.801145][ T3253] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 195.812254][ T3253] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.674: corrupted in-inode xattr [ 195.824276][ T3253] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.674: couldn't read orphan inode 15 (err -117) [ 195.836132][ T3253] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 195.906513][ T316] usb 3-1: config 0 has no interfaces? [ 196.076477][ T316] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 196.085772][ T316] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.094139][ T316] usb 3-1: Product: syz [ 196.098258][ T316] usb 3-1: Manufacturer: syz [ 196.102993][ T316] usb 3-1: SerialNumber: syz [ 196.108523][ T316] usb 3-1: config 0 descriptor?? [ 196.407345][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 196.726441][ T1894] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 196.846482][ T316] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 196.955352][ T3269] netlink: 'syz.1.680': attribute type 4 has an invalid length. [ 196.962932][ T3269] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.680'. [ 196.983384][ T3271] FAULT_INJECTION: forcing a failure. [ 196.983384][ T3271] name failslab, interval 1, probability 0, space 0, times 0 [ 196.996010][ T3271] CPU: 0 PID: 3271 Comm: syz.1.681 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 196.999159][ T644] usb 5-1: USB disconnect, device number 21 [ 197.005448][ T3271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 197.021080][ T3271] Call Trace: [ 197.024201][ T3271] [ 197.027063][ T3271] dump_stack_lvl+0x151/0x1b7 [ 197.031577][ T3271] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 197.033479][ T3273] device syzkaller0 entered promiscuous mode [ 197.036871][ T3271] ? kfree+0x7a/0xf0 [ 197.036893][ T3271] dump_stack+0x15/0x1c [ 197.036907][ T3271] should_fail_ex+0x3d0/0x520 [ 197.036927][ T3271] ? p9_fd_create+0x177/0x520 [ 197.036945][ T3271] __should_failslab+0xaf/0xf0 [ 197.036962][ T3271] should_failslab+0x9/0x20 [ 197.036979][ T3271] __kmem_cache_alloc_node+0x3d/0x250 [ 197.036996][ T3271] ? p9_fd_create+0x177/0x520 [ 197.078097][ T3271] kmalloc_trace+0x2a/0xa0 [ 197.082361][ T3271] p9_fd_create+0x177/0x520 [ 197.086685][ T3271] ? p9_fd_create_unix+0x480/0x480 [ 197.091641][ T3271] ? p9_client_create+0x770/0x11c0 [ 197.096580][ T3271] ? p9_client_create+0x770/0x11c0 [ 197.101527][ T3271] p9_client_create+0x867/0x11c0 [ 197.106306][ T3271] ? do_trace_9p_fid_put+0x110/0x110 [ 197.111433][ T3271] ? kstrdup+0x54/0x70 [ 197.115333][ T3271] v9fs_session_init+0x1f2/0x1950 [ 197.120201][ T3271] ? v9fs_show_options+0x570/0x570 [ 197.125139][ T3271] ? kasan_save_alloc_info+0x1f/0x30 [ 197.130261][ T3271] ? __kasan_kmalloc+0x9c/0xb0 [ 197.134858][ T3271] ? kmalloc_trace+0x44/0xa0 [ 197.139281][ T3271] v9fs_mount+0xca/0xb60 [ 197.143365][ T3271] ? incfs_get_verity_signature+0x420/0x420 [ 197.149089][ T3271] ? cap_capable+0x1d2/0x270 [ 197.153517][ T3271] legacy_get_tree+0xf1/0x190 [ 197.158030][ T3271] ? incfs_get_verity_signature+0x420/0x420 [ 197.163761][ T3271] vfs_get_tree+0x88/0x290 [ 197.168011][ T3271] do_new_mount+0x2ba/0xb30 [ 197.172355][ T3271] ? do_move_mount_old+0x160/0x160 [ 197.177298][ T3271] ? security_capable+0x87/0xb0 [ 197.181986][ T3271] ? ns_capable+0x89/0xe0 [ 197.186150][ T3271] path_mount+0x671/0x1070 [ 197.190403][ T3271] ? user_path_at_empty+0x14e/0x1a0 [ 197.195439][ T3271] __se_sys_mount+0x2c4/0x3b0 [ 197.199951][ T3271] ? __x64_sys_mount+0xd0/0xd0 [ 197.204551][ T3271] ? debug_smp_processor_id+0x17/0x20 [ 197.209759][ T3271] __x64_sys_mount+0xbf/0xd0 [ 197.214272][ T3271] x64_sys_call+0x49d/0x9a0 [ 197.218610][ T3271] do_syscall_64+0x3b/0xb0 [ 197.222863][ T3271] ? clear_bhb_loop+0x55/0xb0 [ 197.227378][ T3271] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 197.233104][ T3271] RIP: 0033:0x7fb1f9779eb9 [ 197.237359][ T3271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.256886][ T3271] RSP: 002b:00007fb1fa4ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 197.265133][ T3271] RAX: ffffffffffffffda RBX: 00007fb1f9915f80 RCX: 00007fb1f9779eb9 [ 197.272943][ T3271] RDX: 0000000020000b80 RSI: 0000000020000040 RDI: 0000000000000000 [ 197.280843][ T3271] RBP: 00007fb1fa4ff090 R08: 0000000020000580 R09: 0000000000000000 [ 197.288661][ T3271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 197.296466][ T3271] R13: 0000000000000000 R14: 00007fb1f9915f80 R15: 00007ffcfb9bab48 [ 197.304280][ T3271] [ 197.307276][ T1894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.318288][ T1894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.327890][ T1894] usb 1-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 197.340018][ T1894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.348475][ T1894] usb 1-1: config 0 descriptor?? [ 197.496753][ T316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.519568][ T316] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.529439][ T316] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 197.538294][ T316] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.546593][ T316] usb 4-1: config 0 descriptor?? [ 197.796472][ T644] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 197.841030][ T1894] sony 0003:054C:0268.0035: unknown main item tag 0x0 [ 197.847558][ T3288] loop2: detected capacity change from 0 to 128 [ 197.847814][ T1894] sony 0003:054C:0268.0035: unknown main item tag 0x0 [ 197.854176][ T3288] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 197.861529][ T1894] sony 0003:054C:0268.0035: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.0-1/input0 [ 197.881412][ T1894] sony 0003:054C:0268.0035: failed to claim input [ 197.889598][ T1894] usb 3-1: USB disconnect, device number 27 [ 198.041115][ T316] logitech-hidpp-device 0003:046D:C086.0036: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.3-1/input0 [ 198.054057][ T24] usb 1-1: USB disconnect, device number 24 [ 198.166598][ T644] usb 5-1: config 0 has an invalid interface number: 242 but max is 0 [ 198.174575][ T644] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 198.184559][ T644] usb 5-1: config 0 has no interface number 0 [ 198.190399][ T644] usb 5-1: config 0 interface 242 altsetting 1 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 198.201159][ T644] usb 5-1: config 0 interface 242 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 15 [ 198.214051][ T644] usb 5-1: config 0 interface 242 has no altsetting 0 [ 198.236575][ T1894] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 198.244366][ T316] usb 4-1: USB disconnect, device number 19 [ 198.376515][ T644] usb 5-1: New USB device found, idVendor=8b63, idProduct=6fac, bcdDevice=80.95 [ 198.385433][ T644] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.393205][ T644] usb 5-1: Product: syz [ 198.397293][ T644] usb 5-1: Manufacturer: syz [ 198.401677][ T644] usb 5-1: SerialNumber: syz [ 198.406821][ T644] usb 5-1: config 0 descriptor?? [ 198.476569][ T1894] usb 3-1: Using ep0 maxpacket: 32 [ 198.564374][ T3292] loop0: detected capacity change from 0 to 512 [ 198.577956][ T3292] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 198.586753][ T3292] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038 (0x7fffffff) [ 198.596686][ T1894] usb 3-1: config 0 has an invalid interface number: 57 but max is 0 [ 198.604643][ T1894] usb 3-1: config 0 has no interface number 0 [ 198.616427][ T1894] usb 3-1: too many endpoints for config 0 interface 57 altsetting 96: 144, using maximum allowed: 30 [ 198.616464][ T318] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 198.636428][ T1894] usb 3-1: config 0 interface 57 altsetting 96 has 0 endpoint descriptors, different from the interface descriptor's value: 144 [ 198.662385][ T1894] usb 3-1: config 0 interface 57 has no altsetting 0 [ 198.670119][ T644] usb 5-1: USB disconnect, device number 22 [ 198.886970][ T1894] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 198.912301][ T1894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.920255][ T1894] usb 3-1: Product: syz [ 198.924457][ T1894] usb 3-1: Manufacturer: syz [ 198.928975][ T1894] usb 3-1: SerialNumber: syz [ 198.957698][ T1894] usb 3-1: config 0 descriptor?? [ 199.116511][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.127263][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.136761][ T318] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 199.145601][ T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.153908][ T318] usb 2-1: config 0 descriptor?? [ 199.329892][ T3288] tipc: Enabling of bearer rejected, media not registered [ 199.473178][ T1127] EXT4-fs (loop0): unmounting filesystem. [ 199.485259][ T3310] netlink: 'syz.0.691': attribute type 4 has an invalid length. [ 199.492770][ T3310] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.691'. [ 199.833569][ T318] lg-g15 0003:046D:C222.0037: unknown main item tag 0x0 [ 199.840907][ T318] lg-g15 0003:046D:C222.0037: item fetching failed at offset 10/11 [ 199.848877][ T318] lg-g15: probe of 0003:046D:C222.0037 failed with error -22 [ 199.981643][ T644] usb 2-1: USB disconnect, device number 28 [ 200.343981][ T3330] incfs_lookup_dentry err:-22 [ 200.348551][ T3330] incfs: Can't find or create .index dir in ./file0 [ 200.355039][ T3330] incfs: mount failed -22 [ 200.372368][ T3332] loop4: detected capacity change from 0 to 1024 [ 200.379644][ T3332] JBD2: no valid journal superblock found [ 200.385232][ T3332] EXT4-fs (loop4): error loading journal [ 200.468932][ T3334] loop0: detected capacity change from 0 to 128 [ 200.860862][ T3347] FAULT_INJECTION: forcing a failure. [ 200.860862][ T3347] name failslab, interval 1, probability 0, space 0, times 0 [ 200.870112][ T386] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 200.873511][ T3347] CPU: 1 PID: 3347 Comm: syz.3.700 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 200.890199][ T3347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 200.900089][ T3347] Call Trace: [ 200.903213][ T3347] [ 200.905990][ T3347] dump_stack_lvl+0x151/0x1b7 [ 200.910502][ T3347] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 200.915825][ T3347] ? is_bpf_text_address+0x172/0x190 [ 200.920919][ T3347] dump_stack+0x15/0x1c [ 200.924911][ T3347] should_fail_ex+0x3d0/0x520 [ 200.929431][ T3347] ? __alloc_skb+0xcc/0x2d0 [ 200.933763][ T3347] __should_failslab+0xaf/0xf0 [ 200.938365][ T3347] should_failslab+0x9/0x20 [ 200.942709][ T3347] kmem_cache_alloc_node+0x3e/0x2d0 [ 200.947856][ T3347] ? avc_has_perm_noaudit+0x348/0x430 [ 200.953071][ T3347] __alloc_skb+0xcc/0x2d0 [ 200.957219][ T3347] ? avc_has_perm_noaudit+0x2dd/0x430 [ 200.962434][ T3347] tcp_stream_alloc_skb+0x46/0x340 [ 200.967377][ T3347] tcp_sendmsg_locked+0xda6/0x4000 [ 200.972324][ T3347] ? avc_has_perm+0x16f/0x260 [ 200.976840][ T3347] ? __kasan_check_write+0x14/0x20 [ 200.981785][ T3347] ? tcp_set_state+0x6c0/0x6c0 [ 200.986385][ T3347] tcp_sendmsg+0x2f/0x50 [ 200.990460][ T3347] inet_sendmsg+0xa1/0xc0 [ 200.994623][ T3347] ? inet_send_prepare+0x4a0/0x4a0 [ 200.999580][ T3347] __sys_sendto+0x480/0x600 [ 201.003914][ T3347] ? __ia32_sys_getpeername+0x90/0x90 [ 201.009205][ T3347] ? mutex_unlock+0xb2/0x260 [ 201.013635][ T3347] ? __kasan_check_write+0x14/0x20 [ 201.018582][ T3347] ? debug_smp_processor_id+0x17/0x20 [ 201.023788][ T3347] __x64_sys_sendto+0xe5/0x100 [ 201.028388][ T3347] x64_sys_call+0x15c/0x9a0 [ 201.032727][ T3347] do_syscall_64+0x3b/0xb0 [ 201.036980][ T3347] ? clear_bhb_loop+0x55/0xb0 [ 201.041491][ T3347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 201.047221][ T3347] RIP: 0033:0x7f0e6ef79eb9 [ 201.051476][ T3347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.070916][ T3347] RSP: 002b:00007f0e6fdd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 201.079162][ T3347] RAX: ffffffffffffffda RBX: 00007f0e6f116058 RCX: 00007f0e6ef79eb9 [ 201.086973][ T3347] RDX: 000000000000fe6a RSI: 0000000020000700 RDI: 0000000000000004 [ 201.094784][ T3347] RBP: 00007f0e6fdd5090 R08: 0000000000000000 R09: fffffffffffffe93 [ 201.102769][ T3347] R10: 0000000000040040 R11: 0000000000000246 R12: 0000000000000001 [ 201.110580][ T3347] R13: 0000000000000001 R14: 00007f0e6f116058 R15: 00007ffe0d4ca018 [ 201.118396][ T3347] [ 201.130975][ T3349] loop2: detected capacity change from 0 to 512 [ 201.177090][ T3349] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 201.186607][ T3349] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038 (0x7fffffff) [ 201.323589][ T3357] netlink: 'syz.0.702': attribute type 4 has an invalid length. [ 201.333678][ T3357] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.702'. [ 201.356513][ T386] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.368124][ T386] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.377769][ T386] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 201.390596][ T386] usb 2-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 201.399705][ T386] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.410105][ T386] usb 2-1: config 0 descriptor?? [ 201.986525][ T644] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 202.029588][ T3370] netlink: 24 bytes leftover after parsing attributes in process `syz.1.698'. [ 202.040052][ T1042] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 202.144530][ T386] betop 0003:11C2:2208.0038: item fetching failed at offset 4/5 [ 202.146174][ T3111] EXT4-fs (loop2): unmounting filesystem. [ 202.152387][ T386] betop 0003:11C2:2208.0038: parse failed [ 202.163255][ T386] betop: probe of 0003:11C2:2208.0038 failed with error -22 [ 202.436600][ T644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.449479][ T644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.459120][ T1042] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.469797][ T644] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 202.478597][ T1042] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.488183][ T644] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.495921][ T1042] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 202.504980][ T1042] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.512948][ T644] usb 4-1: config 0 descriptor?? [ 202.517856][ T24] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 202.525646][ T1042] usb 5-1: config 0 descriptor?? [ 202.796430][ T24] usb 1-1: device descriptor read/64, error -71 [ 202.987302][ T644] hid-steam 0003:28DE:1142.0039: unknown main item tag 0x0 [ 202.994401][ T644] hid-steam 0003:28DE:1142.0039: unknown main item tag 0x0 [ 203.001434][ T644] hid-steam 0003:28DE:1142.0039: unknown main item tag 0x0 [ 203.008647][ T644] hid-steam 0003:28DE:1142.0039: unknown main item tag 0x0 [ 203.017550][ T644] hid-steam 0003:28DE:1142.0039: unknown main item tag 0x0 [ 203.025194][ T644] hid-steam 0003:28DE:1142.0039: hidraw0: USB HID v0.40 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 203.037854][ T1042] sony 0003:054C:0268.003A: unknown main item tag 0x0 [ 203.044568][ T1042] sony 0003:054C:0268.003A: unknown main item tag 0x0 [ 203.052603][ T1042] sony 0003:054C:0268.003A: hiddev96,hidraw1: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0 [ 203.064401][ T1042] sony 0003:054C:0268.003A: failed to claim input [ 203.185056][ T3381] loop2: detected capacity change from 0 to 40427 [ 203.191795][ T3381] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 203.196906][ T1042] usb 4-1: USB disconnect, device number 20 [ 203.198007][ T3381] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 203.214099][ T3381] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 203.225093][ T24] usb 1-1: device descriptor read/64, error -71 [ 203.238886][ T3381] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 203.239202][ T644] usb 5-1: USB disconnect, device number 23 [ 203.245737][ T3381] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 203.258877][ T28] kauditd_printk_skb: 21 callbacks suppressed [ 203.258892][ T28] audit: type=1400 audit(2000000017.400:832): avc: denied { read } for pid=3380 comm="syz.2.708" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 203.287147][ T28] audit: type=1400 audit(2000000017.400:833): avc: denied { open } for pid=3380 comm="syz.2.708" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 203.289374][ T3381] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 203.506473][ T24] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 203.549733][ T318] usb 2-1: USB disconnect, device number 29 [ 203.596497][ T1894] rtl8150 3-1:0.57: couldn't reset the device [ 203.602479][ T1894] rtl8150: probe of 3-1:0.57 failed with error -5 [ 203.609317][ T1894] usb 3-1: USB disconnect, device number 28 [ 203.816459][ T24] usb 1-1: device descriptor read/64, error -71 [ 204.376444][ T318] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 204.376470][ T1894] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 204.627653][ T24] usb 1-1: device descriptor read/64, error -71 [ 204.676440][ T1894] usb 3-1: Using ep0 maxpacket: 16 [ 204.898599][ T24] usb usb1-port1: attempt power cycle [ 204.936576][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.947340][ T318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.957124][ T318] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 204.965965][ T318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.974164][ T318] usb 2-1: config 0 descriptor?? [ 204.996576][ T1894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.007445][ T1894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.016947][ T1894] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 205.029661][ T1894] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 205.038519][ T1894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.046426][ T316] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 205.046908][ T1894] usb 3-1: config 0 descriptor?? [ 205.296292][ T316] usb 5-1: Using ep0 maxpacket: 16 [ 205.617838][ T318] lg-g15 0003:046D:C222.003B: unknown main item tag 0x0 [ 205.624726][ T318] lg-g15 0003:046D:C222.003B: item fetching failed at offset 10/11 [ 205.633174][ T318] lg-g15: probe of 0003:046D:C222.003B failed with error -22 [ 205.641010][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.652626][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.662299][ T316] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 205.671103][ T316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.679383][ T316] usb 5-1: config 0 descriptor?? [ 205.889896][ T3411] FAULT_INJECTION: forcing a failure. [ 205.889896][ T3411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.892564][ T318] usb 2-1: USB disconnect, device number 30 [ 205.902816][ T3411] CPU: 1 PID: 3411 Comm: syz.3.715 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 205.917938][ T3411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 205.927833][ T3411] Call Trace: [ 205.930957][ T3411] [ 205.933731][ T3411] dump_stack_lvl+0x151/0x1b7 [ 205.938246][ T3411] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 205.943541][ T3411] ? vfs_write+0xbb3/0xeb0 [ 205.947798][ T3411] ? __kasan_slab_free+0x11/0x20 [ 205.952584][ T3411] dump_stack+0x15/0x1c [ 205.956559][ T3411] should_fail_ex+0x3d0/0x520 [ 205.961164][ T3411] should_fail+0xb/0x10 [ 205.965149][ T3411] should_fail_usercopy+0x1a/0x20 [ 205.970012][ T3411] _copy_from_user+0x1e/0xc0 [ 205.974437][ T3411] move_addr_to_kernel+0x87/0x150 [ 205.979304][ T3411] __sys_connect+0xbd/0x300 [ 205.983638][ T3411] ? __sys_connect_file+0x170/0x170 [ 205.988672][ T3411] ? debug_smp_processor_id+0x17/0x20 [ 205.993878][ T3411] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 205.999781][ T3411] __x64_sys_connect+0x7a/0x90 [ 206.004467][ T3411] x64_sys_call+0x14e/0x9a0 [ 206.008809][ T3411] do_syscall_64+0x3b/0xb0 [ 206.013060][ T3411] ? clear_bhb_loop+0x55/0xb0 [ 206.017580][ T3411] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 206.023304][ T3411] RIP: 0033:0x7f0e6ef79eb9 [ 206.027557][ T3411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.046995][ T3411] RSP: 002b:00007f0e6fdb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 206.055239][ T3411] RAX: ffffffffffffffda RBX: 00007f0e6f116130 RCX: 00007f0e6ef79eb9 [ 206.063058][ T3411] RDX: 000000000000001c RSI: 0000000020000080 RDI: 000000000000000a [ 206.070880][ T3411] RBP: 00007f0e6fdb4090 R08: 0000000000000000 R09: 0000000000000000 [ 206.078689][ T3411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.086490][ T3411] R13: 0000000000000000 R14: 00007f0e6f116130 R15: 00007ffe0d4ca018 [ 206.094313][ T3411] [ 206.186460][ T1894] usbhid 3-1:0.0: can't add hid device: -71 [ 206.192289][ T1894] usbhid: probe of 3-1:0.0 failed with error -71 [ 206.199682][ T1894] usb 3-1: USB disconnect, device number 29 [ 206.326899][ T3399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.335228][ T3399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.347358][ T316] hid-multitouch 0003:1FD2:6007.003C: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 207.013311][ T1042] usb 5-1: USB disconnect, device number 24 [ 207.187441][ T3111] syz-executor: attempt to access beyond end of device [ 207.187441][ T3111] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 207.263817][ T3433] loop2: detected capacity change from 0 to 128 [ 207.270405][ T3433] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978) [ 207.281367][ T3433] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 207.291586][ T3433] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #2: comm syz.2.719: No space for directory leaf checksum. Please run e2fsck -D. [ 207.307393][ T3433] EXT4-fs error (device loop2): __ext4_find_entry:1695: inode #2: comm syz.2.719: checksumming directory block 0 [ 207.373417][ T3433] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:405: inode #2: comm syz.2.719: No space for directory leaf checksum. Please run e2fsck -D. [ 207.388754][ T3433] EXT4-fs error (device loop2): __ext4_find_entry:1695: inode #2: comm syz.2.719: checksumming directory block 0 [ 207.401307][ T3433] netlink: 12 bytes leftover after parsing attributes in process `syz.2.719'. [ 207.410830][ T3433] netlink: 12 bytes leftover after parsing attributes in process `syz.2.719'. [ 207.423117][ T3433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'. [ 207.442300][ T3433] xt_hashlimit: invalid rate [ 207.467011][ T3111] EXT4-fs (loop2): unmounting filesystem. [ 207.473280][ T3442] FAULT_INJECTION: forcing a failure. [ 207.473280][ T3442] name failslab, interval 1, probability 0, space 0, times 0 [ 207.485717][ T3442] CPU: 1 PID: 3442 Comm: syz.1.721 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 207.495135][ T3442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 207.505030][ T3442] Call Trace: [ 207.508155][ T3442] [ 207.510941][ T3442] dump_stack_lvl+0x151/0x1b7 [ 207.515445][ T3442] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 207.520741][ T3442] dump_stack+0x15/0x1c [ 207.524732][ T3442] should_fail_ex+0x3d0/0x520 [ 207.529241][ T3442] ? ___neigh_create+0x6af/0x1db0 [ 207.534101][ T3442] __should_failslab+0xaf/0xf0 [ 207.538702][ T3442] should_failslab+0x9/0x20 [ 207.543042][ T3442] __kmem_cache_alloc_node+0x3d/0x250 [ 207.548252][ T3442] ? ___neigh_create+0x6af/0x1db0 [ 207.553110][ T3442] __kmalloc+0xa3/0x1e0 [ 207.557103][ T3442] ___neigh_create+0x6af/0x1db0 [ 207.561792][ T3442] ? selinux_ip_postroute+0x2d5/0x13d0 [ 207.567085][ T3442] ? __local_bh_enable_ip+0x58/0x80 [ 207.572119][ T3442] __neigh_create+0x32/0x40 [ 207.576459][ T3442] ip_neigh_gw4+0x265/0x340 [ 207.580799][ T3442] ? ip_finish_output2+0xf70/0xf70 [ 207.585747][ T3442] ip_finish_output2+0xcc2/0xf70 [ 207.590522][ T3442] ? ip_fragment+0x210/0x210 [ 207.594943][ T3442] ? ipt_do_table+0x2ff/0x17c0 [ 207.599562][ T3442] ? iptable_mangle_hook+0x19d/0x4f0 [ 207.604665][ T3442] ? ip_skb_dst_mtu+0x420/0x630 [ 207.609353][ T3442] __ip_finish_output+0x162/0x370 [ 207.614213][ T3442] ip_finish_output+0x31/0x2a0 [ 207.618816][ T3442] ? ip_output+0x3e1/0x420 [ 207.623067][ T3442] ip_output+0x1d6/0x420 [ 207.627146][ T3442] ? ip_finish_output+0x2a0/0x2a0 [ 207.632007][ T3442] ? ip_mc_finish_output+0x4b0/0x4b0 [ 207.637129][ T3442] ip_send_skb+0xb0/0x140 [ 207.641302][ T3442] udp_send_skb+0xac5/0x1520 [ 207.645729][ T3442] udp_sendmsg+0x1d26/0x2af0 [ 207.650151][ T3442] ? ip_skb_dst_mtu+0x630/0x630 [ 207.654834][ T3442] ? udp_cmsg_send+0x3a0/0x3a0 [ 207.659435][ T3442] ? selinux_socket_sendmsg+0x243/0x340 [ 207.664816][ T3442] ? kernel_text_address+0xa9/0xe0 [ 207.669759][ T3442] ? inet_send_prepare+0x5e/0x4a0 [ 207.674621][ T3442] inet_sendmsg+0xa1/0xc0 [ 207.678787][ T3442] ? inet_send_prepare+0x4a0/0x4a0 [ 207.683740][ T3442] ____sys_sendmsg+0x5d3/0x9a0 [ 207.688339][ T3442] ? __sys_sendmsg_sock+0x40/0x40 [ 207.693197][ T3442] __sys_sendmmsg+0x3b9/0x6f0 [ 207.697709][ T3442] ? kasan_set_track+0x4b/0x70 [ 207.702308][ T3442] ? __ia32_sys_sendmsg+0x90/0x90 [ 207.707169][ T3442] ? __kasan_check_write+0x14/0x20 [ 207.712125][ T3442] ? __kasan_check_write+0x14/0x20 [ 207.717062][ T3442] ? proc_fail_nth_write+0x20b/0x290 [ 207.722182][ T3442] ? selinux_file_permission+0x2bb/0x560 [ 207.727653][ T3442] ? proc_fail_nth_read+0x210/0x210 [ 207.732684][ T3442] ? fsnotify_perm+0x6a/0x5d0 [ 207.737200][ T3442] ? vfs_write+0xbb3/0xeb0 [ 207.741450][ T3442] ? __kasan_slab_free+0x11/0x20 [ 207.746227][ T3442] ? __kasan_check_write+0x14/0x20 [ 207.751173][ T3442] ? mutex_unlock+0xb2/0x260 [ 207.755604][ T3442] ? __ia32_sys_read+0x90/0x90 [ 207.760199][ T3442] ? debug_smp_processor_id+0x17/0x20 [ 207.765405][ T3442] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 207.771309][ T3442] __x64_sys_sendmmsg+0xa0/0xb0 [ 207.775997][ T3442] x64_sys_call+0x81d/0x9a0 [ 207.780335][ T3442] do_syscall_64+0x3b/0xb0 [ 207.784594][ T3442] ? clear_bhb_loop+0x55/0xb0 [ 207.789102][ T3442] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 207.794829][ T3442] RIP: 0033:0x7fb1f9779eb9 [ 207.799084][ T3442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.818523][ T3442] RSP: 002b:00007fb1fa4de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 207.826767][ T3442] RAX: ffffffffffffffda RBX: 00007fb1f9916058 RCX: 00007fb1f9779eb9 [ 207.834579][ T3442] RDX: 000000000000002d RSI: 0000000020007fc0 RDI: 0000000000000008 [ 207.842391][ T3442] RBP: 00007fb1fa4de090 R08: 0000000000000000 R09: 0000000000000000 [ 207.850203][ T3442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.858016][ T3442] R13: 0000000000000000 R14: 00007fb1f9916058 R15: 00007ffcfb9bab48 [ 207.865924][ T3442] [ 207.901451][ T3449] loop4: detected capacity change from 0 to 1024 [ 207.916272][ T3449] JBD2: no valid journal superblock found [ 207.929175][ T3449] EXT4-fs (loop4): error loading journal [ 208.019690][ T3436] loop0: detected capacity change from 0 to 40427 [ 208.027012][ T3436] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 208.034620][ T3436] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 208.043535][ T3436] F2FS-fs (loop0): invalid crc value [ 208.050138][ T3436] F2FS-fs (loop0): Found nat_bits in checkpoint [ 208.176580][ T1042] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 208.323422][ T3436] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 208.330453][ T3436] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 208.448336][ T3465] device vlan2 entered promiscuous mode [ 208.864960][ T3466] netlink: 172 bytes leftover after parsing attributes in process `syz.0.720'. [ 208.876312][ T1894] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 209.037077][ T1127] syz-executor: attempt to access beyond end of device [ 209.037077][ T1127] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.096222][ T3473] loop4: detected capacity change from 0 to 256 [ 209.105023][ T3473] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 209.117321][ T1042] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.134248][ T1042] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.145973][ T1042] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.158824][ T1894] usb 3-1: Using ep0 maxpacket: 16 [ 209.254457][ T1042] usb 4-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 209.299407][ T1042] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.308221][ T1042] usb 4-1: config 0 descriptor?? [ 209.308331][ T3480] FAULT_INJECTION: forcing a failure. [ 209.308331][ T3480] name failslab, interval 1, probability 0, space 0, times 0 [ 209.325570][ T3480] CPU: 0 PID: 3480 Comm: syz.0.730 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 209.334932][ T3480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 209.344826][ T3480] Call Trace: [ 209.347951][ T3480] [ 209.350726][ T3480] dump_stack_lvl+0x151/0x1b7 [ 209.355239][ T3480] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 209.360542][ T3480] dump_stack+0x15/0x1c [ 209.364528][ T3480] should_fail_ex+0x3d0/0x520 [ 209.369041][ T3480] ? __alloc_skb+0xcc/0x2d0 [ 209.373389][ T3480] __should_failslab+0xaf/0xf0 [ 209.377981][ T3480] should_failslab+0x9/0x20 [ 209.382318][ T3480] kmem_cache_alloc_node+0x3e/0x2d0 [ 209.387415][ T3480] __alloc_skb+0xcc/0x2d0 [ 209.391527][ T3480] tipc_msg_build+0x145/0x1190 [ 209.396123][ T3480] ? tipc_node_find+0x206/0x4c0 [ 209.400807][ T3480] ? tipc_msg_fragment+0x760/0x760 [ 209.405755][ T3480] ? kasan_set_track+0x60/0x70 [ 209.410353][ T3480] ? tipc_node_get_mtu+0x20f/0x2b0 [ 209.415298][ T3480] __tipc_sendmsg+0x1c7b/0x3240 [ 209.419985][ T3480] ? do_filp_open+0x230/0x480 [ 209.424505][ T3480] ? do_sys_openat2+0x151/0x890 [ 209.429189][ T3480] ? avc_has_perm_noaudit+0x2dd/0x430 [ 209.434393][ T3480] ? rht_lock+0x130/0x130 [ 209.438558][ T3480] ? avc_denied+0x1b0/0x1b0 [ 209.442904][ T3480] ? avc_has_perm+0x16f/0x260 [ 209.447500][ T3480] ? avc_has_perm_noaudit+0x430/0x430 [ 209.452707][ T3480] ? __kasan_check_write+0x14/0x20 [ 209.457656][ T3480] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 209.462512][ T3480] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 209.467549][ T3480] ? __local_bh_enable_ip+0x58/0x80 [ 209.472594][ T3480] ? lock_sock_nested+0x261/0x300 [ 209.477445][ T3480] ? sock_init_data+0xc0/0xc0 [ 209.481954][ T3480] ? wait_woken+0x100/0x100 [ 209.486297][ T3480] ? tipc_recvmsg+0x13b0/0x13b0 [ 209.490981][ T3480] tipc_sendmsg+0x55/0x70 [ 209.495149][ T3480] ____sys_sendmsg+0x5d3/0x9a0 [ 209.499749][ T3480] ? __sys_sendmsg_sock+0x40/0x40 [ 209.504611][ T3480] __sys_sendmmsg+0x3b9/0x6f0 [ 209.509123][ T3480] ? kasan_set_track+0x4b/0x70 [ 209.513729][ T3480] ? __ia32_sys_sendmsg+0x90/0x90 [ 209.518669][ T3480] ? __kasan_check_write+0x14/0x20 [ 209.523620][ T3480] ? __kasan_check_write+0x14/0x20 [ 209.528562][ T3480] ? proc_fail_nth_write+0x20b/0x290 [ 209.533694][ T3480] ? selinux_file_permission+0x2bb/0x560 [ 209.539152][ T3480] ? proc_fail_nth_read+0x210/0x210 [ 209.544185][ T3480] ? fsnotify_perm+0x6a/0x5d0 [ 209.548704][ T3480] ? vfs_write+0xbb3/0xeb0 [ 209.552953][ T3480] ? __kasan_slab_free+0x11/0x20 [ 209.557728][ T3480] ? __kasan_check_write+0x14/0x20 [ 209.562686][ T3480] ? mutex_unlock+0xb2/0x260 [ 209.567104][ T3480] ? __ia32_sys_read+0x90/0x90 [ 209.571700][ T3480] ? debug_smp_processor_id+0x17/0x20 [ 209.576907][ T3480] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 209.582811][ T3480] __x64_sys_sendmmsg+0xa0/0xb0 [ 209.587497][ T3480] x64_sys_call+0x81d/0x9a0 [ 209.591834][ T3480] do_syscall_64+0x3b/0xb0 [ 209.596088][ T3480] ? clear_bhb_loop+0x55/0xb0 [ 209.600776][ T3480] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 209.606502][ T3480] RIP: 0033:0x7ff9aff79eb9 [ 209.610757][ T3480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.630199][ T3480] RSP: 002b:00007ff9b0c8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 209.638443][ T3480] RAX: ffffffffffffffda RBX: 00007ff9b0116058 RCX: 00007ff9aff79eb9 [ 209.646253][ T3480] RDX: 00000000000004e8 RSI: 00000000200044c0 RDI: 0000000000000006 [ 209.654073][ T3480] RBP: 00007ff9b0c8a090 R08: 0000000000000000 R09: 0000000000000000 [ 209.661878][ T3480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 209.669689][ T3480] R13: 0000000000000000 R14: 00007ff9b0116058 R15: 00007ffd32d25088 [ 209.677507][ T3480] [ 209.857085][ T1894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.870135][ T1894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.884741][ T1894] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 209.919234][ T1894] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 209.955304][ T1894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.963786][ T1894] usb 3-1: config 0 descriptor?? [ 210.096344][ T3491] loop1: detected capacity change from 0 to 256 [ 210.105197][ T3491] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 210.898122][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 210.905327][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 210.914118][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 210.921492][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 210.929783][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 210.996327][ T3501] netlink: 24 bytes leftover after parsing attributes in process `syz.3.724'. [ 211.012222][ T1042] betop 0003:11C2:2208.003E: item fetching failed at offset 4/5 [ 211.027525][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 211.134192][ T1042] betop 0003:11C2:2208.003E: parse failed [ 211.140719][ T3506] FAULT_INJECTION: forcing a failure. [ 211.140719][ T3506] name failslab, interval 1, probability 0, space 0, times 0 [ 211.186092][ T3506] CPU: 0 PID: 3506 Comm: syz.0.736 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 211.195557][ T3506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 211.197334][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 211.205452][ T3506] Call Trace: [ 211.205463][ T3506] [ 211.212559][ T1042] betop: probe of 0003:11C2:2208.003E failed with error -22 [ 211.215604][ T3506] dump_stack_lvl+0x151/0x1b7 [ 211.219515][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 211.225511][ T3506] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 211.242335][ T3506] ? arch_stack_walk+0xf3/0x140 [ 211.247022][ T3506] dump_stack+0x15/0x1c [ 211.251015][ T3506] should_fail_ex+0x3d0/0x520 [ 211.255525][ T3506] ? genl_start+0x15e/0x480 [ 211.259867][ T3506] __should_failslab+0xaf/0xf0 [ 211.264465][ T3506] should_failslab+0x9/0x20 [ 211.268809][ T3506] __kmem_cache_alloc_node+0x3d/0x250 [ 211.274016][ T3506] ? genl_start+0x15e/0x480 [ 211.278366][ T3506] kmalloc_trace+0x2a/0xa0 [ 211.282610][ T3506] genl_start+0x15e/0x480 [ 211.286777][ T3506] __netlink_dump_start+0x4d9/0x820 [ 211.291816][ T3506] genl_rcv_msg+0x9ea/0xf70 [ 211.296249][ T3506] ? unwind_get_return_address+0x4d/0x90 [ 211.301709][ T3506] ? nl80211_wiphy_netns+0x210/0x210 [ 211.306831][ T3506] ? genl_bind+0x360/0x360 [ 211.311081][ T3506] ? stack_trace_save+0x113/0x1c0 [ 211.315942][ T3506] ? stack_trace_snprint+0xf0/0xf0 [ 211.320975][ T3506] ? genl_rcv_msg+0xf70/0xf70 [ 211.325489][ T3506] ? nl80211_wiphy_netns+0x210/0x210 [ 211.330608][ T3506] ? genl_lock_done+0xd0/0xd0 [ 211.335122][ T3506] ? kasan_set_track+0x4b/0x70 [ 211.339726][ T3506] ? down_read+0xeb7/0x1aa0 [ 211.344062][ T3506] ? kasan_set_track+0x4b/0x70 [ 211.348661][ T3506] ? __kasan_kmalloc+0x9c/0xb0 [ 211.353261][ T3506] ? __kmalloc_node_track_caller+0xb3/0x1e0 [ 211.358989][ T3506] ? nl80211_wiphy_netns+0x210/0x210 [ 211.364110][ T3506] ? __down_common+0x690/0x690 [ 211.368713][ T3506] netlink_rcv_skb+0x1cd/0x410 [ 211.373310][ T3506] ? genl_bind+0x360/0x360 [ 211.377565][ T3506] ? netlink_ack+0x12a0/0x12a0 [ 211.382179][ T3506] ? __netlink_lookup+0x37b/0x3a0 [ 211.387034][ T3506] genl_rcv+0x28/0x40 [ 211.390849][ T3506] netlink_unicast+0x906/0xab0 [ 211.395508][ T3506] ? netlink_detachskb+0x90/0x90 [ 211.400228][ T3506] ? security_netlink_send+0x7b/0xa0 [ 211.405338][ T3506] netlink_sendmsg+0xa15/0xd30 [ 211.409944][ T3506] ? netlink_getsockopt+0x540/0x540 [ 211.414976][ T3506] ? security_socket_sendmsg+0x82/0xb0 [ 211.420338][ T3506] ? netlink_getsockopt+0x540/0x540 [ 211.425321][ T3506] ____sys_sendmsg+0x5d3/0x9a0 [ 211.429903][ T3506] ? __sys_sendmsg_sock+0x40/0x40 [ 211.434774][ T3506] __sys_sendmsg+0x2a9/0x390 [ 211.439188][ T3506] ? ____sys_sendmsg+0x9a0/0x9a0 [ 211.443962][ T3506] ? __kasan_check_write+0x14/0x20 [ 211.448924][ T3506] ? mutex_unlock+0xb2/0x260 [ 211.453349][ T3506] ? __kasan_check_write+0x14/0x20 [ 211.458289][ T3506] ? __ia32_sys_read+0x90/0x90 [ 211.462880][ T3506] ? debug_smp_processor_id+0x17/0x20 [ 211.468088][ T3506] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 211.473999][ T3506] __x64_sys_sendmsg+0x7f/0x90 [ 211.478597][ T3506] x64_sys_call+0x16a/0x9a0 [ 211.482929][ T3506] do_syscall_64+0x3b/0xb0 [ 211.487200][ T3506] ? clear_bhb_loop+0x55/0xb0 [ 211.491700][ T3506] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 211.497425][ T3506] RIP: 0033:0x7ff9aff79eb9 [ 211.501677][ T3506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.521121][ T3506] RSP: 002b:00007ff9b0cab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.529364][ T3506] RAX: ffffffffffffffda RBX: 00007ff9b0115f80 RCX: 00007ff9aff79eb9 [ 211.537176][ T3506] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006 [ 211.544986][ T3506] RBP: 00007ff9b0cab090 R08: 0000000000000000 R09: 0000000000000000 [ 211.552800][ T3506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.560610][ T3506] R13: 0000000000000000 R14: 00007ff9b0115f80 R15: 00007ffd32d25088 [ 211.568430][ T3506] [ 211.593569][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 211.624309][ T1894] microsoft 0003:045E:07DA.003D: unknown main item tag 0x0 [ 211.916496][ T28] audit: type=1400 audit(2000000025.970:834): avc: denied { create } for pid=3503 comm="syz.4.737" name="#f" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 211.944795][ T1894] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.003D/input/input7 [ 211.956138][ T28] audit: type=1400 audit(2000000025.980:835): avc: denied { link } for pid=3503 comm="syz.4.737" name="#f" dev="tmpfs" ino=812 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 211.996231][ T28] audit: type=1400 audit(2000000025.980:836): avc: denied { rename } for pid=3503 comm="syz.4.737" name="#10" dev="tmpfs" ino=812 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 212.029139][ T3512] loop4: detected capacity change from 0 to 512 [ 212.047735][ T1894] microsoft 0003:045E:07DA.003D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 212.066615][ T3512] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 212.111696][ T3512] EXT4-fs (loop4): 1 truncate cleaned up [ 212.125476][ T3512] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 212.126654][ T1894] usb 3-1: USB disconnect, device number 30 [ 212.133817][ T28] audit: type=1400 audit(2000000026.270:837): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1112 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 212.419982][ T28] audit: type=1400 audit(2000000026.530:838): avc: denied { unlink } for pid=3511 comm="syz.4.739" name="#11" dev="loop4" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 212.636042][ T3508] loop1: detected capacity change from 0 to 40427 [ 212.676671][ T3508] ================================================================================ [ 212.694148][ T3508] UBSAN: shift-out-of-bounds in fs/f2fs/super.c:911:5 [ 212.714947][ T3508] shift exponent 83 is too large for 64-bit type 'unsigned long' [ 212.733493][ T3508] CPU: 0 PID: 3508 Comm: syz.1.738 Not tainted 6.1.93-syzkaller-00068-gb5e374dda921 #0 [ 212.742960][ T3508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 212.748727][ T1894] usb 4-1: USB disconnect, device number 21 [ 212.752849][ T3508] Call Trace: [ 212.752860][ T3508] [ 212.764485][ T3508] dump_stack_lvl+0x151/0x1b7 [ 212.768999][ T3508] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 212.774294][ T3508] dump_stack+0x15/0x1c [ 212.778295][ T3508] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 212.784540][ T3508] parse_options+0x4b90/0x4ba0 [ 212.786898][ T3516] loop0: detected capacity change from 0 to 40427 [ 212.789128][ T3508] ? mount_bdev+0x282/0x3b0 [ 212.799721][ T3508] ? f2fs_mount+0x34/0x40 [ 212.801528][ T3516] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 212.803891][ T3508] ? default_options+0xc80/0xc80 [ 212.811426][ T3516] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 212.816125][ T3508] ? kstrdup+0x54/0x70 [ 212.824896][ T3516] F2FS-fs (loop0): invalid crc value [ 212.828022][ T3508] ? memcpy+0x56/0x70 [ 212.828044][ T3508] f2fs_fill_super+0x23bc/0x6dc0 [ 212.828082][ T3508] ? kill_f2fs_super+0x3c0/0x3c0 [ 212.828104][ T3508] ? set_blocksize+0x1cb/0x360 [ 212.828124][ T3508] ? sb_set_blocksize+0xa8/0xf0 [ 212.828145][ T3508] mount_bdev+0x282/0x3b0 [ 212.828162][ T3508] ? kill_f2fs_super+0x3c0/0x3c0 [ 212.828183][ T3508] f2fs_mount+0x34/0x40 [ 212.828203][ T3508] legacy_get_tree+0xf1/0x190 [ 212.834554][ T3516] F2FS-fs (loop0): Found nat_bits in checkpoint [ 212.837091][ T3508] ? trace_raw_output_f2fs__rw_end+0x110/0x110 [ 212.871797][ T3516] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 212.873371][ T3508] vfs_get_tree+0x88/0x290 [ 212.879607][ T3516] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 212.885442][ T3508] do_new_mount+0x2ba/0xb30 [ 212.908182][ T3508] ? do_move_mount_old+0x160/0x160 [ 212.913123][ T3508] ? security_capable+0x87/0xb0 [ 212.917809][ T3508] ? ns_capable+0x89/0xe0 [ 212.921974][ T3508] path_mount+0x671/0x1070 [ 212.926230][ T3508] ? user_path_at_empty+0x14e/0x1a0 [ 212.931264][ T3508] __se_sys_mount+0x2c4/0x3b0 [ 212.935774][ T3508] ? __x64_sys_mount+0xd0/0xd0 [ 212.940378][ T3508] ? fpregs_restore_userregs+0x130/0x290 [ 212.945842][ T3508] __x64_sys_mount+0xbf/0xd0 [ 212.950269][ T3508] x64_sys_call+0x49d/0x9a0 [ 212.954609][ T3508] do_syscall_64+0x3b/0xb0 [ 212.958860][ T3508] ? clear_bhb_loop+0x55/0xb0 [ 212.963374][ T3508] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 212.969103][ T3508] RIP: 0033:0x7fb1f977b65a [ 212.973442][ T3508] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.992892][ T3508] RSP: 002b:00007fb1fa4fee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 213.001136][ T3508] RAX: ffffffffffffffda RBX: 00007fb1fa4feef0 RCX: 00007fb1f977b65a [ 213.008942][ T3508] RDX: 0000000020000180 RSI: 0000000020000040 RDI: 00007fb1fa4feeb0 [ 213.016752][ T3508] RBP: 0000000020000180 R08: 00007fb1fa4feef0 R09: 0000000000000008 [ 213.024566][ T3508] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000020000040 [ 213.032374][ T3508] R13: 00007fb1fa4feeb0 R14: 0000000000005505 R15: 0000000020000540 [ 213.040194][ T3508] [ 213.051557][ T3508] ================================================================================ [ 213.060703][ T3508] F2FS-fs (loop1): Not support 524288, larger than 256 [ 213.378256][ T3534] netlink: 172 bytes leftover after parsing attributes in process `syz.0.741'. [ 213.601338][ T1127] syz-executor: attempt to access beyond end of device [ 213.601338][ T1127] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 213.619708][ T297] EXT4-fs (loop4): unmounting filesystem. [ 214.197536][ T8] device bridge_slave_1 left promiscuous mode [ 214.203489][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.210838][ T8] device bridge_slave_0 left promiscuous mode [ 214.216869][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.224777][ T8] device dummy0 left promiscuous mode [ 214.230010][ T8] device veth1_macvtap left promiscuous mode [ 214.235814][ T8] device veth0_vlan left promiscuous mode