last executing test programs:

9.736089952s ago: executing program 0 (id=5193):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x5, {0x5, 0x2, "c3caa3"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

8.312079362s ago: executing program 3 (id=5204):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

8.235850299s ago: executing program 1 (id=5206):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x5, {0x5, 0x2, "c3caa3"}}, 0x0, 0x0, 0x0, &(0x7f0000000780)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x0, 0xf7, 0xfb, 0xfe, 0x5, 0x2}}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)='%-010d \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

7.944718905s ago: executing program 3 (id=5208):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00edff00"/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xb, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@allow_utime}, {@gid}, {@errors_continue}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {}, {@gid}, {@discard}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@errors_continue}]}, 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
getdents64(r8, &(0x7f00000029c0)=""/250, 0xfa)

6.863851834s ago: executing program 3 (id=5212):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfc5, 0xb080, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x10, &(0x7f0000000140)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0x2d, 0x30, 0x34, 0x32, 0x2f, 0x30, 0x3a, 0x2d]}}}}], [{@dont_hash}, {@smackfsdef={'smackfsdef', 0x3d, '{'}}, {@hash}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10)
syz_usb_control_io(r1, &(0x7f0000000740)={0x2c, &(0x7f0000000580)={0x0, 0x0, 0x4, {0x4, 0x0, "54e4"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mount$binder(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1012022, &(0x7f0000000bc0)=ANY=[@ANYBLOB='max=00000000000000000000,max=00000000000000000000,fscontext=', @ANYBLOB="ea78"])

6.627248986s ago: executing program 0 (id=5213):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00edff00"/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xb, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@allow_utime}, {@gid}, {@errors_continue}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {}, {@gid}, {@discard}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@errors_continue}]}, 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f00000029c0)=""/250, 0xfa)

5.599298419s ago: executing program 0 (id=5215):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00'}, 0x10)
r0 = openat(0xffffffffffffffff, 0x0, 0x301240, 0x1a6)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffd, 0x2}}]}}, @TCA_STAB={0x4}]}, 0x4c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000e6169b8f02c8be"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0f000000000000000410000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000004000"/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

5.082459186s ago: executing program 1 (id=5227):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x5, {0x5, 0x2, "c3caa3"}}, 0x0, 0x0, 0x0, &(0x7f0000000780)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x0, 0xf7, 0xfb, 0xfe, 0x5, 0x2}}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)='%-010d \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

4.698698631s ago: executing program 4 (id=5218):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

4.665889154s ago: executing program 0 (id=5219):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
unshare(0x8000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r6, &(0x7f0000001140)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x514b, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xc991, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xdad, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_CREATE(r6, 0x5501)
r7 = syz_open_dev$evdev(&(0x7f0000000700), 0x3, 0x0)
ioctl$EVIOCGRAB(r7, 0x40044590, &(0x7f0000000040))
close_range(r5, 0xffffffffffffffff, 0x0)

4.211984896s ago: executing program 3 (id=5220):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000000010"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, 0x0, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

4.189056118s ago: executing program 4 (id=5221):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

4.17015247s ago: executing program 2 (id=5222):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00edff00"/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xb, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@allow_utime}, {@gid}, {@errors_continue}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {}, {@gid}, {@discard}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@errors_continue}]}, 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
getdents64(r8, &(0x7f00000029c0)=""/250, 0xfa)

4.044378041s ago: executing program 3 (id=5223):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x5, {0x5, 0x2, "c3caa3"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

3.722168541s ago: executing program 0 (id=5224):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
unshare(0x8000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r6, &(0x7f0000001140)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x514b, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xc991, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xdad, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_CREATE(r6, 0x5501)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000040))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TIOCSBRK(r4, 0x5427)

3.596308522s ago: executing program 4 (id=5225):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
unshare(0x8000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r6, &(0x7f0000001140)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x514b, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xc991, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xdad, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_CREATE(r6, 0x5501)
r7 = syz_open_dev$evdev(&(0x7f0000000700), 0x3, 0x0)
ioctl$EVIOCGRAB(r7, 0x40044590, &(0x7f0000000040))
close_range(r5, 0xffffffffffffffff, 0x0)

3.264544932s ago: executing program 2 (id=5226):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00edff00"/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xb, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@allow_utime}, {@gid}, {@errors_continue}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {}, {@gid}, {@discard}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@errors_continue}]}, 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
getdents64(r7, &(0x7f00000029c0)=""/250, 0xfa)

2.805327734s ago: executing program 0 (id=5228):
r0 = socket$inet6(0xa, 0x4, 0x4)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000080)={'erspan0\x00', <r1=>0x0, 0x10, 0x20, 0x4, 0xffff180c, {{0x8, 0x4, 0x3, 0x4, 0x20, 0x64, 0x0, 0x5, 0x4, 0x0, @multicast1, @multicast2, {[@generic={0x7, 0xc, "e281d4c3519736e5317f"}]}}}}})
ptrace$ARCH_SHSTK_STATUS(0x1e, 0xffffffffffffffff, &(0x7f0000000300), 0x5005)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4080000400000006110540000000000a6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$inet6(0xa, 0x3, 0x6)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r2, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={@local, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @mcast2, 0x101, 0x5, 0x5, 0x400, 0x243, 0x200000, r1})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009980708b5192100c7980000000109021b00012000ac00090400000107000009090585cf"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1900000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010001000000004000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)

2.711509553s ago: executing program 4 (id=5229):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000000c0)={'ip6gre0\x00', 0x6})
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000006b80)="$eJzs3E1rY9UfB/CTPs7Tf/5FXLibC4PQwiQ0fRh0V3UGH7BD8WHhStMkDZlJckuTprUrFy7Fhe9EFFy59DW4cO1OXCjuhJHccypTH0Bp2tjp5wO333tPTn73nEtpOfeGBODSWsh++akUboarIYTpEMKNEIr9UtoKGzGeCyHcCiFMPbGVUvvvDXMhhGshhJuj4rFmKb302Z3h7fUf3/j562/nZ65//tV3k5s1MGnPhxC6u3H/oBszb8V8mNprw3aR3bVhyvhC91E6zmMeNLeLCge14361IldbsX++u98f5U6nVh9lq71TtO/24gn7w9ZxneIND2t7xXGjuV1ku58X2TqK4zo8in/bjvqDWKeR6n1YlA+DwXHG9uZhM85n91GR9d4gtce6eaN5OMphynS6UM87jWIc26e50v9tb7Z7+4fZsLnXb+e9bL1SfaFSvVuu7uWN5qC5Vq51G3fXssVWZ9StPGjWuhutPG91mpV63l3KFlv1erlazRbvNbfbtV5WrVZWK8vl9aW0dyd79cG7WaeRLY7y5XZvf9Du9LOdfC+L71jKViqrLy5lt6vZ25tb2dZb9+9vbr3z/r33Hry0+forqdOfhpUtriyvrJSry+WV6tLFnf/of/2/mv/HadBjnD+cSmnSAwC4eKz/gUm46Ov/YP0/Ftb/l3b+j5PTXUAuN+t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBL6/vZL14rdhbi8fXU/r/U9Ew6LoUQpkIIj//CdJg7UXM61Zn9m/6zfxjDN6VQVBidYz5t10IIG2n79f9nfRUAAADg6fXlR7c+jav1+GNh0gPiPMWbNlM3PhhTvVIIYXbhhzFUCelmU3j29KOKRr/fM+FwTNWKG1hXxlQs3nKbGVe1f2T6RFx5Ikoxpo57zp3ruAAAgLN0ciVwvqsQAAAAztMnkx4Ak1E8aU2fxU+P+eZjpAeCV08cAQAAABdQadIDAAAAAM5csf73/X8AAADwdIvf/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAbO3eTkzoUBQD4tND3eD9GYpy7FWewDJfg0KFhKywBt+AGWAPOXIIBQ3tRMRhM+hfJ9yXt5TbN4ZTQwTm3KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG16KhbTh/urUd046009zVwNAAAAcMiqWEzLD+Nq/i8dP0uHLtI8i4g8Ig7V7oP4tRdzkOIUX5xffMrhMaKMsP2O32n7GxHXaXs5b/tXAAAAgNO1nM0nVbVe7cZ9J0SXqqZN/v+moXhZRBTj54ai5dvd5bdO3RzvD23/38O4q59WqWxg1X5kZqdsuQ2binbcIN3ub8Pow5BVQ95dOgAAQFf2K4EOqxAAAAA6dtt3AvQji91S5m4tuHzy/n1B8M/eDAAAAPiBsr4TAAAAAFpX1v/e/wcAAACnrXr/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1aFYvpcjaf1I2z3tTTzNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvLI/7ygMw2AQBjeJ8uqELuD739Is2K1bNzMg+Pi3EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAlcfx8jzj1ZjJNnqdSd49rySfTo1vp8avc+OfZKy7fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwsz8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfNHvfvk/MTXOJHOnjaXjkWTtqrF11dh70Dh6MN7+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAv2efr7SACAFlCEJUYoCFptfS0pUBFDHwJyBF6bUErvxoM9CqQsrChjJ3QTAihAQKW/+Hzq3UpWwdMhSJiQFkn528HpU4WtW+Np+P9Py+thy/73OiKF8/5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo7L67H+flZmESZ/Wxm/eurpf9ram+dH379nLZyrjXZtJPhlfTnd5Sd4kAAABwcORNfR8xiGJntQyyhar+L5pzypr/++cncVPPT9f9Td/U/mX77de7L+8NtDAZp7zouY3x6Pi/U+k/xmnOtRf+84x+deerZy959Q3JPth6abeo7mfv2xs33htU4aE2sgUAHsaxpq+D5u+hsh92mRgAB0Y/Kbzv1PV/vtBtTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGGzFs03ci4jl/n5cunXv6nrVT+1f37693LTT165tp9csL1FExLmN8eh4WxN5Aly6fOXTtfF4dLH94LWI6G70OvhohnMiusxQ8KhBVv+sz/ZVRyOi+5y7Dzr+xQQAwFOnqFtZ198pdlbLY73FiL9/uL/+fyOJI63/p/q0/r/78emb6Vhp/T9sbYbzb2Xzwhcrly5feWvjwtr50fnRZ2+fGL4zPHnm1KkzK9WzkhVPTAAAAHg0g7ql9X+2GLE7tf5/JIljxvr/y++GX6dj5er/B9pf9Os6EwAAgIPtxaN//tF7wPHeYBBfrW1uXhxOtnv7JybbDlL93w7VLa3/88WuswIAAADasLvVu2/9/2wSx4zr/8/9+MrP6TXziDhcr/8fW/98fLa96XTkr5nOauPfiR/7VAEAAJhrh+uWrv8X1fv/2d4rD1lEvPn6JK4/BnCm+j9//5uf0rHS9/9PtjfFuZQtTe5H1S9F9Je6zggAAICn2TN1K4v934ud1U9+OfLhwPv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG37JwAA//9VakSc")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{0x0}], 0x1, 0x7fff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@ipv6_deladdrlabel={0x38, 0x49, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x6}, [@IFAL_ADDRESS={0x14, 0x1, @private2}, @IFAL_LABEL={0x8, 0x2, 0x4}]}, 0x38}}, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00'}, 0x10)
r7 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r7, &(0x7f0000000000)=""/149, 0x95)
lseek(r7, 0x7ff, 0x1)
getdents64(r7, 0x0, 0x10)

2.315111269s ago: executing program 2 (id=5230):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00'}, 0x10)
r0 = openat(0xffffffffffffffff, 0x0, 0x301240, 0x1a6)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xfffffffd, 0x2}}]}}, @TCA_STAB={0x4}]}, 0x4c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000e6169b8f02c8be"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0f000000000000000410000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000004000"/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

1.792769017s ago: executing program 4 (id=5231):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
unshare(0x8000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r5, &(0x7f0000001140)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x514b, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xc991, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xdad, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
r6 = syz_open_dev$evdev(&(0x7f0000000700), 0x3, 0x0)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000040))
close_range(r4, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.779901328s ago: executing program 1 (id=5232):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) (fail_nth: 1)

1.463895726s ago: executing program 1 (id=5233):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

1.217148419s ago: executing program 2 (id=5234):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000000010"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, 0x0, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

636.919732ms ago: executing program 3 (id=5235):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @hyper}, 0x10, 0x80400)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000280)={"641f2ad929e0928f7fa578538a965317", 0x0, 0x0, {0x8, 0x868e}, {0xffffffffffffffff, 0x7f}, 0xffff, [0x8, 0xb2, 0xd1e4, 0xf3cf, 0x7fffffff, 0x7ff, 0x3, 0x2, 0xf, 0x8000000000000001, 0x9190, 0x7, 0xe05b, 0x5, 0x6, 0x401]})
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
lseek(r1, 0x0, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6ea1893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb951368a970c58fb4f3"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
pselect6(0x40, &(0x7f0000000380), &(0x7f00000003c0)={0x34}, 0x0, 0x0, 0x0)

636.007422ms ago: executing program 1 (id=5245):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

635.508542ms ago: executing program 2 (id=5236):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)

423.057171ms ago: executing program 4 (id=5237):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200000000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00edff00"/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xb, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@allow_utime}, {@gid}, {@errors_continue}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {}, {@gid}, {@discard}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@errors_continue}]}, 0x1, 0x152d, &(0x7f0000001f80)="$eJzs3AuYTtUaOPD3XWvtMSS+JrkMa6138yWXZZIklyS5JEklSXJLSJrkSEJiCEkakpBchiSGkFwmJo37/X5JSJImSXLLLVn/Z8Lf6dT5dy79j/OceX/Psx/rtfZa+93f+13W3jPzfddlSK3Gtas3JCL4t+CFf5IAIBYABgBAXgAIAKB8XPm4rP6cEpP+vYOwP9dDqVc6A3Ylcf2zN65/9sb1z964/tkb1z974/pnb1z/7I3rz1h2tnFqoWt4y74b3//Pzvjz/39IZpkxX60uc11XgJh/dAjXP3vj+v/PCv6Rnbj+2RvXP7uKvdIJsP8C/PrPDnL83R6uf/bG9WcsO7vS95+v9AaR/7LH4HDOC4X5T50/Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDH2H3DaX6YA4FL7SufFGGOMMcYYY4yxP4/PcaUzYIwxxhhjjDHG2P9/CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgP7ocHoAE8CA3hIWgED0NjeASawKPQFJpBc2gBLf+l8S9AD3gRekIvSILe0Adegr7QD/rDyzAAXoGB8CoMgtcgGQbDEHgdhsIbMAzehOEwAkbCWzAK3obRMAbGwjhIgfEwAd6BifAuTIL3YDJMgVSYCtPgfZgOM2AmfACz4EOYDXNgLsyDNPgI5sMCSIePYSF8AhmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDt8CjvgM9gJu2A3fA574It/cvypvxnfFQEBBQpUqDAGYzAWYzEX5sLcmBvzYB6MYATjMA7zYT7Mj/mxIBbEeIzHIlgEDRokJCyKRTGKUSyOxbEElsBSWAodOkzABCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2rY3WsgTWwFtbCu/Au7I11sS7Ww3pYH+tfuj2FDbEhNsJG2BgbYxNsgk2xKTbH5tgSW2IrbIWtsTW2xbbYDtthe2yPiZiIHbADdsSO2Ak7YWfsjF2wC3bFbtgt84UcgC/ii9gLa4je2Af7YF9MztEfX8aX8RUciK/iq/gaJuNgHIKv4+v4Bg7DkzgcR+BIHIlVxds4GscgiXGYgik4ASfgRJyIWYm+h1MwFafiNJyG03EGzsAPcBZ+iB/iHJyD8zAN03A+LsB0TMeFeAozcBEuxiW4FJfhUlyBK3EFrsY1uBrX4TrcgBtwE27CLbgFt+E2/BQVAH6Gu3AXJuMe3IN7cS/uw324H/djJmbiATyAB/EgHsJDeBgP4xE8isfwKJ7AE3gST+FpPI1n8Syew+fiv2n0aclVySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBP5RD6RX+QXBUVBES/iRRFRRBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxS2igrhVVBSVRBtXRVQRVUVbV03cIaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+uF88IBqI3tgfHxJZlWksBmMTMQSbimZCXnwHayWGYWvRRrQVT4gROBzbi1YuUTwtOojR2FH8RYzBZ0VnMQ67iOdFV9FNdBcviB6itespeolJ2Fv0EVOwr+gn+ouXxXSsKT7AWTlriddEshgshojXxTx8QwwTb4rhYoQYKd4So8TbYrQYI8aKcSJFjBcTxDtionhXTBLvicliikgVU8U08b6YLmaImeIDMUt8KGaLOWKumCfSxEdivlgg0sXHYqH4RGSIRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is4iFrWKb2C4+FTvEZ2Kn2CV2i8/FHvGF2Cu+FPvEV2K/+Fpkim/EAfGtOCi+E4fE9+Kw+EEcEUfFMXFcnBA/ipPilDgtzoiz4idxTvwszgsvQKIUUkolAxkjc8hYmVPmklfJ3DK4+OheI+PktTKfvE7mlwVkQVlIxsvCsojU0kgrSYayqCwmo/J6WVzeIEvIkrKULC2dLCMT5I2yrLxJlpM3y/LyFllB3iorykqysqwib5NV5e0SIheOUUPWlLVkbXmXTIK7ZV15j6wn75X15X3yfvmAbCAflA3lQ7KRfFg2lo/IJvJR2VQ2k81lC9lSPiZbycdla9lGtpVPyHbySdlePiUT5dOyg/QXnyLPys7yOdlFPi+7ym6yu/xZnpde9pS9JPQG2Ue+JPvKfrJ/LADIV+RA+aocJF+TyXKwHCJfl0PlG3KYfFMOlyPkSPmWHCXflqPlGDlWjpMpcrycIN+RE+W7cpJ8T06WU2SqnCr7ywG/zDRTyj8c/87vjB/0y9E3yI1yk9wst8itcpvcLj+VO+QOuVPulLvlbrlH7pF75V65T+6T++V+mSkz5QF5QB6UB+UheUgeloflEXlUnpHH5Qn5ozwpT8lT8ow8K8/KcxcfA1CohJJKqUDFqBwqVuVUudRVKre6WuVReVVEXaPi1LUqn7pO5VcFVEFVSMWrwqqI0sooq0iFqqgqpqLqerz4hFGlVGnlVBmVoG78Z8ar4uoGVUKV/NX4S/kl/Z38WqqWqpVqpVqr1qqtaqvaqXaqvWqvElWi6qA6qI6qo+qkOqnOqrPqorqorqqr6q66qx6qh+qpeqoklaT6qJdUX9VP9VcvqwHqFTVQDVSD1CCVrJLVEDVEDVVD1TA1TA1Xw9VINVKNUqPUaDVajVVjVYpKURPUBDVRTVST1CQ1WU1WqSpVTVPT1HQ1Xc1UM9UsNUvNVrPVXDVXpak0NV/NV+kqXS1UC1WGWqQWqSVqiVqmlqkVaoVapVapNWqNWqfWqQy1UW1Um9VmtVVtVdvVdrVD7VA7xU61W+1We9QetVftVfvUPrVf7VeZKlMdUAfUQXVQHVKH1GF1WB1RR9QxdUydUCfUSXVSnVan1Vl1Vp1T59R5dT5r2ReIQAQqUEFMEBPEBrFBriBXkDvIHeQJ8gSRIBLEBXFBvuC6IH9QICgYFArig8JBkUAHJrCBuFj0aHB9UDy4ISgRlAxKBaUDF5QJEoIbg7LBTUG54OagfHBLUCG4NagYVAoqB1WC24Kqwe1BteCOoHpwZ1AjqBnUCmoHdwV1gruDusE9Qb3g3qB+cF9wf/BA0CB4MGgYPBQ0Ch4OGgePBE2CR4OmQbOgedAiaPmnzu/9yQKPu566l07SvXUf/ZLuq/vp/vplPUC/ogfqV/Ug/ZpO1oP1EP26Hqrf0MP0m3q4HqFH6rf0KP22Hq3H6LF6nE7R4/UE/Y6eqN/Vk/R7erKeolP1VD1Nv6+n6xl6pv5Az9If6tl6jp6r5+k0/ZGerxfodP2xXqg/0Rl6kV6sl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q4/1Tv0Z3qn3qV368/1Hv2F3qu/1Pv0V3q//lpn6m/0Af2tPqi/04f09/qw/kEf0Uf1MX1cn9A/6pP6lD6tz+iz+id9Tv+sz2uftbjP+ng3yigTY2JMrIk1uUwuk9vkNnlMHhMxERNn4kw+k8/kN/lNQVPQxJt4U8QUMVnIkClqipqoiZriprgpYUqYUqaUccaZBJNgypqyppwpZ8qb8qaCqWAqmoqmsqlsbjO3mdvN7eYOc4e509xpapqaprapbeqYOqauqWvqmXqmvqlv7jf3mwamgWloGppGppFpbBqbJqaJaWqamuamuWlpWppWppVpbVqbtqataWfamfamvUk0iaaD6WA6mo6mk+lkOpvOpovpYrqarqa76W56mB6mp+lpkkyS6WP6mL6mr+lv+psBZoAZaAaaQWaQSTbJZogZYoaaoWaYGWaGmxFmZNZC1bxtRpsxZqwZZ1JMiplgJpiJZqKZZCaZyWaySTWpZpqZZqab6WammWlmmVlmtplt5pq5Js2kmflmvkk36WahWWgyTIZZbBabpWapWW6Wm5VmpVltVpu1sNasN+vNRrPRbDabzVaz1Ww3280Os8PsNDvNbrPb7DF7zF6z1+wz+8x+s99kmkxzwBwwB81Bc8gcMofNYXPEHDHHzDFzwpwwJ81Jc9qcNmdNgYufl97E2pw2l73K5rZX2zw2r/3buKAtZONtYVvEapvfFvhVbKy1JWxJW8qWts6WsQn2xt/EFW0lW9lWsbfZqvZ2W+03cR17t61r77H17L22tr3rV3F9e5/NWp00QASwzWwj28I2to/YJvZR29Q2s81tC9vOPmnb26dson3adrDP/CaebxfYlXaVXW3X2J12lz1tz9iD9jt71v5ke9pedoB9xQ60r9pB9jWbbAf/Jh5p37Kj7Nt2tB1jx9pxv4kn2yk21U610+z7drqd8Zs4zX5kZ9l0O9vOsXPtvF/irJzS7cd2of3EZtgAFtsldqldZpfbFZdy9XntOrvebrA77Gd2s91it9ptdvulhbDdZXfbz+0e+4U9YL+1++xXdr89ZDPtN7/EWed3yH5vD9sf7BF71B6zx+0J+6O6NDrr3I/bn+156y0QEpAkRQHFUA6KpZyUi66i3HQ15aG8FKFrKI6upXx0HeWnAlSQClE8FaYipMmQJaKQilIxitL1dCm9UlSaHJWhBLqRytJNVI5upvJ0C1WgW6kiVaLKVIVuo6p0O1WjO6g63Uk1qCbVotp0F9Whu6ku3UP16F6qT/fR/fQANaAHqSE9RI3oYWpMj1ATepSaUjNqTi2oJT1Grehxak1tqC09Qe3oSWpPT1EiPU0d6BnqSH+hTvQsdabnqAs9T12pG3WnF6gHvUg9qRclUW/qQy9RX+pH/ellGkCv0EB6lQbRa5RMg2kIvU5D6Q0aRm/ScBpBI+ktGkVv02gaQ2NpHKXQeJpA79BEepcm0Xs0maZQKk2lafQ+TacZNJM+oFn0Ic2mOTSX5lEafUTzaQGl08e0kD6hDFpEi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6lHfQZ7aRdtJs+pz30BSF9SfvoK9pPX1MmfUMH6Fs6SN/RIfre96If6AgdpWN0nE7Qj3SSTtFpOkNn6Sc6Rz/TefIEIYYilKEKgzAmzBHGhjnDXOFVYe7w6jBPmDeMhNeEceG1Yb7wujB/WCAsGBYK48PCYZFQhya0IYVhWDQsFkbD68Pi4Q1hibBkWCosHbqwTJgQ3hiWDW8Ky4U3h+XDW8IK4a1hxbBS+Mi9VcLbwqrh7WG18I6wenhnWCOsGdYKa4d3hXXCu8O64T1hvfDesFx4X3h/+EDYIHwwbBg+FDYKHw4bh4+ETcJHw6Zhs7B52CJsGT4WtgofD1uHbcK24RNhu/DJsH34VJgYPh12CJ/5pf++BX+/PynsHfYJXwpfCr2/R86NzoumRT+Kzo8uiKZHP44ujH4SzYguii6OLokujS6LLo+uiK6Mroqujq6Jro2ui66Pboh6XzsHOHTCSadc4GJcDhfrcrpc7iqX213t8ri8LuKucXHuWpfPXefyuwKuoCvk4l1hV8RpZ5x15EJX1BVzUXe9K+5ucCVcSVfKlXbOlXEJroVr6Vq6Vu5x19q1cW3dE+4J96R70j3lnnJPuw7uGdfR/cV1cs+6zu4595x73nV13Vx394Lr4cbnufCaTHJ9XB/X1/V1/V1/N8ANcAPdQDfIDXLJLtkNcUPcUDfUDXPD3HA33I10I90oN8qNdqPdWDfWpbgUN8FNcBPdRDfJTXKT3WSX6lLdNDfNTXfTXdUZF44y2812c91cl+bS3HyXtWZMdwvdQpfhMtxit9gtdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9xOn/fCpG6P2+v2un1un9vvvnaZ7ht3wH3rDrrv3CH3vTvsfnBH3FF3zB13J9yP7qQ75U67M+6s+8mdcz+78867lMj4yITIO5GJkXcjkyLvRSZHpkRSI1Mj0yLvR6ZHZkRmRj6IzIp8GJkdmROZG5kXSYt8FJkfWRBJj3wcWRj5JJIRWRRZHFkSWRpZFvG+8ObQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+qa+mW/uW/iW/jHfyj/uW/s2vq1/wrfzT/r2/imf6J/2HfwzvqP/i+/kn/Wd/XO+i3/ed/XdfHf/gu/hX/Q9fS+f5Hv7Pv4l39f38/39y36Af8UP9K/6Qf41n+wH+yH+dT/Uv+GH+Tf9cD/Cj4x5y4+6dIkM43yKH+8n+Hf8RP+un+Tf85P9FJ/qp/pp/n0/3c/wM/0Hfpb/0M/2c/xcP8+n+Y/8fL/Ap/uP/UL/ic/wiy7dVPbL/Qq/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/2nfof/zO/0u/xu/7nf47/we/2Xfp//yu/3X/tM/40/4L/1B/13/pD/3h/2P/gj/qg/5o/7E/5Hf9Kf8qf9GX/W/+TP+Z/9ef6bNcYYY4yxf8j4y03x654Lt/N7/84Y8Vc79wGAq7cUyvzr/qwV5dr8F9r9RHy7CAA83avLQ5e2GjWSkpIu7pshISg2B+DST4KyxMDleBG0hSchEdpA2d/Nv5/odpb+YP7oLQC5/mpMLFyOL8//JQAm/c78jz0xcn6F8HTc/2P+OQAlil0ekxMux4ug7S/3V9pAub+Tf4FWf5B/zq9SAFr/1ZjccDm+nH8CPA7PQOKv9mSMMcYYY4wxxi7oJyp3unT9eek3Pn/v+jxeXR6TAy7Hf3R9zhhjjDHGGGOMsSvv2W7dn3osMbFNp3++Ue2P91H/2sy/NJrAv5oYN/6lhvcA/7dwAPBvTgiQ1ZD/ybPY9B85VvLFl87fdi094wP47yjln9G4wm9MjDHGGGOMsT/d5UX/r/9fXamEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxbOjf/Y43+Ae+pe9KnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2pf2fAAAA//+Bqfni")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
getdents64(r8, &(0x7f00000029c0)=""/250, 0xfa)

300.497032ms ago: executing program 2 (id=5238):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
unshare(0x8000000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r5, &(0x7f0000001140)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x514b, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xc991, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xdad, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000040))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TIOCSBRK(r4, 0x5427)

0s ago: executing program 1 (id=5239):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000002040)={0x8, 0x0, &(0x7f0000002540)=[@acquire], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x1001})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000080)=0x1)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000240)=[@acquire, @increfs={0x400c6313}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

112.489777][T20156]  ? clear_bhb_loop+0x35/0x90
[ 1112.494293][T20156]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1112.500021][T20156] RIP: 0033:0x7fe35f836ff9
[ 1112.504275][T20156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1112.523714][T20156] RSP: 002b:00007fe35e4b0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1112.531956][T20156] RAX: ffffffffffffffda RBX: 00007fe35f9eef80 RCX: 00007fe35f836ff9
[ 1112.539772][T20156] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000000
[ 1112.547579][T20156] RBP: 00007fe35e4b0090 R08: 0000000020000b40 R09: 0000000000000000
[ 1112.555391][T20156] R10: 0000000001160422 R11: 0000000000000246 R12: 0000000000000001
[ 1112.563204][T20156] R13: 0000000000000000 R14: 00007fe35f9eef80 R15: 00007fffa199fa88
[ 1112.571020][T20156]  </TASK>
[ 1113.451108][T20161] input: syz0 as /devices/virtual/input/input202
[ 1113.752002][ T4405] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1113.798507][ T4405] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.827212][ T4405] usb 5-1: Product: syz
[ 1113.831299][ T4405] usb 5-1: Manufacturer: syz
[ 1113.842815][ T4405] usb 5-1: SerialNumber: syz
[ 1113.919890][ T4405] usb 5-1: config 0 descriptor??
[ 1113.935798][T20129] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1113.942708][T20129] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1114.305808][ T4405] asix: probe of 5-1:0.251 failed with error -71
[ 1114.322392][ T4405] usb 5-1: USB disconnect, device number 114
[ 1114.483045][T20186] loop4: detected capacity change from 0 to 256
[ 1114.567608][T20186] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1115.119998][T20199] input: syz0 as /devices/virtual/input/input203
[ 1115.363109][T20197] loop4: detected capacity change from 0 to 40427
[ 1115.395743][T17439] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1115.416459][T20197] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1115.424123][T20197] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1115.433229][T20197] F2FS-fs (loop4): invalid crc value
[ 1115.439853][T20197] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1115.472279][T20197] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1115.479210][T20197] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1115.699212][T17439] usb 2-1: Using ep0 maxpacket: 16
[ 1115.996108][T17439] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[ 1116.009973][T17439] usb 2-1: config 0 has no interface number 0
[ 1116.090728][T17439] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1116.111076][T17439] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1116.213845][T20217] loop4: detected capacity change from 0 to 256
[ 1116.265705][  T428] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[ 1116.299150][T20217] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1116.395971][T17439] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1116.425262][T17439] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1116.443569][T17439] usb 2-1: Product: syz
[ 1116.453681][T17439] usb 2-1: Manufacturer: syz
[ 1116.463790][T17439] usb 2-1: SerialNumber: syz
[ 1116.474808][T17439] usb 2-1: config 0 descriptor??
[ 1116.495810][T20192] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1116.503605][T20192] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1116.526309][T20208] loop3: detected capacity change from 0 to 40427
[ 1116.606292][T20208] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1116.612537][T20208] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1116.771427][T20208] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1116.917809][T20208] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1116.924781][T20208] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1116.958351][  T428] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1116.969368][T17439] asix: probe of 2-1:0.251 failed with error -71
[ 1116.978669][T17439] usb 2-1: USB disconnect, device number 17
[ 1116.985193][  T428] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1116.996319][  T428] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1117.005237][  T428] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1117.021132][  T428] usb 3-1: config 0 descriptor??
[ 1117.575969][T20233] attempt to access beyond end of device
[ 1117.575969][T20233] loop3: rw=524288, want=45072, limit=40427
[ 1117.587433][T20233] attempt to access beyond end of device
[ 1117.587433][T20233] loop3: rw=0, want=45072, limit=40427
[ 1120.151163][T20234] input: syz0 as /devices/virtual/input/input204
[ 1120.234215][T18671] attempt to access beyond end of device
[ 1120.234215][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1120.255779][  T428] usbhid 3-1:0.0: can't add hid device: -71
[ 1120.412326][T20256] input: syz0 as /devices/virtual/input/input205
[ 1120.639882][  T428] usbhid: probe of 3-1:0.0 failed with error -71
[ 1120.647034][  T428] usb 3-1: USB disconnect, device number 125
[ 1120.826633][T20267] input: syz0 as /devices/virtual/input/input206
[ 1120.834264][T15247] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[ 1121.325855][T15247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1121.345680][T15247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1121.355514][T15247] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1121.365448][T15247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.378389][T15247] usb 5-1: config 0 descriptor??
[ 1121.515739][  T428] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[ 1121.605725][T18569] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1122.102987][T20282] loop3: detected capacity change from 0 to 256
[ 1122.110293][T18569] usb 2-1: Using ep0 maxpacket: 16
[ 1122.167113][T20282] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1122.216151][  T428] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1122.256397][  T428] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1122.266728][  T428] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1122.276108][  T428] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.287999][  T428] usb 3-1: config 0 descriptor??
[ 1122.306122][T18569] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1122.525768][T15247] usb 5-1: string descriptor 0 read error: -71
[ 1122.545754][T15247] uclogic 0003:256C:006D.00BB: failed retrieving string descriptor #200: -71
[ 1122.554490][T15247] uclogic 0003:256C:006D.00BB: failed retrieving pen parameters: -71
[ 1122.561800][T18569] usb 2-1: config 4 has an invalid interface number: 38 but max is 0
[ 1122.563325][T15247] uclogic 0003:256C:006D.00BB: failed probing pen v2 parameters: -71
[ 1122.570315][T18569] usb 2-1: config 4 has no interface number 0
[ 1122.570345][T18569] usb 2-1: config 4 interface 38 has no altsetting 0
[ 1122.578613][T15247] uclogic 0003:256C:006D.00BB: failed probing parameters: -71
[ 1122.598272][T15247] uclogic: probe of 0003:256C:006D.00BB failed with error -71
[ 1122.616393][T15247] usb 5-1: USB disconnect, device number 115
[ 1122.755799][T18569] usb 2-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 1.18
[ 1122.764727][T18569] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1122.772535][T18569] usb 2-1: Product: syz
[ 1122.776510][T18569] usb 2-1: Manufacturer: syz
[ 1122.780898][T18569] usb 2-1: SerialNumber: syz
[ 1122.895751][T17439] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1123.145717][T17439] usb 4-1: Using ep0 maxpacket: 16
[ 1123.285733][T15247] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[ 1123.295998][T17439] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1123.304323][T17439] usb 4-1: config 0 has no interface number 0
[ 1123.310602][T17439] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1123.320751][  T428] usb 3-1: string descriptor 0 read error: -71
[ 1123.327050][T17439] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1123.345752][  T428] uclogic 0003:256C:006D.00BC: failed retrieving string descriptor #200: -71
[ 1123.354934][  T428] uclogic 0003:256C:006D.00BC: failed retrieving pen parameters: -71
[ 1123.363133][  T428] uclogic 0003:256C:006D.00BC: failed probing pen v2 parameters: -71
[ 1123.371420][  T428] uclogic 0003:256C:006D.00BC: failed probing parameters: -71
[ 1123.379099][  T428] uclogic: probe of 0003:256C:006D.00BC failed with error -71
[ 1123.392941][  T428] usb 3-1: USB disconnect, device number 126
[ 1123.515814][T17439] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1123.525033][T17439] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.533244][T17439] usb 4-1: Product: syz
[ 1123.537607][T17439] usb 4-1: Manufacturer: syz
[ 1123.542070][T17439] usb 4-1: SerialNumber: syz
[ 1123.552749][T17439] usb 4-1: config 0 descriptor??
[ 1123.575879][T20288] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1123.582901][T20288] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1123.645766][T15247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1123.656611][T15247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1123.666553][T15247] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1123.675513][T15247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1123.699916][T15247] usb 5-1: config 0 descriptor??
[ 1123.885827][T17439] asix: probe of 4-1:0.251 failed with error -71
[ 1123.893398][T17439] usb 4-1: USB disconnect, device number 124
[ 1124.395941][T18569] usb 2-1: Found UVC 0.00 device syz (19ab:1000)
[ 1124.407136][T18569] usb 2-1: No valid video chain found.
[ 1124.495274][T18569] usb 2-1: USB disconnect, device number 18
[ 1124.688246][T15247] usb 5-1: string descriptor 0 read error: -71
[ 1124.715742][T15247] uclogic 0003:256C:006D.00BD: failed retrieving string descriptor #200: -71
[ 1124.727768][T15247] uclogic 0003:256C:006D.00BD: failed retrieving pen parameters: -71
[ 1124.741965][T15247] uclogic 0003:256C:006D.00BD: failed probing pen v2 parameters: -71
[ 1124.759275][T15247] uclogic 0003:256C:006D.00BD: failed probing parameters: -71
[ 1124.767227][T15247] uclogic: probe of 0003:256C:006D.00BD failed with error -71
[ 1124.780511][T15247] usb 5-1: USB disconnect, device number 116
[ 1124.883484][T20312] loop3: detected capacity change from 0 to 256
[ 1124.932846][T20312] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1126.628530][T20340] input: syz0 as /devices/virtual/input/input207
[ 1127.016355][T20349] input: syz0 as /devices/virtual/input/input208
[ 1128.146743][T20336] loop3: detected capacity change from 0 to 40427
[ 1128.246496][T20336] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1128.255111][T20336] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1128.276666][T20336] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1128.420551][T20336] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1128.474243][T20336] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1128.615747][T15247] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[ 1128.729650][T20366] attempt to access beyond end of device
[ 1128.729650][T20366] loop3: rw=524288, want=45072, limit=40427
[ 1128.741528][T20366] attempt to access beyond end of device
[ 1128.741528][T20366] loop3: rw=0, want=45072, limit=40427
[ 1129.101455][  T296] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[ 1129.106318][T18671] attempt to access beyond end of device
[ 1129.106318][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1129.226072][T15247] usb 3-1: Using ep0 maxpacket: 16
[ 1129.355769][T15247] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[ 1129.363916][T15247] usb 3-1: config 0 has no interface number 0
[ 1129.369896][T15247] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1129.379852][T15247] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1129.481482][T20371] input: syz0 as /devices/virtual/input/input209
[ 1129.955809][  T296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1129.966677][  T296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1129.976302][  T296] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1129.985203][  T296] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1129.993867][  T296] usb 5-1: config 0 descriptor??
[ 1130.045805][T15247] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1130.054719][T15247] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1130.062613][T15247] usb 3-1: Product: syz
[ 1130.066635][T15247] usb 3-1: Manufacturer: syz
[ 1130.071045][T15247] usb 3-1: SerialNumber: syz
[ 1130.076323][T15247] usb 3-1: config 0 descriptor??
[ 1130.095802][T20353] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1130.103066][T20353] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1130.399561][T20392] input: syz0 as /devices/virtual/input/input210
[ 1130.575780][  T310] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1130.586139][T15247] asix: probe of 3-1:0.251 failed with error -71
[ 1130.625278][T15247] usb 3-1: USB disconnect, device number 127
[ 1130.907254][T20397] input: syz0 as /devices/virtual/input/input211
[ 1130.915335][  T310] usb 4-1: Using ep0 maxpacket: 16
[ 1131.139851][  T296] usb 5-1: string descriptor 0 read error: -71
[ 1131.197357][  T296] uclogic 0003:256C:006D.00BE: failed retrieving string descriptor #200: -71
[ 1131.206167][  T296] uclogic 0003:256C:006D.00BE: failed retrieving pen parameters: -71
[ 1131.214131][  T296] uclogic 0003:256C:006D.00BE: failed probing pen v2 parameters: -71
[ 1131.222553][  T296] uclogic 0003:256C:006D.00BE: failed probing parameters: -71
[ 1131.230438][  T296] uclogic: probe of 0003:256C:006D.00BE failed with error -71
[ 1131.239234][  T296] usb 5-1: USB disconnect, device number 117
[ 1131.275850][  T310] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1131.373978][T20404] input: syz0 as /devices/virtual/input/input212
[ 1131.396005][  T310] usb 4-1: config 4 has an invalid interface number: 38 but max is 0
[ 1131.404571][  T310] usb 4-1: config 4 has no interface number 0
[ 1131.411566][  T310] usb 4-1: config 4 interface 38 has no altsetting 0
[ 1132.268177][T20408] input: syz0 as /devices/virtual/input/input213
[ 1132.423349][  T310] usb 4-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 1.18
[ 1132.452054][  T310] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.465261][  T311] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 1132.476934][  T310] usb 4-1: Product: syz
[ 1132.481153][  T310] usb 4-1: Manufacturer: syz
[ 1132.593532][  T310] usb 4-1: SerialNumber: syz
[ 1132.716202][T20423] input: syz0 as /devices/virtual/input/input214
[ 1133.262501][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1133.291893][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1133.403394][  T311] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1133.423880][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.434644][  T311] usb 3-1: config 0 descriptor??
[ 1133.665234][T20444] input: syz0 as /devices/virtual/input/input215
[ 1133.829831][T20446] loop4: detected capacity change from 0 to 256
[ 1133.881334][T20446] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1134.175784][  T310] usb 4-1: Found UVC 0.00 device syz (19ab:1000)
[ 1134.183095][  T310] usb 4-1: No valid video chain found.
[ 1134.196624][  T310] usb 4-1: USB disconnect, device number 125
[ 1134.662143][T20450] loop3: detected capacity change from 0 to 40427
[ 1134.864459][T20462] input: syz0 as /devices/virtual/input/input216
[ 1134.951283][T20450] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1134.977506][T20450] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1135.105728][  T311] usb 3-1: string descriptor 0 read error: -71
[ 1135.115866][T20450] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1135.126852][  T311] uclogic 0003:256C:006D.00BF: failed retrieving string descriptor #200: -71
[ 1135.135464][  T311] uclogic 0003:256C:006D.00BF: failed retrieving pen parameters: -71
[ 1135.136900][T20460] loop4: detected capacity change from 0 to 40427
[ 1135.149782][  T311] uclogic 0003:256C:006D.00BF: failed probing pen v2 parameters: -71
[ 1135.149819][  T311] uclogic 0003:256C:006D.00BF: failed probing parameters: -71
[ 1135.149862][  T311] uclogic: probe of 0003:256C:006D.00BF failed with error -71
[ 1135.180565][  T311] usb 3-1: USB disconnect, device number 2
[ 1135.184011][T20450] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1135.193184][T20450] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1135.206919][T20460] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1135.214567][T20460] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1135.224772][T20460] F2FS-fs (loop4): invalid crc value
[ 1135.232286][T20460] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1135.288061][T20460] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1135.295147][T20460] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1135.714235][T20472] attempt to access beyond end of device
[ 1135.714235][T20472] loop3: rw=524288, want=45072, limit=40427
[ 1135.726643][T20472] attempt to access beyond end of device
[ 1135.726643][T20472] loop3: rw=0, want=45072, limit=40427
[ 1136.493981][T18671] attempt to access beyond end of device
[ 1136.493981][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1137.052424][T20484] input: syz0 as /devices/virtual/input/input217
[ 1137.190931][T20489] input: syz0 as /devices/virtual/input/input218
[ 1137.675065][T20500] loop3: detected capacity change from 0 to 256
[ 1137.732432][T20500] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1137.866737][T20508] input: syz0 as /devices/virtual/input/input219
[ 1138.136174][T20487] loop4: detected capacity change from 0 to 40427
[ 1138.236623][T20487] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1138.246328][T20487] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1138.265760][T20487] F2FS-fs (loop4): invalid crc value
[ 1138.282039][T20487] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1138.425017][T20487] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1138.442224][T20487] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1138.822336][T20534] syz.1.4829[20534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1138.822425][T20534] syz.1.4829[20534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1138.881848][T20531] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 1139.797580][T20540] input: syz0 as /devices/virtual/input/input220
[ 1139.865662][T20548] input: syz0 as /devices/virtual/input/input221
[ 1140.164251][T20535] loop3: detected capacity change from 0 to 40427
[ 1140.300317][T20535] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1140.307306][T20535] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1140.613045][T20558] input: syz0 as /devices/virtual/input/input222
[ 1140.934374][T20535] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1140.977896][T20535] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1140.984832][T20535] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1141.005744][ T4405] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1141.079454][T20570] input: syz0 as /devices/virtual/input/input223
[ 1141.206044][T20576] attempt to access beyond end of device
[ 1141.206044][T20576] loop3: rw=524288, want=45072, limit=40427
[ 1141.218883][T20576] attempt to access beyond end of device
[ 1141.218883][T20576] loop3: rw=0, want=45072, limit=40427
[ 1141.844916][T20575] input: syz0 as /devices/virtual/input/input224
[ 1141.998100][T18671] attempt to access beyond end of device
[ 1141.998100][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1143.401649][T20587] input: syz0 as /devices/virtual/input/input225
[ 1143.418266][T20589] input: syz0 as /devices/virtual/input/input226
[ 1143.485747][ T4405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1143.507903][ T4405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1143.595700][ T4405] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1143.615777][ T4405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1143.636092][ T4405] usb 2-1: config 0 descriptor??
[ 1143.848468][T20609] input: syz0 as /devices/virtual/input/input227
[ 1144.555773][ T4405] usbhid 2-1:0.0: can't add hid device: -71
[ 1144.566270][ T4405] usbhid: probe of 2-1:0.0 failed with error -71
[ 1144.599039][ T4405] usb 2-1: USB disconnect, device number 19
[ 1144.682808][T20621] input: syz0 as /devices/virtual/input/input228
[ 1144.758720][T20624] input: syz0 as /devices/virtual/input/input229
[ 1145.166875][T20628] loop3: detected capacity change from 0 to 256
[ 1145.223298][T20628] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1146.033924][T20643] input: syz0 as /devices/virtual/input/input230
[ 1146.267751][T20630] loop4: detected capacity change from 0 to 40427
[ 1146.407822][T20630] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1146.414048][T20630] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1146.456681][T20630] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1146.568764][T20645] loop3: detected capacity change from 0 to 40427
[ 1146.571211][T20630] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1146.588229][T20645] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1146.594469][T20645] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1146.603302][T20630] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1146.927227][T20645] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1146.959655][T20645] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1146.966631][T20645] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1147.023426][T20665] attempt to access beyond end of device
[ 1147.023426][T20665] loop4: rw=524288, want=45072, limit=40427
[ 1147.035073][T20665] attempt to access beyond end of device
[ 1147.035073][T20665] loop4: rw=0, want=45072, limit=40427
[ 1147.340948][ T7946] attempt to access beyond end of device
[ 1147.340948][ T7946] loop4: rw=2049, want=45104, limit=40427
[ 1147.417619][  T311] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1147.546114][T20667] attempt to access beyond end of device
[ 1147.546114][T20667] loop3: rw=524288, want=45072, limit=40427
[ 1147.557700][T20667] attempt to access beyond end of device
[ 1147.557700][T20667] loop3: rw=0, want=45072, limit=40427
[ 1147.876135][T18671] attempt to access beyond end of device
[ 1147.876135][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1148.451463][T20673] input: syz0 as /devices/virtual/input/input231
[ 1148.645836][  T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1148.669129][  T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1148.693234][  T311] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1148.712527][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1148.731478][  T311] usb 2-1: config 0 descriptor??
[ 1148.874462][T20692] input: syz0 as /devices/virtual/input/input232
[ 1149.250591][T20693] input: syz0 as /devices/virtual/input/input233
[ 1149.493100][T20700] input: syz0 as /devices/virtual/input/input234
[ 1150.370479][T20702] loop4: detected capacity change from 0 to 40427
[ 1150.376958][  T311] usb 2-1: string descriptor 0 read error: -71
[ 1150.395765][T20702] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1150.402077][T20702] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1150.410671][  T311] uclogic 0003:256C:006D.00C0: failed retrieving string descriptor #200: -71
[ 1150.421649][  T311] uclogic 0003:256C:006D.00C0: failed retrieving pen parameters: -71
[ 1150.426468][T20702] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1150.447459][  T311] uclogic 0003:256C:006D.00C0: failed probing pen v2 parameters: -71
[ 1150.455571][  T311] uclogic 0003:256C:006D.00C0: failed probing parameters: -71
[ 1150.463329][  T311] uclogic: probe of 0003:256C:006D.00C0 failed with error -71
[ 1150.463895][T20702] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1150.477124][  T311] usb 2-1: USB disconnect, device number 20
[ 1150.477578][T20702] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1150.567753][T20718] input: syz0 as /devices/virtual/input/input235
[ 1150.683921][T20720] attempt to access beyond end of device
[ 1150.683921][T20720] loop4: rw=524288, want=45072, limit=40427
[ 1150.696700][T20720] attempt to access beyond end of device
[ 1150.696700][T20720] loop4: rw=0, want=45072, limit=40427
[ 1151.626357][ T7946] attempt to access beyond end of device
[ 1151.626357][ T7946] loop4: rw=2049, want=45104, limit=40427
[ 1152.134812][T20734] loop3: detected capacity change from 0 to 40427
[ 1152.196327][T20734] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1152.208210][T20734] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1152.232832][T20734] F2FS-fs (loop3): invalid crc value
[ 1152.332740][T20734] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1152.643991][T20760] input: syz0 as /devices/virtual/input/input236
[ 1153.608745][T20734] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1153.643428][T20769] input: syz0 as /devices/virtual/input/input237
[ 1153.706299][T20734] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1154.725710][  T310] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[ 1155.000957][T20781] loop3: detected capacity change from 0 to 40427
[ 1155.066632][T20781] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1155.075704][T20781] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1155.140820][T20781] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1155.173009][T20781] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1155.179998][T20781] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1155.277461][T20797] input: syz0 as /devices/virtual/input/input238
[ 1155.341525][  T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1155.472361][  T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1155.497410][  T310] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1155.506657][  T310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.522923][  T310] usb 5-1: config 0 descriptor??
[ 1155.747540][T20800] attempt to access beyond end of device
[ 1155.747540][T20800] loop3: rw=524288, want=45072, limit=40427
[ 1155.759027][T20800] attempt to access beyond end of device
[ 1155.759027][T20800] loop3: rw=0, want=45072, limit=40427
[ 1157.215844][T18671] attempt to access beyond end of device
[ 1157.215844][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1158.191686][T20813] input: syz0 as /devices/virtual/input/input239
[ 1158.200130][T20821] input: syz0 as /devices/virtual/input/input240
[ 1158.235769][  T310] usbhid 5-1:0.0: can't add hid device: -71
[ 1158.256101][  T310] usbhid: probe of 5-1:0.0 failed with error -71
[ 1158.273286][  T310] usb 5-1: USB disconnect, device number 118
[ 1159.486417][T20855] FAULT_INJECTION: forcing a failure.
[ 1159.486417][T20855] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1159.511119][T20855] CPU: 0 PID: 20855 Comm: syz.4.4901 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1159.522341][T20855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1159.532236][T20855] Call Trace:
[ 1159.535349][T20855]  <TASK>
[ 1159.538126][T20855]  dump_stack_lvl+0x151/0x1c0
[ 1159.542641][T20855]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1159.548193][T20855]  ? __stack_depot_save+0x34/0x470
[ 1159.553137][T20855]  ? kmem_cache_free+0x116/0x2e0
[ 1159.557913][T20855]  dump_stack+0x15/0x20
[ 1159.561905][T20855]  should_fail+0x3c6/0x510
[ 1159.566162][T20855]  should_fail_usercopy+0x1a/0x20
[ 1159.571024][T20855]  _copy_from_user+0x20/0xd0
[ 1159.575503][T20855]  __copy_msghdr_from_user+0xaf/0x7c0
[ 1159.580742][T20855]  ? __ia32_sys_shutdown+0x70/0x70
[ 1159.585692][T20855]  ___sys_sendmsg+0x166/0x2e0
[ 1159.590202][T20855]  ? __sys_sendmsg+0x260/0x260
[ 1159.594819][T20855]  ? __fdget+0x1bc/0x240
[ 1159.598882][T20855]  __se_sys_sendmsg+0x19a/0x260
[ 1159.603584][T20855]  ? __x64_sys_sendmsg+0x90/0x90
[ 1159.608338][T20855]  ? ksys_write+0x260/0x2c0
[ 1159.612682][T20855]  ? debug_smp_processor_id+0x17/0x20
[ 1159.617884][T20855]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1159.623790][T20855]  __x64_sys_sendmsg+0x7b/0x90
[ 1159.628387][T20855]  x64_sys_call+0x16a/0x9a0
[ 1159.632728][T20855]  do_syscall_64+0x3b/0xb0
[ 1159.636978][T20855]  ? clear_bhb_loop+0x35/0x90
[ 1159.641493][T20855]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1159.647219][T20855] RIP: 0033:0x7f0b0e9f6ff9
[ 1159.651474][T20855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1159.670920][T20855] RSP: 002b:00007f0b0d670038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1159.679333][T20855] RAX: ffffffffffffffda RBX: 00007f0b0ebaef80 RCX: 00007f0b0e9f6ff9
[ 1159.687142][T20855] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[ 1159.694956][T20855] RBP: 00007f0b0d670090 R08: 0000000000000000 R09: 0000000000000000
[ 1159.702766][T20855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1159.710580][T20855] R13: 0000000000000000 R14: 00007f0b0ebaef80 R15: 00007ffe2fe50cd8
[ 1159.718394][T20855]  </TASK>
[ 1159.866610][T20850] loop3: detected capacity change from 0 to 40427
[ 1159.895738][T17439] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1159.947705][T20866] loop4: detected capacity change from 0 to 256
[ 1160.047910][T20850] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1160.062318][T20866] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1160.129853][T20850] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1160.166801][T20850] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1160.220119][T20850] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1160.227163][T20850] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1160.627211][T20877] attempt to access beyond end of device
[ 1160.627211][T20877] loop3: rw=524288, want=45072, limit=40427
[ 1160.638615][T20877] attempt to access beyond end of device
[ 1160.638615][T20877] loop3: rw=0, want=45072, limit=40427
[ 1160.969776][T17439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1160.982242][T17439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1160.992317][T17439] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1161.002476][T17439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1161.011516][T17439] usb 2-1: config 0 descriptor??
[ 1161.035144][T18671] attempt to access beyond end of device
[ 1161.035144][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1161.473567][T20894] input: syz0 as /devices/virtual/input/input241
[ 1162.246054][T20912] input: syz0 as /devices/virtual/input/input242
[ 1162.516397][T20899] loop3: detected capacity change from 0 to 40427
[ 1162.531301][T20899] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1162.539563][T20899] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1162.554287][T20899] F2FS-fs (loop3): invalid crc value
[ 1162.561721][T20899] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1162.566018][T17439] usb 2-1: string descriptor 0 read error: -71
[ 1162.596082][T17439] uclogic 0003:256C:006D.00C1: failed retrieving string descriptor #200: -71
[ 1162.609134][T17439] uclogic 0003:256C:006D.00C1: failed retrieving pen parameters: -71
[ 1162.625820][T17439] uclogic 0003:256C:006D.00C1: failed probing pen v2 parameters: -71
[ 1162.632748][T20899] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1162.633844][T17439] uclogic 0003:256C:006D.00C1: failed probing parameters: -71
[ 1162.644202][T20899] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1162.648392][T17439] uclogic: probe of 0003:256C:006D.00C1 failed with error -71
[ 1162.674288][T17439] usb 2-1: USB disconnect, device number 21
[ 1163.425397][T20923] loop4: detected capacity change from 0 to 40427
[ 1163.515780][T20936] loop3: detected capacity change from 0 to 256
[ 1163.621100][T20936] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1163.709275][T20923] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1163.744678][T20923] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1163.836430][T20923] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1163.868565][T20923] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1163.875443][T20923] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1164.645881][T20944] attempt to access beyond end of device
[ 1164.645881][T20944] loop4: rw=524288, want=45072, limit=40427
[ 1164.657227][T20944] attempt to access beyond end of device
[ 1164.657227][T20944] loop4: rw=0, want=45072, limit=40427
[ 1164.748230][ T7946] attempt to access beyond end of device
[ 1164.748230][ T7946] loop4: rw=2049, want=45104, limit=40427
[ 1164.978000][T20960] input: syz0 as /devices/virtual/input/input243
[ 1165.599353][T20968] input: syz0 as /devices/virtual/input/input244
[ 1166.952896][  T310] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 1167.088666][T20997] input: syz0 as /devices/virtual/input/input246
[ 1167.572200][T20986] loop4: detected capacity change from 0 to 40427
[ 1167.635760][  T310] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1167.646688][  T310] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1167.656596][  T310] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1167.665531][  T310] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.673806][T20986] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1167.683287][  T310] usb 3-1: config 0 descriptor??
[ 1167.684570][T20986] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1167.698582][T20986] F2FS-fs (loop4): invalid crc value
[ 1167.708282][T20986] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1167.712268][T21001] loop3: detected capacity change from 0 to 40427
[ 1167.770767][T21001] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1167.777332][T21001] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1167.791851][T20986] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1167.798819][T20986] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1167.821669][T21001] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1167.862186][T21001] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1167.869422][T21001] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1168.477170][T21021] attempt to access beyond end of device
[ 1168.477170][T21021] loop3: rw=524288, want=45072, limit=40427
[ 1168.488481][T21021] attempt to access beyond end of device
[ 1168.488481][T21021] loop3: rw=0, want=45072, limit=40427
[ 1169.105987][T18671] attempt to access beyond end of device
[ 1169.105987][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1169.458085][T21028] input: syz0 as /devices/virtual/input/input247
[ 1169.885710][  T310] usb 3-1: string descriptor 0 read error: -71
[ 1169.905773][  T310] uclogic 0003:256C:006D.00C2: failed retrieving string descriptor #200: -71
[ 1169.940303][  T310] uclogic 0003:256C:006D.00C2: failed retrieving pen parameters: -71
[ 1169.948777][  T310] uclogic 0003:256C:006D.00C2: failed probing pen v2 parameters: -71
[ 1169.957068][  T310] uclogic 0003:256C:006D.00C2: failed probing parameters: -71
[ 1169.964465][  T310] uclogic: probe of 0003:256C:006D.00C2 failed with error -71
[ 1169.978746][  T310] usb 3-1: USB disconnect, device number 3
[ 1171.073306][T21066] input: syz0 as /devices/virtual/input/input249
[ 1172.173589][T21065] loop4: detected capacity change from 0 to 40427
[ 1172.315816][T21065] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1172.333829][T21065] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1172.353412][T21065] F2FS-fs (loop4): invalid crc value
[ 1172.440968][T21087] input: syz0 as /devices/virtual/input/input250
[ 1172.949892][T21079] loop3: detected capacity change from 0 to 40427
[ 1173.068504][T21065] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1173.112558][T21065] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1173.174075][T21099] input: syz0 as /devices/virtual/input/input251
[ 1173.189073][T21065] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1173.631326][T21079] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1173.645034][T21079] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1173.655207][T21079] F2FS-fs (loop3): invalid crc value
[ 1173.661991][T21079] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1173.705681][T18569] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1173.735242][T21079] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1173.745784][T21079] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1174.166075][T18569] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1174.231796][T18569] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1174.474412][T18569] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1174.483654][T18569] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.496709][T18569] usb 2-1: config 0 descriptor??
[ 1175.221505][T21142] input: syz0 as /devices/virtual/input/input252
[ 1175.778283][T21150] loop4: detected capacity change from 0 to 256
[ 1175.880576][T21150] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1175.907479][T18569] usb 2-1: string descriptor 0 read error: -71
[ 1175.970260][T18569] uclogic 0003:256C:006D.00C3: failed retrieving string descriptor #200: -71
[ 1176.021786][T18569] uclogic 0003:256C:006D.00C3: failed retrieving pen parameters: -71
[ 1176.038026][T18569] uclogic 0003:256C:006D.00C3: failed probing pen v2 parameters: -71
[ 1176.054396][T18569] uclogic 0003:256C:006D.00C3: failed probing parameters: -71
[ 1176.069220][T18569] uclogic: probe of 0003:256C:006D.00C3 failed with error -71
[ 1176.092219][T18569] usb 2-1: USB disconnect, device number 22
[ 1176.223432][T21149] loop3: detected capacity change from 0 to 40427
[ 1176.316431][T21149] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1176.322745][T21149] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1176.344845][T21149] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1176.584534][T21159] input: syz0 as /devices/virtual/input/input253
[ 1176.893341][T21149] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1176.901737][T21149] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1177.184914][T21175] attempt to access beyond end of device
[ 1177.184914][T21175] loop3: rw=524288, want=45072, limit=40427
[ 1177.197910][T21175] attempt to access beyond end of device
[ 1177.197910][T21175] loop3: rw=0, want=45072, limit=40427
[ 1178.406689][T21177] input: syz0 as /devices/virtual/input/input254
[ 1178.454231][T18671] attempt to access beyond end of device
[ 1178.454231][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1179.145950][T21192] input: syz0 as /devices/virtual/input/input255
[ 1179.830789][T21184] loop4: detected capacity change from 0 to 40427
[ 1179.987584][T21184] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1180.005714][T21184] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1180.303377][T21213] loop3: detected capacity change from 0 to 256
[ 1180.636117][T21210] input: syz0 as /devices/virtual/input/input256
[ 1180.702287][T21184] F2FS-fs (loop4): invalid crc value
[ 1180.723210][T21213] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1180.877336][T21184] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1181.323072][T21184] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1181.338302][T21184] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1181.556100][ T4405] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1182.916423][ T4405] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1182.949799][ T4405] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1183.026392][ T4405] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1183.035547][ T4405] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1183.047947][ T4405] usb 4-1: config 0 descriptor??
[ 1183.596804][T21254] input: syz0 as /devices/virtual/input/input257
[ 1183.895864][T21246] loop4: detected capacity change from 0 to 40427
[ 1183.962525][T21246] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1183.968756][T21246] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1183.979512][T21246] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1184.004148][T21246] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1184.011074][T21246] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1184.109390][T21263] input: syz0 as /devices/virtual/input/input258
[ 1184.325711][ T4405] usb 4-1: string descriptor 0 read error: -71
[ 1184.345827][ T4405] uclogic 0003:256C:006D.00C4: failed retrieving string descriptor #200: -71
[ 1184.424547][ T4405] uclogic 0003:256C:006D.00C4: failed retrieving pen parameters: -71
[ 1184.443246][ T4405] uclogic 0003:256C:006D.00C4: failed probing pen v2 parameters: -71
[ 1184.451438][ T4405] uclogic 0003:256C:006D.00C4: failed probing parameters: -71
[ 1184.458995][ T4405] uclogic: probe of 0003:256C:006D.00C4 failed with error -71
[ 1184.559229][T21271] attempt to access beyond end of device
[ 1184.559229][T21271] loop4: rw=524288, want=45072, limit=40427
[ 1184.572002][T21271] attempt to access beyond end of device
[ 1184.572002][T21271] loop4: rw=0, want=45072, limit=40427
[ 1185.362517][ T7946] attempt to access beyond end of device
[ 1185.362517][ T7946] loop4: rw=2049, want=45104, limit=40427
[ 1185.379383][T21270] input: syz0 as /devices/virtual/input/input259
[ 1185.398481][ T4405] usb 4-1: USB disconnect, device number 126
[ 1185.675806][  T311] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[ 1186.070049][T21281] loop3: detected capacity change from 0 to 40427
[ 1186.111505][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1186.122562][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1186.132509][  T311] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1186.141579][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1186.150170][  T311] usb 3-1: config 0 descriptor??
[ 1186.166204][T21281] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1186.172440][T21281] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1186.266450][T21281] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1186.315774][ T4405] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[ 1186.445136][T21281] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1186.452220][T21281] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1186.646344][T21305] attempt to access beyond end of device
[ 1186.646344][T21305] loop3: rw=0, want=45072, limit=40427
[ 1186.855777][ T4405] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1186.871720][ T4405] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1186.884207][   T45] attempt to access beyond end of device
[ 1186.884207][   T45] loop3: rw=2049, want=40968, limit=40427
[ 1186.900940][ T4405] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1186.989153][ T4405] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1186.998831][ T4405] usb 5-1: config 0 descriptor??
[ 1187.825761][  T311] usb 3-1: string descriptor 0 read error: -71
[ 1187.845780][  T311] uclogic 0003:256C:006D.00C5: failed retrieving string descriptor #200: -71
[ 1187.854399][  T311] uclogic 0003:256C:006D.00C5: failed retrieving pen parameters: -71
[ 1187.881619][  T311] uclogic 0003:256C:006D.00C5: failed probing pen v2 parameters: -71
[ 1187.894739][  T311] uclogic 0003:256C:006D.00C5: failed probing parameters: -71
[ 1187.902517][  T311] uclogic: probe of 0003:256C:006D.00C5 failed with error -71
[ 1187.915358][  T311] usb 3-1: USB disconnect, device number 4
[ 1188.212496][T21323] loop3: detected capacity change from 0 to 40427
[ 1188.306180][T21323] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1188.312944][T21323] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1188.339915][T21329] input: syz0 as /devices/virtual/input/input261
[ 1188.382445][T21323] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1188.459182][T21323] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1188.466280][T21323] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1188.515912][ T4405] usb 5-1: string descriptor 0 read error: -71
[ 1188.595986][ T4405] uclogic 0003:256C:006D.00C6: failed retrieving string descriptor #200: -71
[ 1188.604636][ T4405] uclogic 0003:256C:006D.00C6: failed retrieving pen parameters: -71
[ 1188.612628][ T4405] uclogic 0003:256C:006D.00C6: failed probing pen v2 parameters: -71
[ 1188.620752][ T4405] uclogic 0003:256C:006D.00C6: failed probing parameters: -71
[ 1188.628380][ T4405] uclogic: probe of 0003:256C:006D.00C6 failed with error -71
[ 1188.636731][ T4405] usb 5-1: USB disconnect, device number 119
[ 1188.719387][T21346] attempt to access beyond end of device
[ 1188.719387][T21346] loop3: rw=524288, want=45072, limit=40427
[ 1188.731159][T21346] attempt to access beyond end of device
[ 1188.731159][T21346] loop3: rw=0, want=45072, limit=40427
[ 1189.007178][  T311] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[ 1189.046163][T18671] attempt to access beyond end of device
[ 1189.046163][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1189.497433][T21354] loop4: detected capacity change from 0 to 256
[ 1189.570543][T21354] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1189.675728][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1189.691721][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1189.709699][  T311] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1189.726829][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1189.744180][  T311] usb 3-1: config 0 descriptor??
[ 1189.854480][T21358] loop3: detected capacity change from 0 to 40427
[ 1189.875708][T21358] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1189.887195][T21358] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1189.936348][T21358] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1190.079849][T21358] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1190.088126][T21358] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1190.705753][T21371] attempt to access beyond end of device
[ 1190.705753][T21371] loop3: rw=0, want=45072, limit=40427
[ 1190.936125][  T962] attempt to access beyond end of device
[ 1190.936125][  T962] loop3: rw=2049, want=40968, limit=40427
[ 1191.067502][T21369] loop4: detected capacity change from 0 to 40427
[ 1191.175857][  T311] usb 3-1: string descriptor 0 read error: -71
[ 1191.195836][  T311] uclogic 0003:256C:006D.00C7: failed retrieving string descriptor #200: -71
[ 1191.279784][T21369] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1191.307653][T21369] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1191.317762][  T311] uclogic 0003:256C:006D.00C7: failed retrieving pen parameters: -71
[ 1191.338163][T21369] F2FS-fs (loop4): invalid crc value
[ 1191.345935][  T311] uclogic 0003:256C:006D.00C7: failed probing pen v2 parameters: -71
[ 1191.377201][  T311] uclogic 0003:256C:006D.00C7: failed probing parameters: -71
[ 1191.384649][  T311] uclogic: probe of 0003:256C:006D.00C7 failed with error -71
[ 1191.394480][T21369] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1191.398832][  T311] usb 3-1: USB disconnect, device number 5
[ 1191.458148][T21387] FAULT_INJECTION: forcing a failure.
[ 1191.458148][T21387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1191.481649][T21369] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1191.495685][T21369] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1191.495794][T21387] CPU: 1 PID: 21387 Comm: syz.1.5013 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1191.514179][T21387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1191.524073][T21387] Call Trace:
[ 1191.527193][T21387]  <TASK>
[ 1191.529971][T21387]  dump_stack_lvl+0x151/0x1c0
[ 1191.534483][T21387]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1191.539955][T21387]  ? __stack_depot_save+0x34/0x470
[ 1191.544898][T21387]  ? kmem_cache_free+0x116/0x2e0
[ 1191.549674][T21387]  dump_stack+0x15/0x20
[ 1191.553665][T21387]  should_fail+0x3c6/0x510
[ 1191.557942][T21387]  should_fail_usercopy+0x1a/0x20
[ 1191.562775][T21387]  _copy_from_user+0x20/0xd0
[ 1191.567205][T21387]  __copy_msghdr_from_user+0xaf/0x7c0
[ 1191.572414][T21387]  ? __ia32_sys_shutdown+0x70/0x70
[ 1191.577364][T21387]  ___sys_sendmsg+0x166/0x2e0
[ 1191.581896][T21387]  ? __sys_sendmsg+0x260/0x260
[ 1191.586481][T21387]  ? __fdget+0x1bc/0x240
[ 1191.590549][T21387]  __se_sys_sendmsg+0x19a/0x260
[ 1191.595374][T21387]  ? __x64_sys_sendmsg+0x90/0x90
[ 1191.600225][T21387]  ? ksys_write+0x260/0x2c0
[ 1191.604567][T21387]  ? debug_smp_processor_id+0x17/0x20
[ 1191.609770][T21387]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1191.615674][T21387]  __x64_sys_sendmsg+0x7b/0x90
[ 1191.620274][T21387]  x64_sys_call+0x16a/0x9a0
[ 1191.624614][T21387]  do_syscall_64+0x3b/0xb0
[ 1191.628955][T21387]  ? clear_bhb_loop+0x35/0x90
[ 1191.633466][T21387]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1191.635710][    T6] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1191.639280][T21387] RIP: 0033:0x7f54125cbff9
[ 1191.651087][T21387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1191.670530][T21387] RSP: 002b:00007f5411203038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1191.678772][T21387] RAX: ffffffffffffffda RBX: 00007f5412784130 RCX: 00007f54125cbff9
[ 1191.686581][T21387] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000007
[ 1191.694393][T21387] RBP: 00007f5411203090 R08: 0000000000000000 R09: 0000000000000000
[ 1191.702206][T21387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1191.710015][T21387] R13: 0000000000000000 R14: 00007f5412784130 R15: 00007ffdffb6dc28
[ 1191.717906][T21387]  </TASK>
[ 1193.133136][T21403] input: syz0 as /devices/virtual/input/input262
[ 1193.179489][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1193.195849][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1193.205925][    T6] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1193.216335][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1193.224988][    T6] usb 4-1: config 0 descriptor??
[ 1194.442952][T21425] loop4: detected capacity change from 0 to 40427
[ 1194.465935][T21425] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1194.482229][T21425] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1194.495775][    T6] usb 4-1: string descriptor 0 read error: -71
[ 1194.505334][T21425] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1194.515697][    T6] uclogic 0003:256C:006D.00C8: failed retrieving string descriptor #200: -71
[ 1194.524881][    T6] uclogic 0003:256C:006D.00C8: failed retrieving pen parameters: -71
[ 1194.539545][T21425] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1194.543694][    T6] uclogic 0003:256C:006D.00C8: failed probing pen v2 parameters: -71
[ 1194.547213][T21425] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1194.562521][    T6] uclogic 0003:256C:006D.00C8: failed probing parameters: -71
[ 1194.570086][    T6] uclogic: probe of 0003:256C:006D.00C8 failed with error -71
[ 1194.628132][    T6] usb 4-1: USB disconnect, device number 127
[ 1194.821068][T21447] attempt to access beyond end of device
[ 1194.821068][T21447] loop4: rw=524288, want=45072, limit=40427
[ 1194.832786][T21447] attempt to access beyond end of device
[ 1194.832786][T21447] loop4: rw=0, want=45072, limit=40427
[ 1195.180006][ T7946] attempt to access beyond end of device
[ 1195.180006][ T7946] loop4: rw=2049, want=45104, limit=40427
[ 1195.405212][T21449] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5029'.
[ 1195.592743][T21454] FAULT_INJECTION: forcing a failure.
[ 1195.592743][T21454] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1195.625643][T21454] CPU: 1 PID: 21454 Comm: syz.3.5031 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1195.636840][T21454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1195.646739][T21454] Call Trace:
[ 1195.649867][T21454]  <TASK>
[ 1195.652639][T21454]  dump_stack_lvl+0x151/0x1c0
[ 1195.657155][T21454]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1195.662705][T21454]  ? __stack_depot_save+0x34/0x470
[ 1195.667653][T21454]  ? kmem_cache_free+0x116/0x2e0
[ 1195.672444][T21454]  dump_stack+0x15/0x20
[ 1195.676425][T21454]  should_fail+0x3c6/0x510
[ 1195.680671][T21454]  should_fail_usercopy+0x1a/0x20
[ 1195.685529][T21454]  _copy_from_user+0x20/0xd0
[ 1195.689957][T21454]  __copy_msghdr_from_user+0xaf/0x7c0
[ 1195.695164][T21454]  ? __ia32_sys_shutdown+0x70/0x70
[ 1195.700120][T21454]  ___sys_sendmsg+0x166/0x2e0
[ 1195.704625][T21454]  ? __sys_sendmsg+0x260/0x260
[ 1195.709319][T21454]  ? __fdget+0x1bc/0x240
[ 1195.713391][T21454]  __se_sys_sendmsg+0x19a/0x260
[ 1195.718078][T21454]  ? __x64_sys_sendmsg+0x90/0x90
[ 1195.722850][T21454]  ? ksys_write+0x260/0x2c0
[ 1195.727191][T21454]  ? debug_smp_processor_id+0x17/0x20
[ 1195.732396][T21454]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1195.738299][T21454]  __x64_sys_sendmsg+0x7b/0x90
[ 1195.742902][T21454]  x64_sys_call+0x16a/0x9a0
[ 1195.747237][T21454]  do_syscall_64+0x3b/0xb0
[ 1195.751492][T21454]  ? clear_bhb_loop+0x35/0x90
[ 1195.756004][T21454]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1195.761827][T21454] RIP: 0033:0x7fe35f836ff9
[ 1195.766072][T21454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1195.785515][T21454] RSP: 002b:00007fe35e4b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1195.793764][T21454] RAX: ffffffffffffffda RBX: 00007fe35f9eef80 RCX: 00007fe35f836ff9
[ 1195.801571][T21454] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000008
[ 1195.809381][T21454] RBP: 00007fe35e4b0090 R08: 0000000000000000 R09: 0000000000000000
[ 1195.817195][T21454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1195.825000][T21454] R13: 0000000000000000 R14: 00007fe35f9eef80 R15: 00007fffa199fa88
[ 1195.832820][T21454]  </TASK>
[ 1195.921534][T21463] input: syz0 as /devices/virtual/input/input263
[ 1196.373401][T21476] loop4: detected capacity change from 0 to 128
[ 1196.745254][T21486] loop3: detected capacity change from 0 to 256
[ 1196.826551][T21486] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1197.039700][T21476] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 1197.050274][T21476] ext4 filesystem being mounted at /592/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[ 1197.994468][T21507] loop3: detected capacity change from 0 to 40427
[ 1198.015894][T21507] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1198.026983][T21507] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1198.062228][T21507] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1198.142433][T21507] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1198.156626][T21507] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1198.248073][T21511] loop4: detected capacity change from 0 to 40427
[ 1198.279727][T21511] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1198.287483][T21511] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1198.297268][T21511] F2FS-fs (loop4): invalid crc value
[ 1198.410970][T21520] attempt to access beyond end of device
[ 1198.410970][T21520] loop3: rw=524288, want=45072, limit=40427
[ 1198.422413][T21520] attempt to access beyond end of device
[ 1198.422413][T21520] loop3: rw=0, want=45072, limit=40427
[ 1199.021972][T21511] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1199.065896][T18671] attempt to access beyond end of device
[ 1199.065896][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1199.203742][T21511] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1199.246521][T21511] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1200.509842][T21539] loop3: detected capacity change from 0 to 40427
[ 1200.590056][T21539] F2FS-fs (loop3): Invalid segment/section count (31, 24 x 1)
[ 1200.606739][T21539] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1200.639658][T21539] F2FS-fs (loop3): invalid crc value
[ 1200.661149][T21539] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1200.812671][T21566] loop4: detected capacity change from 0 to 256
[ 1200.913561][T21566] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1200.998018][T21539] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1
[ 1201.031959][T21539] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1201.045665][T21539] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1201.160321][T21569] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1201.167497][T21569] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1201.174975][T21569] device bridge_slave_0 entered promiscuous mode
[ 1201.244216][T21574] FAULT_INJECTION: forcing a failure.
[ 1201.244216][T21574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1201.257154][T21574] CPU: 1 PID: 21574 Comm: syz.3.5046 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1201.268288][T21574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1201.278178][T21574] Call Trace:
[ 1201.281306][T21574]  <TASK>
[ 1201.284086][T21574]  dump_stack_lvl+0x151/0x1c0
[ 1201.288598][T21574]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1201.294075][T21574]  ? __check_object_size+0x73/0x3d0
[ 1201.299098][T21574]  dump_stack+0x15/0x20
[ 1201.303087][T21574]  should_fail+0x3c6/0x510
[ 1201.307340][T21574]  should_fail_usercopy+0x1a/0x20
[ 1201.312199][T21574]  _copy_to_user+0x20/0x90
[ 1201.316451][T21574]  simple_read_from_buffer+0xc7/0x150
[ 1201.321662][T21574]  proc_fail_nth_read+0x1a3/0x210
[ 1201.326609][T21574]  ? proc_fault_inject_write+0x390/0x390
[ 1201.332291][T21574]  ? fsnotify_perm+0x470/0x5d0
[ 1201.336896][T21574]  ? security_file_permission+0x86/0xb0
[ 1201.342271][T21574]  ? proc_fault_inject_write+0x390/0x390
[ 1201.347740][T21574]  vfs_read+0x27d/0xd40
[ 1201.351734][T21574]  ? kernel_read+0x1f0/0x1f0
[ 1201.356173][T21574]  ? __kasan_check_write+0x14/0x20
[ 1201.361106][T21574]  ? mutex_lock+0xb6/0x1e0
[ 1201.365371][T21574]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1201.371922][T21574]  ? __fdget_pos+0x2e7/0x3a0
[ 1201.376338][T21574]  ? ksys_read+0x77/0x2c0
[ 1201.380935][T21574]  ksys_read+0x199/0x2c0
[ 1201.384944][T21574]  ? __kasan_check_write+0x14/0x20
[ 1201.389881][T21574]  ? vfs_write+0x1110/0x1110
[ 1201.394657][T21574]  ? __kasan_check_read+0x11/0x20
[ 1201.399518][T21574]  __x64_sys_read+0x7b/0x90
[ 1201.403853][T21574]  x64_sys_call+0x28/0x9a0
[ 1201.408281][T21574]  do_syscall_64+0x3b/0xb0
[ 1201.412532][T21574]  ? clear_bhb_loop+0x35/0x90
[ 1201.417045][T21574]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1201.422774][T21574] RIP: 0033:0x7fe35f835a3c
[ 1201.427115][T21574] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1201.446746][T21574] RSP: 002b:00007fe35e46e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1201.454979][T21574] RAX: ffffffffffffffda RBX: 00007fe35f9ef130 RCX: 00007fe35f835a3c
[ 1201.462793][T21574] RDX: 000000000000000f RSI: 00007fe35e46e0a0 RDI: 000000000000000e
[ 1201.470606][T21574] RBP: 00007fe35e46e090 R08: 0000000000000000 R09: 0000000000000000
[ 1201.478500][T21574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1201.486315][T21574] R13: 0000000000000000 R14: 00007fe35f9ef130 R15: 00007fffa199fa88
[ 1201.494133][T21574]  </TASK>
[ 1201.546285][T18671] attempt to access beyond end of device
[ 1201.546285][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1201.559207][T21569] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1201.567593][T21569] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1201.574979][T21569] device bridge_slave_1 entered promiscuous mode
[ 1202.132583][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1202.140229][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1202.160068][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1202.169055][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1202.177162][  T389] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1202.184019][  T389] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1202.191770][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1202.200695][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1202.209102][  T389] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1202.215967][  T389] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1202.276455][ T5840] device bridge_slave_1 left promiscuous mode
[ 1202.282424][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1202.299702][T21578] loop4: detected capacity change from 0 to 40427
[ 1202.388660][ T5840] device bridge_slave_0 left promiscuous mode
[ 1202.424041][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1202.449924][T21578] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1202.513625][T21578] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1202.557426][ T5840] device veth1_macvtap left promiscuous mode
[ 1202.603000][T21578] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1202.641657][T21583] loop3: detected capacity change from 0 to 40427
[ 1202.658868][T21583] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1202.665028][T21583] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1202.665517][T21578] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1202.677486][T21583] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1202.679976][T21578] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1202.725659][T21583] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1202.732631][T21583] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1202.768494][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1202.824702][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1202.834580][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1202.843654][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1202.852597][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1203.078147][T21596] attempt to access beyond end of device
[ 1203.078147][T21596] loop4: rw=524288, want=45072, limit=40427
[ 1203.089563][T21596] attempt to access beyond end of device
[ 1203.089563][T21596] loop4: rw=0, want=45072, limit=40427
[ 1203.355928][T21599] attempt to access beyond end of device
[ 1203.355928][T21599] loop3: rw=524288, want=45072, limit=40427
[ 1203.367331][T21599] attempt to access beyond end of device
[ 1203.367331][T21599] loop3: rw=0, want=45072, limit=40427
[ 1203.817842][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1203.872838][T18671] attempt to access beyond end of device
[ 1203.872838][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1203.899196][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1203.904587][ T7946] attempt to access beyond end of device
[ 1203.904587][ T7946] loop4: rw=2049, want=45104, limit=40427
[ 1203.926306][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1203.933749][T21569] device veth0_vlan entered promiscuous mode
[ 1203.959818][T21569] device veth1_macvtap entered promiscuous mode
[ 1203.976300][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1203.984660][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1204.003845][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1204.025534][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1204.033952][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1204.042421][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1204.050874][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1204.805716][  T296] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 1205.695844][T21632] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1205.702889][T21632] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1205.705674][  T296] usb 4-1: Using ep0 maxpacket: 16
[ 1205.711681][T21632] device bridge_slave_0 entered promiscuous mode
[ 1205.721756][T21632] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1205.728935][T21632] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1205.761897][T21632] device bridge_slave_1 entered promiscuous mode
[ 1205.826040][  T296] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1205.849859][  T296] usb 4-1: config 0 has no interface number 0
[ 1205.930186][  T296] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1206.018167][  T296] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1206.081290][T21632] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1206.088172][T21632] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1206.095318][T21632] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1206.102187][T21632] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1206.129394][  T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1206.138206][  T389] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1206.145394][  T389] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1206.166843][ T4405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1206.185773][  T296] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1206.194798][  T296] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.203194][  T296] usb 4-1: Product: syz
[ 1206.207585][  T296] usb 4-1: Manufacturer: syz
[ 1206.212040][  T296] usb 4-1: SerialNumber: syz
[ 1206.217743][  T296] usb 4-1: config 0 descriptor??
[ 1206.234938][ T4405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1206.235777][T21609] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1206.241842][ T4405] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1206.249101][T21609] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1206.256301][ T4405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1206.270621][ T4405] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1206.277491][ T4405] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1206.294520][T18569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1206.302367][T18569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1206.316057][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1206.326295][T18569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1206.334228][T18569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1206.342812][T18569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1206.378499][T21632] device veth0_vlan entered promiscuous mode
[ 1207.059573][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1207.071188][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1207.086967][  T962] device bridge_slave_1 left promiscuous mode
[ 1207.093101][  T962] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.100765][  T962] device bridge_slave_0 left promiscuous mode
[ 1207.106801][  T962] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.114810][  T962] device veth1_macvtap left promiscuous mode
[ 1207.121017][  T962] device veth0_vlan left promiscuous mode
[ 1207.201153][T21632] device veth1_macvtap entered promiscuous mode
[ 1207.213626][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1207.221135][  T296] asix: probe of 4-1:0.251 failed with error -71
[ 1207.235466][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1207.243898][  T296] usb 4-1: USB disconnect, device number 2
[ 1207.254323][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1207.276804][T15247] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1207.284972][T15247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1208.370006][T21672] input: syz0 as /devices/virtual/input/input264
[ 1208.404111][T18569] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1209.379743][T21684] loop4: detected capacity change from 0 to 256
[ 1209.386537][T18569] usb 4-1: Using ep0 maxpacket: 16
[ 1209.469808][T21684] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1209.525795][T18569] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1209.562674][T18569] usb 4-1: config 0 has no interface number 0
[ 1209.600950][  T296] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1209.608439][T18569] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1209.630555][T18569] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1209.865887][T18569] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1210.393494][T18569] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1210.404849][T18569] usb 4-1: Product: syz
[ 1210.411879][T18569] usb 4-1: Manufacturer: syz
[ 1210.417263][T18569] usb 4-1: SerialNumber: syz
[ 1210.442156][T18569] usb 4-1: config 0 descriptor??
[ 1210.475803][T21658] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1210.502261][T21658] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1210.604590][  T296] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1210.674038][  T296] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1210.758322][  T296] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1210.832938][  T296] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1210.851300][  T296] usb 2-1: config 0 descriptor??
[ 1210.865736][T18569] asix: probe of 4-1:0.251 failed with error -71
[ 1210.877523][T18569] usb 4-1: USB disconnect, device number 3
[ 1211.088217][   T30] kauditd_printk_skb: 28 callbacks suppressed
[ 1211.088233][   T30] audit: type=1400 audit(1727671641.257:3782): avc:  denied  { remount } for  pid=21708 comm="syz.4.5083" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1211.088237][T21709] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22
[ 1211.088264][T21709] SELinux: security_context_str_to_sid() failed for (dev devpts, type devpts) errno=-22
[ 1212.092720][T21729] input: syz0 as /devices/virtual/input/input265
[ 1212.208656][T21724] loop4: detected capacity change from 0 to 40427
[ 1212.246385][T21724] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1212.263836][T21724] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1212.295838][  T296] usb 2-1: string descriptor 0 read error: -71
[ 1212.302966][T21724] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1212.315744][  T296] uclogic 0003:256C:006D.00C9: failed retrieving string descriptor #200: -71
[ 1212.328106][  T296] uclogic 0003:256C:006D.00C9: failed retrieving pen parameters: -71
[ 1212.358713][  T296] uclogic 0003:256C:006D.00C9: failed probing pen v2 parameters: -71
[ 1212.372999][  T296] uclogic 0003:256C:006D.00C9: failed probing parameters: -71
[ 1212.381043][T21724] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1212.388173][T21724] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1212.404048][  T296] uclogic: probe of 0003:256C:006D.00C9 failed with error -71
[ 1212.417507][  T296] usb 2-1: USB disconnect, device number 23
[ 1212.608680][T21741] input: syz0 as /devices/virtual/input/input266
[ 1213.005711][T21744] attempt to access beyond end of device
[ 1213.005711][T21744] loop4: rw=524288, want=45072, limit=40427
[ 1213.017218][T21744] attempt to access beyond end of device
[ 1213.017218][T21744] loop4: rw=0, want=45072, limit=40427
[ 1213.345921][T21737] FAULT_INJECTION: forcing a failure.
[ 1213.345921][T21737] name failslab, interval 1, probability 0, space 0, times 0
[ 1213.399138][T21737] CPU: 1 PID: 21737 Comm: syz.0.5090 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1213.410353][T21737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1213.420248][T21737] Call Trace:
[ 1213.423377][T21737]  <TASK>
[ 1213.426149][T21737]  dump_stack_lvl+0x151/0x1c0
[ 1213.431097][T21737]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1213.436569][T21737]  ? slab_post_alloc_hook+0x53/0x2c0
[ 1213.441687][T21737]  ? new_inode_pseudo+0x93/0x220
[ 1213.446463][T21737]  ? proc_pid_make_inode+0x27/0x1d0
[ 1213.451500][T21737]  ? proc_pident_instantiate+0x7a/0x2e0
[ 1213.456869][T21737]  ? proc_pident_lookup+0x1c4/0x260
[ 1213.461993][T21737]  ? path_openat+0x1194/0x2f40
[ 1213.466593][T21737]  ? do_filp_open+0x21c/0x460
[ 1213.471106][T21737]  dump_stack+0x15/0x20
[ 1213.475096][T21737]  should_fail+0x3c6/0x510
[ 1213.479355][T21737]  __should_failslab+0xa4/0xe0
[ 1213.483955][T21737]  ? __alloc_skb+0xbe/0x550
[ 1213.488292][T21737]  should_failslab+0x9/0x20
[ 1213.492825][T21737]  slab_pre_alloc_hook+0x37/0xd0
[ 1213.497602][T21737]  ? __alloc_skb+0xbe/0x550
[ 1213.501935][T21737]  kmem_cache_alloc+0x44/0x200
[ 1213.506537][T21737]  __alloc_skb+0xbe/0x550
[ 1213.510737][T21737]  sock_wmalloc+0xb2/0x130
[ 1213.515001][T21737]  ip_append_page+0x8f5/0x1170
[ 1213.519553][T21737]  ? lock_sock_nested+0x266/0x300
[ 1213.524418][T21737]  udp_sendpage+0x1b3/0x5d0
[ 1213.528757][T21737]  ? stack_trace_save+0x1c0/0x1c0
[ 1213.533614][T21737]  ? dst_clone+0xf0/0xf0
[ 1213.537693][T21737]  ? avc_has_perm_noaudit+0x348/0x430
[ 1213.542901][T21737]  ? memcpy+0x56/0x70
[ 1213.546719][T21737]  ? avc_has_perm_noaudit+0x2dd/0x430
[ 1213.551931][T21737]  ? inet_send_prepare+0x5e/0x4a0
[ 1213.556791][T21737]  ? dst_clone+0xf0/0xf0
[ 1213.560874][T21737]  inet_sendpage+0xd8/0x120
[ 1213.565207][T21737]  kernel_sendpage+0x251/0x2d0
[ 1213.569807][T21737]  sock_sendpage+0x85/0xb0
[ 1213.574058][T21737]  pipe_to_sendpage+0x257/0x340
[ 1213.578744][T21737]  ? sock_fasync+0x100/0x100
[ 1213.583184][T21737]  ? generic_splice_sendpage+0x220/0x220
[ 1213.588789][T21737]  __splice_from_pipe+0x339/0x860
[ 1213.593646][T21737]  ? generic_splice_sendpage+0x220/0x220
[ 1213.599202][T21737]  generic_splice_sendpage+0x195/0x220
[ 1213.604493][T21737]  ? iter_file_splice_write+0xf90/0xf90
[ 1213.609871][T21737]  ? fsnotify_perm+0x6a/0x5d0
[ 1213.614386][T21737]  ? security_file_permission+0x86/0xb0
[ 1213.619766][T21737]  ? rw_verify_area+0xa7/0x1c0
[ 1213.624365][T21737]  ? iter_file_splice_write+0xf90/0xf90
[ 1213.629756][T21737]  do_splice+0xe72/0x15e0
[ 1213.633913][T21737]  ? file_end_write+0x1c0/0x1c0
[ 1213.638690][T21737]  ? __fget_files+0x31e/0x380
[ 1213.643199][T21737]  ? wait_for_space+0x2c0/0x2c0
[ 1213.647886][T21737]  ? __fdget+0x1bc/0x240
[ 1213.651967][T21737]  __se_sys_splice+0x340/0x420
[ 1213.656566][T21737]  ? __x64_sys_splice+0x100/0x100
[ 1213.661424][T21737]  ? debug_smp_processor_id+0x17/0x20
[ 1213.666635][T21737]  __x64_sys_splice+0xe5/0x100
[ 1213.671233][T21737]  x64_sys_call+0x73d/0x9a0
[ 1213.675573][T21737]  do_syscall_64+0x3b/0xb0
[ 1213.679825][T21737]  ? clear_bhb_loop+0x35/0x90
[ 1213.684338][T21737]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1213.690171][T21737] RIP: 0033:0x7ff316a43ff9
[ 1213.694429][T21737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1213.713866][T21737] RSP: 002b:00007ff3156bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 1213.722109][T21737] RAX: ffffffffffffffda RBX: 00007ff316bfbf80 RCX: 00007ff316a43ff9
[ 1213.729920][T21737] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000005
[ 1213.737730][T21737] RBP: 00007ff3156bd090 R08: 0000000000007151 R09: 0000000000000000
[ 1213.745543][T21737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1213.753355][T21737] R13: 0000000000000000 R14: 00007ff316bfbf80 R15: 00007ffcac1edf18
[ 1213.761173][T21737]  </TASK>
[ 1213.776631][T21632] attempt to access beyond end of device
[ 1213.776631][T21632] loop4: rw=2049, want=45104, limit=40427
[ 1214.710951][T21747] loop3: detected capacity change from 0 to 40427
[ 1214.736798][T21747] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1214.744106][T21747] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1214.755557][T21747] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1214.783646][T21747] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1214.790766][T21747] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1215.071028][T21774] attempt to access beyond end of device
[ 1215.071028][T21774] loop3: rw=524288, want=45072, limit=40427
[ 1215.083805][T21774] attempt to access beyond end of device
[ 1215.083805][T21774] loop3: rw=0, want=45072, limit=40427
[ 1215.787760][T21773] loop4: detected capacity change from 0 to 256
[ 1215.899108][T21773] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1215.916934][T18671] attempt to access beyond end of device
[ 1215.916934][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1216.411564][T21798] input: syz0 as /devices/virtual/input/input267
[ 1218.641074][T21834] input: syz0 as /devices/virtual/input/input268
[ 1218.781887][T21840] FAULT_INJECTION: forcing a failure.
[ 1218.781887][T21840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1218.925448][T21840] CPU: 0 PID: 21840 Comm: syz.3.5110 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1218.936667][T21840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1218.946564][T21840] Call Trace:
[ 1218.949685][T21840]  <TASK>
[ 1218.950533][T21811] loop4: detected capacity change from 0 to 40427
[ 1218.952458][T21840]  dump_stack_lvl+0x151/0x1c0
[ 1218.963228][T21840]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1218.968690][T21840]  ? __wake_up_klogd+0xd5/0x110
[ 1218.973380][T21840]  dump_stack+0x15/0x20
[ 1218.977376][T21840]  should_fail+0x3c6/0x510
[ 1218.981625][T21840]  should_fail_usercopy+0x1a/0x20
[ 1218.986482][T21840]  _copy_from_user+0x20/0xd0
[ 1218.990908][T21840]  __sys_bpf+0x1e9/0x760
[ 1218.994990][T21840]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1219.000200][T21840]  ? __kasan_check_read+0x11/0x20
[ 1219.005057][T21840]  __x64_sys_bpf+0x7c/0x90
[ 1219.009311][T21840]  x64_sys_call+0x87f/0x9a0
[ 1219.013647][T21840]  do_syscall_64+0x3b/0xb0
[ 1219.017901][T21840]  ? clear_bhb_loop+0x35/0x90
[ 1219.022420][T21840]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1219.028146][T21840] RIP: 0033:0x7fe35f836ff9
[ 1219.032401][T21840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1219.051946][T21840] RSP: 002b:00007fe35e46e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1219.060185][T21840] RAX: ffffffffffffffda RBX: 00007fe35f9ef130 RCX: 00007fe35f836ff9
[ 1219.067989][T21840] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012
[ 1219.075796][T21840] RBP: 00007fe35e46e090 R08: 0000000000000000 R09: 0000000000000000
[ 1219.083620][T21840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1219.091420][T21840] R13: 0000000000000000 R14: 00007fe35f9ef130 R15: 00007fffa199fa88
[ 1219.099409][T21840]  </TASK>
[ 1219.124795][T21811] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1219.137663][T21811] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1219.154482][T21811] F2FS-fs (loop4): invalid crc value
[ 1219.211032][T21811] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1219.244494][T21811] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1219.251765][T21811] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1220.545198][T21864] input: syz0 as /devices/virtual/input/input269
[ 1221.225651][  T389] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[ 1221.286365][T21870] loop3: detected capacity change from 0 to 40427
[ 1221.290592][T21874] loop4: detected capacity change from 0 to 40427
[ 1221.309630][T21878] binfmt_misc: register: failed to install interpreter file ./file0
[ 1221.318053][T21870] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1221.322358][T21874] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1221.325728][T21870] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1221.337922][T21874] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1221.356744][    T6] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1221.364798][T21870] F2FS-fs (loop3): invalid crc value
[ 1221.378567][T21874] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1221.411186][T21870] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1221.429354][T21874] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1221.436495][T21874] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1221.461040][T21870] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1221.468193][T21870] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1221.525369][  T389] usb 3-1: Using ep0 maxpacket: 16
[ 1221.981663][T21890] attempt to access beyond end of device
[ 1221.981663][T21890] loop4: rw=524288, want=45072, limit=40427
[ 1221.992965][T21890] attempt to access beyond end of device
[ 1221.992965][T21890] loop4: rw=0, want=45072, limit=40427
[ 1222.489855][T21632] attempt to access beyond end of device
[ 1222.489855][T21632] loop4: rw=2049, want=45104, limit=40427
[ 1222.602278][  T389] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[ 1222.651075][  T389] usb 3-1: config 0 has no interface number 0
[ 1222.657420][  T389] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1222.668042][  T389] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1222.695823][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1222.785666][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1222.795817][    T6] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1222.804714][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1222.813728][    T6] usb 2-1: config 0 descriptor??
[ 1222.822461][   T30] audit: type=1107 audit(1727671652.987:3783): pid=21898 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1222.838112][T21899] binfmt_misc: register: failed to install interpreter file ./file0
[ 1222.913301][T21900] input: syz0 as /devices/virtual/input/input270
[ 1223.195724][  T389] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1223.204605][  T389] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1223.212491][  T389] usb 3-1: Product: syz
[ 1223.216513][  T389] usb 3-1: Manufacturer: syz
[ 1223.220916][  T389] usb 3-1: SerialNumber: syz
[ 1223.235944][  T389] usb 3-1: config 0 descriptor??
[ 1223.255731][T21868] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1223.262611][T21868] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1223.304881][T21902] loop4: detected capacity change from 0 to 40427
[ 1223.396093][T21902] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1223.403827][T21902] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1223.412889][T21902] F2FS-fs (loop4): invalid crc value
[ 1223.419654][T21902] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1223.445656][  T296] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 1223.454783][T21902] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1223.461710][T21902] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1223.555769][  T389] asix: probe of 3-1:0.251 failed with error -71
[ 1223.563558][  T389] usb 3-1: USB disconnect, device number 6
[ 1223.835706][    T6] usb 2-1: string descriptor 0 read error: -71
[ 1223.863545][    T6] uclogic 0003:256C:006D.00CA: failed retrieving string descriptor #200: -71
[ 1223.890744][    T6] uclogic 0003:256C:006D.00CA: failed retrieving pen parameters: -71
[ 1223.899712][    T6] uclogic 0003:256C:006D.00CA: failed probing pen v2 parameters: -71
[ 1223.909705][    T6] uclogic 0003:256C:006D.00CA: failed probing parameters: -71
[ 1223.918082][  T296] usb 4-1: Using ep0 maxpacket: 16
[ 1224.222492][    T6] uclogic: probe of 0003:256C:006D.00CA failed with error -71
[ 1224.230876][    T6] usb 2-1: USB disconnect, device number 24
[ 1224.288193][T21920] FAULT_INJECTION: forcing a failure.
[ 1224.288193][T21920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1224.301229][T21920] CPU: 0 PID: 21920 Comm: syz.4.5127 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1224.312417][T21920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1224.322315][T21920] Call Trace:
[ 1224.325523][T21920]  <TASK>
[ 1224.328300][T21920]  dump_stack_lvl+0x151/0x1c0
[ 1224.332814][T21920]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1224.338453][T21920]  ? __stack_depot_save+0x34/0x470
[ 1224.343404][T21920]  ? kmem_cache_free+0x116/0x2e0
[ 1224.348176][T21920]  dump_stack+0x15/0x20
[ 1224.352165][T21920]  should_fail+0x3c6/0x510
[ 1224.356419][T21920]  should_fail_usercopy+0x1a/0x20
[ 1224.361278][T21920]  _copy_from_user+0x20/0xd0
[ 1224.365731][T21920]  __copy_msghdr_from_user+0xaf/0x7c0
[ 1224.371004][T21920]  ? __ia32_sys_shutdown+0x70/0x70
[ 1224.375950][T21920]  ___sys_sendmsg+0x166/0x2e0
[ 1224.380467][T21920]  ? __sys_sendmsg+0x260/0x260
[ 1224.385071][T21920]  ? __fdget+0x1bc/0x240
[ 1224.389172][T21920]  __se_sys_sendmsg+0x19a/0x260
[ 1224.393830][T21920]  ? __x64_sys_sendmsg+0x90/0x90
[ 1224.398600][T21920]  ? ksys_write+0x260/0x2c0
[ 1224.402944][T21920]  ? debug_smp_processor_id+0x17/0x20
[ 1224.408158][T21920]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1224.414051][T21920]  __x64_sys_sendmsg+0x7b/0x90
[ 1224.418740][T21920]  x64_sys_call+0x16a/0x9a0
[ 1224.423077][T21920]  do_syscall_64+0x3b/0xb0
[ 1224.427327][T21920]  ? clear_bhb_loop+0x35/0x90
[ 1224.431846][T21920]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1224.437571][T21920] RIP: 0033:0x7fc8dca94ff9
[ 1224.441824][T21920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1224.461460][T21920] RSP: 002b:00007fc8db70e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1224.469706][T21920] RAX: ffffffffffffffda RBX: 00007fc8dcc4cf80 RCX: 00007fc8dca94ff9
[ 1224.477515][T21920] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[ 1224.485438][T21920] RBP: 00007fc8db70e090 R08: 0000000000000000 R09: 0000000000000000
[ 1224.493244][T21920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1224.501058][T21920] R13: 0000000000000000 R14: 00007fc8dcc4cf80 R15: 00007ffee78c4f58
[ 1224.508870][T21920]  </TASK>
[ 1224.525758][  T296] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[ 1224.539569][  T296] usb 4-1: config 0 has no interface number 0
[ 1224.547334][  T296] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 173
[ 1224.735771][  T296] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[ 1224.753748][  T296] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1225.100391][  T296] usb 4-1: Product: syz
[ 1225.105016][  T296] usb 4-1: SerialNumber: syz
[ 1225.120984][  T296] usb 4-1: config 0 descriptor??
[ 1225.145971][T21904] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1225.394958][T21904] netlink: 'syz.3.5125': attribute type 27 has an invalid length.
[ 1225.444536][T21904] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1225.451744][T21904] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1225.575538][T21952] input: syz0 as /devices/virtual/input/input271
[ 1226.322623][T21955] device veth0_vlan left promiscuous mode
[ 1226.345084][T21955] device veth0_vlan entered promiscuous mode
[ 1226.352130][T21955] device veth1_macvtap left promiscuous mode
[ 1226.359428][T21955] device veth1_macvtap entered promiscuous mode
[ 1226.367254][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1226.379441][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1226.392862][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1226.615332][  T310] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1226.622332][  T310] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1226.630402][  T296] usb 4-1: invalid MIDI in EP 0
[ 1226.635482][  T296] snd-usb-audio: probe of 4-1:0.2 failed with error -22
[ 1226.642591][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1226.651420][  T296] usb 4-1: USB disconnect, device number 4
[ 1226.658174][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1226.666937][  T310] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1226.673788][  T310] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1226.681056][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1226.689318][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[ 1226.697381][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1226.705467][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[ 1226.713516][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1226.721669][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1226.729723][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1226.737723][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1226.745705][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1226.753717][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1226.762238][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1226.771036][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1226.781359][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1226.789557][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1226.797345][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1226.805211][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1226.813063][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1226.821045][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1226.829285][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1227.009071][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1227.016959][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1227.024750][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1227.032105][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1227.039500][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1227.047539][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1227.055482][  T310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1227.063377][  T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1227.072671][T21966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'.
[ 1227.081685][T21966] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5140'.
[ 1227.093031][T21966] device bridge1 entered promiscuous mode
[ 1227.215696][  T310] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[ 1227.715218][T21990] loop3: detected capacity change from 0 to 256
[ 1227.791104][T21990] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1228.325747][  T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1228.344682][  T310] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1228.364582][  T310] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1228.374388][  T310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1228.409527][  T310] usb 5-1: config 0 descriptor??
[ 1228.629497][T22010] input: syz0 as /devices/virtual/input/input272
[ 1229.923043][T22024] input: syz0 as /devices/virtual/input/input273
[ 1230.015969][  T310] hid (null): bogus close delimiter
[ 1230.214889][T22022] loop3: detected capacity change from 0 to 40427
[ 1230.255753][  T310] usb 5-1: string descriptor 0 read error: -71
[ 1230.275715][  T310] uclogic 0003:256C:006D.00CB: failed retrieving string descriptor #200: -71
[ 1230.294574][  T310] uclogic 0003:256C:006D.00CB: failed retrieving pen parameters: -71
[ 1230.304658][  T310] uclogic 0003:256C:006D.00CB: failed probing pen v2 parameters: -71
[ 1230.317255][T22022] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1230.324553][T22022] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1230.327844][  T310] uclogic 0003:256C:006D.00CB: failed probing parameters: -71
[ 1230.340036][  T310] uclogic: probe of 0003:256C:006D.00CB failed with error -71
[ 1230.353599][  T310] usb 5-1: USB disconnect, device number 120
[ 1230.438450][T22022] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1230.469810][T22022] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1230.476762][T22022] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1231.106193][T22037] attempt to access beyond end of device
[ 1231.106193][T22037] loop3: rw=524288, want=45072, limit=40427
[ 1231.117626][T22037] attempt to access beyond end of device
[ 1231.117626][T22037] loop3: rw=0, want=45072, limit=40427
[ 1231.966597][T18671] attempt to access beyond end of device
[ 1231.966597][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1232.013296][T22043] loop4: detected capacity change from 0 to 256
[ 1232.454397][T22067] loop3: detected capacity change from 0 to 256
[ 1232.460890][  T311] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[ 1232.970004][T22068] input: syz0 as /devices/virtual/input/input274
[ 1232.979688][T22071] input: syz0 as /devices/virtual/input/input275
[ 1233.339422][T22067] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1233.588796][T22081] input: syz0 as /devices/virtual/input/input276
[ 1234.555671][  T311] usb 5-1: Using ep0 maxpacket: 16
[ 1234.658651][T22086] loop3: detected capacity change from 0 to 40427
[ 1234.695729][  T311] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[ 1234.703714][  T311] usb 5-1: config 0 has no interface number 0
[ 1234.709654][  T311] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1234.719356][  T311] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1234.746163][T22086] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 1234.752388][T22086] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1234.763048][T22086] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1234.788172][T22086] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 1234.795053][T22086] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1234.825705][ T7809] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1234.925748][  T311] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1234.934815][  T311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1234.942891][  T311] usb 5-1: Product: syz
[ 1234.947060][  T311] usb 5-1: Manufacturer: syz
[ 1234.951463][  T311] usb 5-1: SerialNumber: syz
[ 1234.962419][  T311] usb 5-1: config 0 descriptor??
[ 1234.984718][T22098] attempt to access beyond end of device
[ 1234.984718][T22098] loop3: rw=524288, want=45072, limit=40427
[ 1234.996587][T22098] attempt to access beyond end of device
[ 1234.996587][T22098] loop3: rw=0, want=45072, limit=40427
[ 1235.180983][T22059] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1235.188374][T22059] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1235.388123][  T311] usb 5-1: can't set config #0, error -71
[ 1235.394364][  T311] usb 5-1: USB disconnect, device number 121
[ 1235.414548][T18671] attempt to access beyond end of device
[ 1235.414548][T18671] loop3: rw=2049, want=45104, limit=40427
[ 1235.429477][T22108] FAULT_INJECTION: forcing a failure.
[ 1235.429477][T22108] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1235.445734][T22108] CPU: 1 PID: 22108 Comm: syz.2.5171 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1235.456951][T22108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1235.466845][T22108] Call Trace:
[ 1235.469965][T22108]  <TASK>
[ 1235.472742][T22108]  dump_stack_lvl+0x151/0x1c0
[ 1235.477259][T22108]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1235.482722][T22108]  ? avc_has_perm+0x16f/0x260
[ 1235.487243][T22108]  dump_stack+0x15/0x20
[ 1235.491231][T22108]  should_fail+0x3c6/0x510
[ 1235.495483][T22108]  should_fail_alloc_page+0x5a/0x80
[ 1235.500528][T22108]  prepare_alloc_pages+0x15c/0x700
[ 1235.505465][T22108]  ? __alloc_pages_bulk+0xe40/0xe40
[ 1235.510499][T22108]  ? stack_trace_save+0x1c0/0x1c0
[ 1235.515368][T22108]  __alloc_pages+0x18c/0x8f0
[ 1235.519788][T22108]  ? prep_new_page+0x110/0x110
[ 1235.524385][T22108]  ? stack_trace_save+0x113/0x1c0
[ 1235.529244][T22108]  ? stack_trace_snprint+0xf0/0xf0
[ 1235.534192][T22108]  skb_page_frag_refill+0x209/0x3b0
[ 1235.539230][T22108]  tun_get_user+0x6f0/0x3aa0
[ 1235.543654][T22108]  ? __kasan_check_write+0x14/0x20
[ 1235.548601][T22108]  ? x64_sys_call+0x6bf/0x9a0
[ 1235.553202][T22108]  ? tun_do_read+0x2010/0x2010
[ 1235.557797][T22108]  ? kstrtouint_from_user+0x20a/0x2a0
[ 1235.563013][T22108]  ? kstrtol_from_user+0x310/0x310
[ 1235.565750][ T7809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1235.568040][T22108]  ? avc_policy_seqno+0x1b/0x70
[ 1235.568068][T22108]  ? selinux_file_permission+0x2c4/0x570
[ 1235.588874][T22108]  tun_chr_write_iter+0x1e1/0x2e0
[ 1235.593734][T22108]  vfs_write+0xd5d/0x1110
[ 1235.593942][ T7809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1235.597896][T22108]  ? file_end_write+0x1c0/0x1c0
[ 1235.597926][T22108]  ? __fdget_pos+0x209/0x3a0
[ 1235.616557][T22108]  ? ksys_write+0x77/0x2c0
[ 1235.620811][T22108]  ksys_write+0x199/0x2c0
[ 1235.624978][T22108]  ? __ia32_sys_read+0x90/0x90
[ 1235.629286][ T7809] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1235.629570][T22108]  ? debug_smp_processor_id+0x17/0x20
[ 1235.643633][T22108]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1235.648906][ T7809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1235.649536][T22108]  __x64_sys_write+0x7b/0x90
[ 1235.649561][T22108]  x64_sys_call+0x2f/0x9a0
[ 1235.666027][T22108]  do_syscall_64+0x3b/0xb0
[ 1235.670279][T22108]  ? clear_bhb_loop+0x35/0x90
[ 1235.674794][T22108]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1235.680519][T22108] RIP: 0033:0x7f76f50c0adf
[ 1235.684776][T22108] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[ 1235.704216][T22108] RSP: 002b:00007f76f3d3b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1235.712543][T22108] RAX: ffffffffffffffda RBX: 00007f76f5279f80 RCX: 00007f76f50c0adf
[ 1235.720355][T22108] RDX: 000000000000000e RSI: 00000000200003c0 RDI: 00000000000000c8
[ 1235.728165][T22108] RBP: 00007f76f3d3b090 R08: 0000000000000000 R09: 0000000000000000
[ 1235.735978][T22108] R10: 000000000000000e R11: 0000000000000293 R12: 0000000000000001
[ 1235.743787][T22108] R13: 0000000000000000 R14: 00007f76f5279f80 R15: 00007ffea45a4958
[ 1235.751604][T22108]  </TASK>
[ 1235.765022][ T7809] usb 2-1: config 0 descriptor??
[ 1236.728179][   T30] audit: type=1400 audit(1727671666.297:3784): avc:  denied  { write } for  pid=22110 comm="syz.2.5173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1237.279387][T22123] input: syz0 as /devices/virtual/input/input277
[ 1237.327814][T22127] input: syz0 as /devices/virtual/input/input278
[ 1237.791702][T22133] loop4: detected capacity change from 0 to 256
[ 1237.847183][T22133] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1238.175679][ T7809] usb 2-1: string descriptor 0 read error: -71
[ 1238.195716][ T7809] uclogic 0003:256C:006D.00CC: failed retrieving string descriptor #200: -71
[ 1238.256003][T22143] input: syz0 as /devices/virtual/input/input279
[ 1238.308915][ T7809] uclogic 0003:256C:006D.00CC: failed retrieving pen parameters: -71
[ 1238.491284][ T7809] uclogic 0003:256C:006D.00CC: failed probing pen v2 parameters: -71
[ 1238.500103][ T7809] uclogic 0003:256C:006D.00CC: failed probing parameters: -71
[ 1238.507922][ T7809] uclogic: probe of 0003:256C:006D.00CC failed with error -71
[ 1238.521086][ T7809] usb 2-1: USB disconnect, device number 25
[ 1238.594432][ T4405] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[ 1238.915975][   T30] audit: type=1400 audit(1727671669.017:3785): avc:  denied  { write } for  pid=22146 comm="syz.4.5181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[ 1239.009101][   T30] audit: type=1400 audit(1727671669.017:3786): avc:  denied  { nlmsg_read } for  pid=22146 comm="syz.4.5181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[ 1239.030619][ T4405] usb 3-1: Using ep0 maxpacket: 16
[ 1239.039190][T22155] FAULT_INJECTION: forcing a failure.
[ 1239.039190][T22155] name failslab, interval 1, probability 0, space 0, times 0
[ 1239.051720][T22155] CPU: 1 PID: 22155 Comm: syz.0.5183 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1239.062914][T22155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1239.072809][T22155] Call Trace:
[ 1239.075933][T22155]  <TASK>
[ 1239.078706][T22155]  dump_stack_lvl+0x151/0x1c0
[ 1239.083226][T22155]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1239.088688][T22155]  ? vfs_write+0x9ec/0x1110
[ 1239.093031][T22155]  dump_stack+0x15/0x20
[ 1239.097020][T22155]  should_fail+0x3c6/0x510
[ 1239.101270][T22155]  __should_failslab+0xa4/0xe0
[ 1239.105874][T22155]  should_failslab+0x9/0x20
[ 1239.110314][T22155]  slab_pre_alloc_hook+0x37/0xd0
[ 1239.115083][T22155]  ? __se_sys_mount+0x9b/0x3b0
[ 1239.119687][T22155]  __kmalloc_track_caller+0x6c/0x260
[ 1239.124809][T22155]  ? __se_sys_mount+0x9b/0x3b0
[ 1239.129404][T22155]  strndup_user+0x76/0x150
[ 1239.133658][T22155]  __se_sys_mount+0x9b/0x3b0
[ 1239.138089][T22155]  ? __x64_sys_mount+0xd0/0xd0
[ 1239.142690][T22155]  ? debug_smp_processor_id+0x17/0x20
[ 1239.147894][T22155]  __x64_sys_mount+0xbf/0xd0
[ 1239.152322][T22155]  x64_sys_call+0x49d/0x9a0
[ 1239.156657][T22155]  do_syscall_64+0x3b/0xb0
[ 1239.160909][T22155]  ? clear_bhb_loop+0x35/0x90
[ 1239.165435][T22155]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1239.171151][T22155] RIP: 0033:0x7ff316a43ff9
[ 1239.175415][T22155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1239.175665][    T6] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 1239.194855][T22155] RSP: 002b:00007ff3156bd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1239.194886][T22155] RAX: ffffffffffffffda RBX: 00007ff316bfbf80 RCX: 00007ff316a43ff9
[ 1239.194901][T22155] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00000000200003c0
[ 1239.194914][T22155] RBP: 00007ff3156bd090 R08: 0000000000000000 R09: 0000000000000000
[ 1239.194927][T22155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1239.194941][T22155] R13: 0000000000000000 R14: 00007ff316bfbf80 R15: 00007ffcac1edf18
[ 1239.249614][T22155]  </TASK>
[ 1239.355766][ T4405] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[ 1239.363812][ T4405] usb 3-1: config 0 has no interface number 0
[ 1239.369809][ T4405] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1239.381429][ T4405] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1239.435774][    T6] usb 4-1: Using ep0 maxpacket: 16
[ 1239.555721][    T6] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1239.573983][    T6] usb 4-1: config 0 has no interface number 0
[ 1239.580414][    T6] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1239.600403][    T6] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1239.605791][ T4405] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1239.626877][ T4405] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1239.643542][ T4405] usb 3-1: Product: syz
[ 1239.651044][ T4405] usb 3-1: Manufacturer: syz
[ 1239.659919][ T4405] usb 3-1: SerialNumber: syz
[ 1239.671001][ T4405] usb 3-1: config 0 descriptor??
[ 1239.695697][T22136] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1239.695833][  T296] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1239.703652][T22136] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 1239.775779][    T6] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1239.784744][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1239.792551][    T6] usb 4-1: Product: syz
[ 1239.796767][    T6] usb 4-1: Manufacturer: syz
[ 1239.801616][    T6] usb 4-1: SerialNumber: syz
[ 1239.810741][    T6] usb 4-1: config 0 descriptor??
[ 1239.825913][T22148] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1239.832987][T22148] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1240.036300][ T4405] asix: probe of 3-1:0.251 failed with error -71
[ 1240.114391][ T4405] usb 3-1: USB disconnect, device number 7
[ 1240.185638][  T296] usb 5-1: Using ep0 maxpacket: 16
[ 1240.205768][    T6] asix: probe of 4-1:0.251 failed with error -71
[ 1240.213540][    T6] usb 4-1: USB disconnect, device number 5
[ 1240.305747][  T296] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[ 1240.313918][  T296] usb 5-1: config 0 has no interface number 0
[ 1240.319883][  T296] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1240.330129][  T296] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1240.538860][T22184] input: syz0 as /devices/virtual/input/input280
[ 1240.566024][  T296] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1240.576118][  T296] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1240.583962][  T296] usb 5-1: Product: syz
[ 1240.617770][  T296] usb 5-1: Manufacturer: syz
[ 1240.622869][  T296] usb 5-1: SerialNumber: syz
[ 1240.646180][  T296] usb 5-1: config 0 descriptor??
[ 1240.665748][T22157] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1240.672576][T22157] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1240.873246][T22193] input: syz0 as /devices/virtual/input/input281
[ 1241.289064][T22195] loop3: detected capacity change from 0 to 256
[ 1241.809778][T22195] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1241.925719][  T296] asix: probe of 5-1:0.251 failed with error -71
[ 1241.976290][  T296] usb 5-1: USB disconnect, device number 122
[ 1242.284043][T22206] loop3: detected capacity change from 0 to 16
[ 1243.841692][T22206] erofs: (device loop3): mounted with root inode @ nid 36.
[ 1244.111805][T22221] input: syz0 as /devices/virtual/input/input282
[ 1244.455150][T22224] loop3: detected capacity change from 0 to 40427
[ 1244.466148][T22218] loop4: detected capacity change from 0 to 40427
[ 1244.473277][T22224] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1244.480900][T22224] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1244.490070][T22224] F2FS-fs (loop3): invalid crc value
[ 1244.496932][T22224] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1244.528743][T22218] F2FS-fs (loop4): fault_injection options not supported
[ 1244.535944][T22218] F2FS-fs (loop4): fault_type options not supported
[ 1244.543845][T22224] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1244.545055][T22218] F2FS-fs (loop4): invalid crc value
[ 1244.551240][T22224] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1244.558169][T22218] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1244.632668][T22218] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1244.649936][T21632] attempt to access beyond end of device
[ 1244.649936][T21632] loop4: rw=2049, want=45104, limit=40427
[ 1245.098182][T22243] input: syz0 as /devices/virtual/input/input283
[ 1245.399520][T22245] 9pnet: p9_errstr2errno: server reported unknown error 
[ 1245.447288][T22245] xt_bpf: check failed: parse error
[ 1245.655638][  T389] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[ 1245.665692][T17439] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1246.109241][T22265] loop3: detected capacity change from 0 to 256
[ 1246.157465][T22265] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1246.175932][  T389] usb 5-1: Using ep0 maxpacket: 16
[ 1246.401607][  T389] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[ 1246.409786][T17439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1246.420588][  T389] usb 5-1: config 0 has no interface number 0
[ 1246.426907][T17439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1246.436736][  T389] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1246.446952][T17439] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1246.455928][  T389] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1246.465916][T17439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1246.478956][T17439] usb 2-1: config 0 descriptor??
[ 1246.489980][T22270] FAULT_INJECTION: forcing a failure.
[ 1246.489980][T22270] name failslab, interval 1, probability 0, space 0, times 0
[ 1246.502572][T22270] CPU: 0 PID: 22270 Comm: syz.2.5210 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1246.513851][T22270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1246.523745][T22270] Call Trace:
[ 1246.526866][T22270]  <TASK>
[ 1246.529643][T22270]  dump_stack_lvl+0x151/0x1c0
[ 1246.534159][T22270]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1246.539624][T22270]  ? vfs_write+0x9ec/0x1110
[ 1246.543965][T22270]  dump_stack+0x15/0x20
[ 1246.547965][T22270]  should_fail+0x3c6/0x510
[ 1246.552211][T22270]  __should_failslab+0xa4/0xe0
[ 1246.556821][T22270]  should_failslab+0x9/0x20
[ 1246.561149][T22270]  slab_pre_alloc_hook+0x37/0xd0
[ 1246.565922][T22270]  kmem_cache_alloc_trace+0x48/0x210
[ 1246.571042][T22270]  ? __se_sys_mount+0x156/0x3b0
[ 1246.575826][T22270]  __se_sys_mount+0x156/0x3b0
[ 1246.580330][T22270]  ? __x64_sys_mount+0xd0/0xd0
[ 1246.584929][T22270]  ? debug_smp_processor_id+0x17/0x20
[ 1246.590138][T22270]  __x64_sys_mount+0xbf/0xd0
[ 1246.594565][T22270]  x64_sys_call+0x49d/0x9a0
[ 1246.598904][T22270]  do_syscall_64+0x3b/0xb0
[ 1246.603156][T22270]  ? clear_bhb_loop+0x35/0x90
[ 1246.607669][T22270]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1246.613398][T22270] RIP: 0033:0x7f76f50c1ff9
[ 1246.617664][T22270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1246.637090][T22270] RSP: 002b:00007f76f3d3b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1246.645422][T22270] RAX: ffffffffffffffda RBX: 00007f76f5279f80 RCX: 00007f76f50c1ff9
[ 1246.653235][T22270] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000000
[ 1246.661064][T22270] RBP: 00007f76f3d3b090 R08: 0000000020000bc0 R09: 0000000000000000
[ 1246.668858][T22270] R10: 0000000001012022 R11: 0000000000000246 R12: 0000000000000001
[ 1246.676671][T22270] R13: 0000000000000000 R14: 00007f76f5279f80 R15: 00007ffea45a4958
[ 1246.684486][T22270]  </TASK>
[ 1246.786236][  T389] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1246.795234][  T389] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1246.804881][  T389] usb 5-1: Product: syz
[ 1246.809239][  T389] usb 5-1: Manufacturer: syz
[ 1246.813917][  T389] usb 5-1: SerialNumber: syz
[ 1246.885750][T22276] input: syz0 as /devices/virtual/input/input284
[ 1247.184788][ T7809] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 1247.193445][  T389] usb 5-1: config 0 descriptor??
[ 1247.215863][T22247] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1247.222714][T22247] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1247.505723][  T389] asix: probe of 5-1:0.251 failed with error -71
[ 1247.512990][  T389] usb 5-1: USB disconnect, device number 123
[ 1247.568025][ T7809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1247.579045][ T7809] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1247.636415][ T7809] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1247.645421][ T7809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1247.654338][ T7809] usb 4-1: config 0 descriptor??
[ 1247.655742][T17439] usb 2-1: string descriptor 0 read error: -71
[ 1247.685706][T17439] uclogic 0003:256C:006D.00CD: failed retrieving string descriptor #200: -71
[ 1247.694301][T17439] uclogic 0003:256C:006D.00CD: failed retrieving pen parameters: -71
[ 1247.702285][T17439] uclogic 0003:256C:006D.00CD: failed probing pen v2 parameters: -71
[ 1247.710525][T17439] uclogic 0003:256C:006D.00CD: failed probing parameters: -71
[ 1247.793379][T22286] input: syz0 as /devices/virtual/input/input285
[ 1247.979835][T17439] uclogic: probe of 0003:256C:006D.00CD failed with error -71
[ 1247.988311][T17439] usb 2-1: USB disconnect, device number 26
[ 1248.116975][T22274] tmpfs: Unsupported parameter 'mpol'
[ 1248.122320][   T30] audit: type=1400 audit(1727671678.287:3787): avc:  denied  { mounton } for  pid=22273 comm="syz.3.5212" path="/136/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[ 1248.159415][ T7809] hid-led 0003:0FC5:B080.00CE: unknown main item tag 0x0
[ 1248.228831][T22292] input: syz0 as /devices/virtual/input/input286
[ 1248.606312][T22274] SELinux: security_context_str_to_sid(êx) failed for (dev ?, type ?) errno=-22
[ 1248.621486][T22274] SELinux: security_context_str_to_sid(êx) failed for (dev devpts, type devpts) errno=-22
[ 1248.645832][ T7809] hid-led: probe of 0003:0FC5:B080.00CE failed with error -71
[ 1248.658559][ T7809] usb 4-1: USB disconnect, device number 6
[ 1248.946075][T17439] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1249.170701][T22312] input: syz0 as /devices/virtual/input/input287
[ 1249.725874][T17439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1249.763570][T17439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1249.873452][T17439] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1249.902127][T17439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1249.923599][T17439] usb 2-1: config 0 descriptor??
[ 1250.314533][T22333] input: syz0 as /devices/virtual/input/input288
[ 1250.431889][T22340] input: syz0 as /devices/virtual/input/input289
[ 1250.795663][T18569] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1251.075719][T17439] usb 2-1: string descriptor 0 read error: -71
[ 1251.095696][T17439] uclogic 0003:256C:006D.00CF: failed retrieving string descriptor #200: -71
[ 1251.107214][T22347] loop4: detected capacity change from 0 to 40427
[ 1251.109545][T17439] uclogic 0003:256C:006D.00CF: failed retrieving pen parameters: -71
[ 1251.138275][T22347] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 1251.144905][T22347] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 1251.145520][T17439] uclogic 0003:256C:006D.00CF: failed probing pen v2 parameters: -71
[ 1251.161724][T18569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1251.173078][T18569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1251.183301][T18569] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1251.192725][T17439] uclogic 0003:256C:006D.00CF: failed probing parameters: -71
[ 1251.196942][T22347] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 1251.200224][T17439] uclogic: probe of 0003:256C:006D.00CF failed with error -71
[ 1251.225056][T18569] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.234048][T18569] usb 4-1: config 0 descriptor??
[ 1251.240634][T17439] usb 2-1: USB disconnect, device number 27
[ 1251.261061][T22347] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 1251.268099][T22347] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1251.484991][T22355] attempt to access beyond end of device
[ 1251.484991][T22355] loop4: rw=524288, want=45072, limit=40427
[ 1251.496653][T22355] attempt to access beyond end of device
[ 1251.496653][T22355] loop4: rw=0, want=45072, limit=40427
[ 1251.827528][T21632] attempt to access beyond end of device
[ 1251.827528][T21632] loop4: rw=2049, want=45104, limit=40427
[ 1251.845539][T22359] FAULT_INJECTION: forcing a failure.
[ 1251.845539][T22359] name failslab, interval 1, probability 0, space 0, times 0
[ 1251.875718][T22359] CPU: 0 PID: 22359 Comm: syz.1.5232 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1251.886929][T22359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1251.896827][T22359] Call Trace:
[ 1251.899949][T22359]  <TASK>
[ 1251.902727][T22359]  dump_stack_lvl+0x151/0x1c0
[ 1251.907248][T22359]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1251.912792][T22359]  ? avc_has_perm+0x16f/0x260
[ 1251.917305][T22359]  ? __kasan_check_write+0x14/0x20
[ 1251.922253][T22359]  dump_stack+0x15/0x20
[ 1251.926241][T22359]  should_fail+0x3c6/0x510
[ 1251.930500][T22359]  __should_failslab+0xa4/0xe0
[ 1251.935095][T22359]  ? sock_alloc_inode+0x1b/0xb0
[ 1251.939784][T22359]  should_failslab+0x9/0x20
[ 1251.944121][T22359]  slab_pre_alloc_hook+0x37/0xd0
[ 1251.948895][T22359]  ? sock_alloc_inode+0x1b/0xb0
[ 1251.953580][T22359]  kmem_cache_alloc+0x44/0x200
[ 1251.958181][T22359]  ? sockfs_init_fs_context+0xb0/0xb0
[ 1251.963400][T22359]  sock_alloc_inode+0x1b/0xb0
[ 1251.967901][T22359]  ? sockfs_init_fs_context+0xb0/0xb0
[ 1251.973125][T22359]  new_inode_pseudo+0x64/0x220
[ 1251.977711][T22359]  __sock_create+0x135/0x760
[ 1251.982136][T22359]  __sys_socketpair+0x29f/0x6e0
[ 1251.986823][T22359]  ? __ia32_sys_socket+0x90/0x90
[ 1251.991596][T22359]  ? __ia32_sys_read+0x90/0x90
[ 1251.996197][T22359]  ? debug_smp_processor_id+0x17/0x20
[ 1252.001410][T22359]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1252.007308][T22359]  __x64_sys_socketpair+0x9b/0xb0
[ 1252.012166][T22359]  x64_sys_call+0x19b/0x9a0
[ 1252.016508][T22359]  do_syscall_64+0x3b/0xb0
[ 1252.020856][T22359]  ? clear_bhb_loop+0x35/0x90
[ 1252.025356][T22359]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1252.031086][T22359] RIP: 0033:0x7f4e0cac7ff9
[ 1252.035343][T22359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1252.054780][T22359] RSP: 002b:00007f4e0b741038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[ 1252.063023][T22359] RAX: ffffffffffffffda RBX: 00007f4e0cc7ff80 RCX: 00007f4e0cac7ff9
[ 1252.070835][T22359] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e
[ 1252.078649][T22359] RBP: 00007f4e0b741090 R08: 0000000000000000 R09: 0000000000000000
[ 1252.086460][T22359] R10: 0000000020000940 R11: 0000000000000246 R12: 0000000000000001
[ 1252.094267][T22359] R13: 0000000000000000 R14: 00007f4e0cc7ff80 R15: 00007ffeeb849158
[ 1252.102172][T22359]  </TASK>
[ 1252.105263][T22359] socket: no more sockets
[ 1252.415692][T18569] usb 4-1: string descriptor 0 read error: -71
[ 1252.500893][T22375] input: syz0 as /devices/virtual/input/input290
[ 1252.737290][T18569] uclogic 0003:256C:006D.00D0: failed retrieving string descriptor #200: -71
[ 1252.745980][T18569] uclogic 0003:256C:006D.00D0: failed retrieving pen parameters: -71
[ 1252.753831][T18569] uclogic 0003:256C:006D.00D0: failed probing pen v2 parameters: -71
[ 1252.761790][T18569] uclogic 0003:256C:006D.00D0: failed probing parameters: -71
[ 1252.769066][T18569] uclogic: probe of 0003:256C:006D.00D0 failed with error -71
[ 1252.783904][T18569] usb 4-1: USB disconnect, device number 7
[ 1253.399462][T22401] loop4: detected capacity change from 0 to 256
[ 1253.472877][T22401] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[ 1253.642865][T22405] binder: 22404:22405 ioctl 4004af61 20000080 returned -22
[ 1253.650500][T17439] ==================================================================
[ 1253.658394][T17439] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120
[ 1253.666030][T17439] Read of size 8 at addr ffff8881252f2d08 by task kworker/1:0/17439
[ 1253.673926][T17439] 
[ 1253.676106][T17439] CPU: 1 PID: 17439 Comm: kworker/1:0 Tainted: G        W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1253.687378][T17439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1253.697276][T17439] Workqueue: events binder_deferred_func
[ 1253.702739][T17439] Call Trace:
[ 1253.705865][T17439]  <TASK>
[ 1253.708643][T17439]  dump_stack_lvl+0x151/0x1c0
[ 1253.713158][T17439]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1253.718625][T17439]  ? panic+0x760/0x760
[ 1253.722529][T17439]  ? kasan_quarantine_put+0x34/0x1a0
[ 1253.727650][T17439]  print_address_description+0x87/0x3b0
[ 1253.733032][T17439]  kasan_report+0x179/0x1c0
[ 1253.737390][T17439]  ? _raw_spin_lock+0xa4/0x1b0
[ 1253.741974][T17439]  ? __list_del_entry_valid+0x2f/0x120
[ 1253.747266][T17439]  ? __list_del_entry_valid+0x2f/0x120
[ 1253.752561][T17439]  __asan_report_load8_noabort+0x14/0x20
[ 1253.758032][T17439]  __list_del_entry_valid+0x2f/0x120
[ 1253.763147][T17439]  binder_release_work+0xcd/0x680
[ 1253.768009][T17439]  binder_deferred_func+0x1847/0x1bc0
[ 1253.773216][T17439]  ? read_word_at_a_time+0x12/0x20
[ 1253.778163][T17439]  process_one_work+0x6bb/0xc10
[ 1253.782854][T17439]  worker_thread+0xad5/0x12a0
[ 1253.787364][T17439]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1253.792052][T17439]  kthread+0x421/0x510
[ 1253.796040][T17439]  ? worker_clr_flags+0x180/0x180
[ 1253.800900][T17439]  ? kthread_blkcg+0xd0/0xd0
[ 1253.805328][T17439]  ret_from_fork+0x1f/0x30
[ 1253.809584][T17439]  </TASK>
[ 1253.812445][T17439] 
[ 1253.814613][T17439] Allocated by task 22405:
[ 1253.818866][T17439]  ____kasan_kmalloc+0xdb/0x110
[ 1253.823553][T17439]  __kasan_kmalloc+0x9/0x10
[ 1253.827894][T17439]  kmem_cache_alloc_trace+0x115/0x210
[ 1253.833100][T17439]  binder_thread_write+0x9f5/0x6ec0
[ 1253.838133][T17439]  binder_ioctl_write_read+0x1ba/0xd00
[ 1253.843447][T17439]  binder_ioctl+0x371/0x2640
[ 1253.847854][T17439]  __se_sys_ioctl+0x114/0x190
[ 1253.852368][T17439]  __x64_sys_ioctl+0x7b/0x90
[ 1253.856793][T17439]  x64_sys_call+0x98/0x9a0
[ 1253.861050][T17439]  do_syscall_64+0x3b/0xb0
[ 1253.865299][T17439]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1253.871030][T17439] 
[ 1253.873200][T17439] Freed by task 17439:
[ 1253.877102][T17439]  kasan_set_track+0x4b/0x70
[ 1253.881531][T17439]  kasan_set_free_info+0x23/0x40
[ 1253.886306][T17439]  ____kasan_slab_free+0x126/0x160
[ 1253.891249][T17439]  __kasan_slab_free+0x11/0x20
[ 1253.895850][T17439]  slab_free_freelist_hook+0xbd/0x190
[ 1253.901057][T17439]  kfree+0xc8/0x220
[ 1253.904704][T17439]  binder_free_ref+0x128/0x260
[ 1253.909302][T17439]  binder_deferred_func+0x171c/0x1bc0
[ 1253.914509][T17439]  process_one_work+0x6bb/0xc10
[ 1253.919197][T17439]  worker_thread+0xad5/0x12a0
[ 1253.923710][T17439]  kthread+0x421/0x510
[ 1253.927615][T17439]  ret_from_fork+0x1f/0x30
[ 1253.931869][T17439] 
[ 1253.934037][T17439] The buggy address belongs to the object at ffff8881252f2d00
[ 1253.934037][T17439]  which belongs to the cache kmalloc-64 of size 64
[ 1253.947837][T17439] The buggy address is located 8 bytes inside of
[ 1253.947837][T17439]  64-byte region [ffff8881252f2d00, ffff8881252f2d40)
[ 1253.960771][T17439] The buggy address belongs to the page:
[ 1253.966250][T17439] page:ffffea000494bc80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1252f2
[ 1253.976308][T17439] flags: 0x4000000000000200(slab|zone=1)
[ 1253.981783][T17439] raw: 4000000000000200 ffffea0004762f00 0000001400000007 ffff888100042780
[ 1253.990214][T17439] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 1253.998611][T17439] page dumped because: kasan: bad access detected
[ 1254.004874][T17439] page_owner tracks the page as allocated
[ 1254.010415][T17439] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 20645, ts 1146939423014, free_ts 1146916709435
[ 1254.026647][T17439]  post_alloc_hook+0x1a3/0x1b0
[ 1254.031255][T17439]  prep_new_page+0x1b/0x110
[ 1254.035585][T17439]  get_page_from_freelist+0x3550/0x35d0
[ 1254.040965][T17439]  __alloc_pages+0x27e/0x8f0
[ 1254.045394][T17439]  new_slab+0x9a/0x4e0
[ 1254.049296][T17439]  ___slab_alloc+0x39e/0x830
[ 1254.053729][T17439]  __slab_alloc+0x4a/0x90
[ 1254.057891][T17439]  __kmalloc+0x16d/0x270
[ 1254.061971][T17439]  kvmalloc_node+0x1f0/0x4d0
[ 1254.066403][T17439]  f2fs_build_node_manager+0xf2f/0x2180
[ 1254.071775][T17439]  f2fs_fill_super+0x6348/0x8170
[ 1254.076551][T17439]  mount_bdev+0x282/0x3b0
[ 1254.080719][T17439]  f2fs_mount+0x34/0x40
[ 1254.084711][T17439]  legacy_get_tree+0xf1/0x190
[ 1254.089222][T17439]  vfs_get_tree+0x88/0x290
[ 1254.093474][T17439]  do_new_mount+0x2ba/0xb30
[ 1254.097814][T17439] page last free stack trace:
[ 1254.102326][T17439]  free_unref_page_prepare+0x7c8/0x7d0
[ 1254.107622][T17439]  free_unref_page_list+0x14b/0xa60
[ 1254.112654][T17439]  release_pages+0x1310/0x1370
[ 1254.117259][T17439]  free_pages_and_swap_cache+0x8a/0xa0
[ 1254.122548][T17439]  tlb_finish_mmu+0x177/0x320
[ 1254.127150][T17439]  exit_mmap+0x40d/0x940
[ 1254.131237][T17439]  __mmput+0x95/0x310
[ 1254.135049][T17439]  mmput+0x5b/0x170
[ 1254.138690][T17439]  do_exit+0xb9c/0x2ca0
[ 1254.142772][T17439]  do_group_exit+0x141/0x310
[ 1254.147196][T17439]  __x64_sys_exit_group+0x3f/0x40
[ 1254.152144][T17439]  x64_sys_call+0x610/0x9a0
[ 1254.156482][T17439]  do_syscall_64+0x3b/0xb0
[ 1254.160734][T17439]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1254.166466][T17439] 
[ 1254.168634][T17439] Memory state around the buggy address:
[ 1254.174109][T17439]  ffff8881252f2c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1254.182091][T17439]  ffff8881252f2c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1254.189986][T17439] >ffff8881252f2d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1254.197885][T17439]                       ^
[ 1254.202054][T17439]  ffff8881252f2d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1254.209950][T17439]  ffff8881252f2e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 1254.217843][T17439] ==================================================================
[ 1254.225745][T17439] Disabling lock debugging due to kernel taint
[ 1254.232045][T17439] general protection fault, probably for non-canonical address 0xf27bfc6040000883: 0000 [#1] PREEMPT SMP KASAN
[ 1254.243577][T17439] KASAN: maybe wild-memory-access in range [0x93e0030200004418-0x93e003020000441f]
[ 1254.252844][T17439] CPU: 1 PID: 17439 Comm: kworker/1:0 Tainted: G    B   W         5.15.161-syzkaller-00463-g8e36931104ac #0
[ 1254.264317][T17439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1254.274213][T17439] Workqueue: events binder_deferred_func
[ 1254.279674][T17439] RIP: 0010:__list_del_entry_valid+0x75/0x120
[ 1254.285577][T17439] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 3c b4 48 ff 49 8b 17 4c 39 f2 75
[ 1254.305017][T17439] RSP: 0018:ffffc90000b07c00 EFLAGS: 00010a03
[ 1254.310918][T17439] RAX: 127c006040000883 RBX: ffff8881240bfa00 RCX: ffffffff8269fff9
[ 1254.318727][T17439] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff8881252f2d00
[ 1254.326539][T17439] RBP: ffffc90000b07c20 R08: ffffffff814194db R09: 0000000000000003
[ 1254.334353][T17439] R10: fffffbfff0e99e4c R11: dffffc0000000001 R12: dffffc0000000000
[ 1254.342165][T17439] R13: ffff8881252f2d00 R14: ffff8881252f2d00 R15: 93e003020000441f
[ 1254.349972][T17439] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1254.358739][T17439] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1254.365164][T17439] CR2: 000000110c247fe1 CR3: 0000000006a0f000 CR4: 00000000003506a0
[ 1254.372976][T17439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1254.380784][T17439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1254.388594][T17439] Call Trace:
[ 1254.391719][T17439]  <TASK>
[ 1254.394506][T17439]  ? __die_body+0x62/0xb0
[ 1254.398663][T17439]  ? die_addr+0x9f/0xd0
[ 1254.402655][T17439]  ? exc_general_protection+0x311/0x4b0
[ 1254.408040][T17439]  ? check_panic_on_warn+0x65/0xb0
[ 1254.412992][T17439]  ? asm_exc_general_protection+0x27/0x30
[ 1254.418541][T17439]  ? check_panic_on_warn+0x5b/0xb0
[ 1254.423494][T17439]  ? __list_del_entry_valid+0x49/0x120
[ 1254.428778][T17439]  ? __list_del_entry_valid+0x75/0x120
[ 1254.434074][T17439]  binder_release_work+0xcd/0x680
[ 1254.438933][T17439]  binder_deferred_func+0x1847/0x1bc0
[ 1254.444229][T17439]  ? read_word_at_a_time+0x12/0x20
[ 1254.449177][T17439]  process_one_work+0x6bb/0xc10
[ 1254.453868][T17439]  worker_thread+0xad5/0x12a0
[ 1254.458375][T17439]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1254.463156][T17439]  kthread+0x421/0x510
[ 1254.467072][T17439]  ? worker_clr_flags+0x180/0x180
[ 1254.471921][T17439]  ? kthread_blkcg+0xd0/0xd0
[ 1254.476342][T17439]  ret_from_fork+0x1f/0x30
[ 1254.480598][T17439]  </TASK>
[ 1254.483456][T17439] Modules linked in:
[ 1254.487294][T17439] ---[ end trace eef80af76cd47107 ]---
[ 1254.492504][T17439] RIP: 0010:__list_del_entry_valid+0x75/0x120
[ 1254.498417][T17439] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 3c b4 48 ff 49 8b 17 4c 39 f2 75
[ 1254.518105][T17439] RSP: 0018:ffffc90000b07c00 EFLAGS: 00010a03
[ 1254.523992][T17439] RAX: 127c006040000883 RBX: ffff8881240bfa00 RCX: ffffffff8269fff9
[ 1254.531913][T17439] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff8881252f2d00
[ 1254.539688][T17439] RBP: ffffc90000b07c20 R08: ffffffff814194db R09: 0000000000000003
[ 1254.547524][T17439] R10: fffffbfff0e99e4c R11: dffffc0000000001 R12: dffffc0000000000
[ 1254.555239][T17439] R13: ffff8881252f2d00 R14: ffff8881252f2d00 R15: 93e003020000441f
[ 1254.563099][T17439] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1254.571834][T17439] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1254.578307][T17439] CR2: 000000110c247fe1 CR3: 0000000006a0f000 CR4: 00000000003506a0
[ 1254.586148][T17439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1254.594474][T17439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1254.602781][T17439] Kernel panic - not syncing: Fatal exception
[ 1254.608916][T17439] Kernel Offset: disabled
[ 1254.613046][T17439] Rebooting in 86400 seconds..