last executing test programs:

4.541163994s ago: executing program 4 (id=1074):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
dup(r2)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)

4.503680787s ago: executing program 4 (id=1076):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = syz_io_uring_setup(0x288f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0xffdffffe}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f4, 0x0, 0x0, 0x0, 0x0)

4.388006376s ago: executing program 4 (id=1077):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, 0x0)
sendto(r0, &(0x7f0000000740)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3bf52a6b2cdb77ef9af2a603a3e78adff59fbb22bae1b2443011fd801251bcef8f165533aac58c7556dd51edc5a6865d4e29f0bbd0ed602050000000000002944de604d849a1e3b32905b0d26e9ff34b83f38a2ae8b1c6748ef8b87ef2a359249c3e294931489ba57f83f96048684434854ab3b6ad59f45e832972639508fe4dcb371c013bc129572e996a7db94fae8d71a076ec54a28a926e37c7a678a5e16c121f27527bf75fb49d31d41a5", 0xc5, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000100)={0x0, 0xffffa811}, 0x8)
sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x52, 0x0, 0x0)

4.149126086s ago: executing program 2 (id=1079):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto(r0, &(0x7f0000000740)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3bf52a6b2cdb77ef9af2a603a3e78adff59fbb22bae1b2443011fd801251bcef8f165533aac58c7556dd51edc5a6865d4e29f0bbd0ed602050000000000002944de604d849a1e3b32905b0d26e9ff34b83f38a2ae8b1c6748ef8b87ef2a359249c3e294931489ba57f83f96048684434854ab3b6ad59f45e832972639508fe4dcb371c013bc129572e996a7db94fae8d71a076ec54a28a926e37c7a678a5e16c121f27527bf75fb49d31d41a5", 0xc5, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x52, 0x0, 0x0)

3.532169856s ago: executing program 4 (id=1084):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_mount_image$fuse(0x0, 0x0, 0x850, 0x0, 0x1, 0x0, &(0x7f0000000080)="8aa55cd676d0e0d9ffeede84056451edb50600e4e23e1f7bfdb58067cc29aeb2faed445270d3a68109db3aa13e55")
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000))

3.387544637s ago: executing program 1 (id=1085):
timer_create(0xfffffffffffffffd, 0x0, &(0x7f0000001400)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)
timer_gettime(0x0, 0x0)

3.347303721s ago: executing program 1 (id=1086):
r0 = socket$inet6(0xa, 0x2, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000540)={0x9, 0xffffffffffffffff, 0x5, 0x200, 0x4, 0x4, 0x5, 0x8000000000000000}, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @local, 0x5}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00\x00\x00'], 0x28}}], 0x1, 0x20042004)
sendmmsg$inet6(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4004844)

3.180194794s ago: executing program 3 (id=1087):
r0 = socket$netlink(0x10, 0x3, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000", 0x36}], 0x1)

2.681809204s ago: executing program 0 (id=1089):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x48, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0xc300, 0x2, 0x1, 0x0, {0x4, 0x1000, 0x0, 0x8a, 0x0, 0x1, 0x1, 0x1}, 0x1, 0xee000000, 0x1b}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20044080}, 0x0)

2.625253378s ago: executing program 4 (id=1090):
syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c6163746976655f6c6f67733d362c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c616c6c6f635f6d6f64653d72657573652c6e6f61636c2c686561702c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6a71666d743d7666736f6c642c0059f4bd815bd5269b4f523c9fa8d344a3944fb455fe1b97b3eda5f977db05bfa9d02cc67646849b46fd481fbbd5b0fd213353e4ae7755b4985d63c4a5e13292c6d514d644c884482f93129a82c26ad8f1f7191de0ca75795a5f697573c1828a8ecf4a82e89215d1979fa2738c76683b231a638e5a0d6bd7235d108d564d307b3067ab6ac37a59e50763a2be3d70a1260e"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$kcm(0xf, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x140, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_io_uring_setup(0x42e9, &(0x7f0000000200)={0x0, 0xfe3a, 0x0, 0x3, 0x20000}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
socketpair(0x1e, 0x80004, 0x0, &(0x7f0000000cc0))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, 0x0, 0x0}, 0x20)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0})
io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0)

2.524153617s ago: executing program 0 (id=1091):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = accept(r2, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r4, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2.494918149s ago: executing program 2 (id=1092):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000380)='omfs\x00', 0x2208004, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=@newtaction={0x48, 0x30, 0x1, 0x2, 0x25dfdbfc, {}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8010}, 0x2000000)
syz_io_uring_setup(0x6fea, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000003, 0x0, {0xfffe}})

2.48327158s ago: executing program 1 (id=1093):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x2e3, &(0x7f0000000280)="$eJzs3M9LG2kYwPEnMYkxoslh2WUXFh92L7uXQbP3paEolAYq1pT+gNJRJ23INJFMsKSU2p56Lf0jehCP3oTWf8BLbz310puXQg/1UDol8yNGjdXGH/HH9wPyvvq8T+Z9Z1Sed2Bm4+bLh+WiYxTNukSTKhERkU2RjEQlFAnaqNdPSLtn8u/g5/d/Xr91+2ounx+fUp3ITf+XVdXhkTePngwEw1b7ZT1zd+NT9uP6r+u/b3ybflBytORopVpXU2eqH+rmjG3pXMkpG6qTtmU6lpYqjlXz41U/XrSr8/MNNStzQ6n5muU4alYaWrYaWq9qvdZQ875ZqqhhGDqUEuynsDQ1Zea6TJ494sngmNRqObNPRAZ2RQpLPZkQAADoqaD+b1X70WZJ3039H+tY/y//tVYfvLEyHNT/q4lm/S/SVv/f2/qsbfV/UkSOvf7fXRGdL6774/ih6n+cEc36PxX8/Xqe31ke9TrU/wAAAAAAAAAAAAAAAAAAAAAAnAWbrpt2XTcdtuFXv4gkvSdI/O97PU8cD67/xbb14o7YsIj9YqGwUPDbYMCaiNhiyaik5av3+xBo9hOi3iBtyshbezHIX1wo9HmRXFFKXv6YpCWzM991J67kx8fUtz0/Lqn2/Kyk5ZfO+dmd+fFmm5B//m7LNyQt72alKrbMBU/GhflPx1QvX8vvOP6ANw4AAAAAgPPA0JbW/r2/PW7sjvv7Yz/e2l93vD/g769HO+7vY/JHrFerBgAAAADgYnEaj8umbVu1c9cJV3jQrPC9xnuMiUhkr9ARdMKDn4JTFz/QGYt2NdWRxE9elI6d8LbRXmNksptPdtMihz2Hv716/eXorsX/K8l9VtptJ7HfSuMn9x8IAAAAwEnZKvrDn1zq7YQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiATuLFcr1eIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBafA8AAP//ohEIjg==")
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
fsopen(&(0x7f0000000040)='jfs\x00', 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00')
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.344151671s ago: executing program 3 (id=1094):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$alg(0xffffffffffffffff, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004a80)=ANY=[], 0x1008}, 0x1, 0x0, 0x0, 0x844}, 0x24044804)
openat(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0xfffffffffffffdec)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x2}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x22044028}, 0x800)

1.512604468s ago: executing program 1 (id=1095):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x800000000, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000080)={0xa, 0x2, 0x0, "81defc5789176beb8c6301cd2d8161670cce6570a5760ef394fd7513c0a80f93", 0x30364d54})

1.511619598s ago: executing program 2 (id=1096):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4c084)
r0 = socket$inet(0x2, 0x3, 0x400002)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x8004, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x800, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x80d481, &(0x7f00000006c0)={[{@dax_always}, {@nolazytime}, {@abort}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@dioread_nolock}, {@jqfmt_vfsv0}, {@nomblk_io_submit}, {@nobarrier}]}, 0x0, 0x5e9, &(0x7f0000002540)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDYkXE9fMdqZ029ltt7TdpvP5JEtn5s30vWH63ffm7XuzAZTWYPpPJWJ/REwnEf3J/GJaZ2SJgwv7Pfj7k7PpK4lq9Y0/k0iybfn+SfazLzu4JyJ+/imJfR0r852Zu3ZxfGpq8mq2Pjx7aXp4Zu7a4QuXxs9Pnp+8PPrS6Injx46fGDmyrvO6XrDt9M33P+z/bOzt7775Nxn5/rexJE7Gq9mOS8+jiRutlGEwBmv/J8nKpL4Trfyibawj+ztZeomTzqI9u7auUKxZfv3Sq/NU9EdHPLx4/fHpa20tHLCpqklEFSipRPxDSeXtgPzefvl9cKUtrRJgK9w/tdABsDL+Oxf6BqOn1jew+0ESS7t1kohYX89cvT0RcffO2M1zd8Zuxtr74YANMH8jIp4uiv+kFv8D0RMDtfiv1MV/2i44k/1Mt7++zvyXdxWLf9g6C/Hf0zT+o0H8v7Mk/t9dZ/6DDxff662L/96i3d2OAAAAAAAAQBO3T0XEi0Wf/1cWx/9Ewfifvog4uQH5Dy5bX/n5f+XeBmQDFLh/KuKVwvG/lfzj9oGObOmx2niAruTchanJIxHxeEQciq5d6fpIkzwOf77v60Zpg9n4v/yV5n83GwuYleNe5676YybGZ8cf9byBiPs3Ip4pHP+bLNb/SUH9n74fTK8xj33P3zrTKG31+Ac2S/XbiIOF9f/Dp1YkzZ/PMVxrDwznrYKVnv34ix8a5b/e+C98xATQkrT+3908/geSpc/rmWk9j6NzndVGaett/3cnb9YeOdOdbftofHb26khEd3K6I91at3209TLDTpTHQx4vafwfeq55/19R+783IuaX/e7kr/o5xbkn/+v7vVF5tP+hfdL4n2ip/m99YfTWwI+N8l9b/X+sVtcfyrbo/4MFX+Vh2l2/vSAcO4uStrq8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALATVCJiTySVocXlSmVoKKIvIp6I3ZWpKzOzL5y78sHliTSt9v3/lfybfvsX1pP8+/8HlqyPLls/GhF7I+LLjt7a+tDZK1MT7T55AAAAAAAAAAAAAAAAAAAA2Cb6Gsz/T/3R0e7SAZuus90FANqmIP5/aUc5gK2n/ofyEv9QXuIfykv8Q3mJfygv8Q/lJf6hvMQ/AAAAAADsKHsP3P41iYj5l3trr1R3ltbV1pIBm63S7gIAbeMRP1Behv5AebnHB5JV0nsaHrTakc1Mn32EgwEAAAAAAAAAAACgdA7uN/8fysr8fygv8/+hvPL5/wfaXA5g67nHB2KVmfyF8/9XPQoAAAAAAAAAAAAA2Egzc9cujk9NTV618Nb2KEb9wj/VzcyiWq1eT/8KtsOZ7oCFfCj8dinPsoV8rt/ajmrfexIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDv/wAAAP//AH8mXQ==")
r2 = syz_open_dev$hidraw(0x0, 0x0, 0x14a042)
preadv(r2, &(0x7f0000000380)=[{&(0x7f0000000280)=""/240, 0xf0}], 0x1, 0x33, 0x2)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

1.36814229s ago: executing program 0 (id=1097):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
dup(r2)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)

1.353370701s ago: executing program 4 (id=1098):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r0}, 0x18)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8)
close(r2)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

1.310314914s ago: executing program 0 (id=1099):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_open_dev$dri(0x0, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000000)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000b00)={0x8, {"4a1c8686bcfee5208f0167953a62825b02ea50f67f1823f7773c3bc3212c1edd6c1949f236e43d41fc2fd343c04c4e6d954f66533aa0868cc7f34bb8996000634ce6c30deef2d8643aaa60b953146c94ac2c37b4d179db199ea84b5d351ad7972fbe5e0c5444323bdd85ec91359d206210064b54a9397831346aab546a2dfc7ff5bcf090a67f7e08458c6bac3c85d3d25f8c87cbad060cfc28e7bbc31a9236b2f06fb9da184a0a5894477d35de8df7fe672f47c260e28c3cb6444f0de8579253baacec249e1cafb6ad04a1f02bb74ae1e64bf3b4c848b4b69b36d15aa292fe2ad7c4988b86b7d1e7a4232b23465eb6240ac1e567761759c00d145b6edb5f041fd5eca6d94862233aa57093bbead8ced6643e4e482b151fa687bef6a7fd049df564ea97fcf61c8a2efa8708d17fae9c4b6fd66e12c8c451825f0239862afa7676a53c912b4c44d4ce76f5f2d234b648391bf1dce26d665b79646604d38d93c66a3a48fe8bae57e19d418674ddc60c20ff01f21baffeaa2d68be0b4e74657918f1fa48119cb84b9659acbe84b0bb43a8df61f200221f3b7a633ddc01b4611cb4d769cbc14254dcd64133501ee293b0aed25377ac81406df222137caca6c04849dfd8353d6067c878aa9b6b04fc827a8077b5c44f6b662195b43a8888b3ba3e61622e0081a8392e0a55c0f92d8b917589205071829c851ddc28a6f39b4e338205849753ef1db6950f59fa0c52c5f51722891d0ab3266f4e69b8fbead1bfe1d0eb10e304f494366950e336d7146926b73353da31c156a629dc34632eb92756e1584f024a07761facf2f8983cd41dfc4777561b373144ccbf450b87aa8c64ce759c9256a27798e05286ea7bccfc3e3510efc9558b3f7ea4d24e59d97d4a9609e4ea8c194ae551933bec2a97914e0ec1b4e7ad40609c4b3c3fd85d4df8761e10bca6f4c525ffee14f79fb40d9d9555c8ceb16004a17f92bc2ff675e97eae53fc6a47dd91b18401c672a9cfa7ff0ee243e0ab59e52389e799e0faad1446c06e297ffa7633a654f5eae529db41a535c4398e10c1eeb6cc2eaf462b323c7cbc471dc828798f094b9be68f76706f232979db2a806db3de1650ff42d1c69d491a3a1d876bdd35092e52421f0517bd9cdbfc772bb2d15bd7b8bdddea20eb1a0831b7fc25e20a1873bc480e781081588f5100860c056211e8b27d8e786c000cf4abb07c01674d42c21179a6f0f9eb7b1b66773c9c4b00d1a5eba3ad00f80ea97174f943d30653b3ed87369b2e0048e1e14eca44a6305963875dad15e5be4b2cd0177908382a8ce9d28ce890100e4e533fcbaad459f6c2e5a1076d547071041b117023e88f38eca9032c2eea9ecd37fc5e5b75601c6a48d0ad6082acf4da67dbf574735b5bd1a6a2f6c042322f39a76b99f67cb2d25e5b6834c87330644866b7435a96e1ed657a8cb0f9210b85875f835a5e50f7cb9a7bf03c8b8b08d9b289ec1bcae9c2240959a2f13f7d1978ec6c31a2459db59dff20a185749573d8d33fa04650953bd98ee0d2dc7ff2ece740e0e44794c32c8545327c9b0f4165eaa0b774f3dd84828c919cb6010569129ed1660d5ebaa0c79f8a8457f6e881c710a8f5d54dda474727ad2f04c639210cfee42fe5bedb9ab07627e08475442d5f776364779b09a5ab9df633a46afe7c5a08dd568800ee14c1808e46c41b1658a8d51c95f9e0a3992070eb4c645d3ae8bfda5aecd11750a634d7588d77e881d10038f7a6b446f465594ba98393b6fef4be981e71f92a033628420812063e42fc820b8d87a0e2b7073858c624806822dd6bd01855044d982365924d691b0c43b55101fb71de32ae5bba3ea92c2c753d51feb2a85989fafd0dc96e7eef7c2cd8d85d132501b3f2106f1caf1332c6f67a5f7a9db315e5d50a89244b9a7d979f0b2e3817197c5da18fb18b54fed53cc836f6d1dc5b0fdb9d6db8af03f9447bcd5105abe4646fb02799d728337cc08d86492ba0cc276691b0495173faf90806bc83160c2de9ff381675d7c092813f5441bd52a570f9bbf3c89b90b2b100071c57e88cf4c609e94b33b16b1528cdd108d594bd49a2c198b05f57e0366c71bdf24f00e8e9b8e8045d451093793a2a0c7bfe1f1cff0181d8880310390b8aa40d0bf06314d97ce34b4211a30b6e52cef2e59327d20d9059e0c66b8d8c602f1bacc688d5764ddcd53467757180b29d7ef66c483a2d541e38f7cf3aa70e7825877ad98df7ea45d819834ffe6e58699b1420e53d6e0b0897bb919baa6ec2417a0b7b678f69abc3c2036b583f6ceb7689c5262d90c016b4c0779dd7bbf1867d26cfef12c7543fcf8366482aa58630ddb95c9b35bb4a6b7e98519611f5c44f7527541d45021bbc04730cc7ace246842a01dacce586ae6ffe4c0ece46ccd9a15c06c5fdda6383233d46286dafd14c1d1c434eb60821c0fa2ac62d164806d4790aa0ac25c8f1565ccdf19796e58ba69f08e39b75832b710de6cee8cdc239e0c10aa01baf81bf2b7f946366f87392a8bcd601be4977096cbe1db6d36b4c3125658cfc98920dfceccfa82a2552c16a04adfd4c7b800900719550a8c9a64bb71ba5580a2bf5dfee193b664bc4ed3ec49f015921a91a30d882b582634a13ae5334969b72ae1b5f2839f116961e5b7352b1a61b079e8ce3896dd57bdc1807b8f062d17ec4f3e13370461117af3155cf8516acc52752fc64501852f178ddef4228b3509e5ca8d9c70e94a87ea49904882265e0fe895a1b13c062955ab889f29cb66c6ad0c57e726bf0b5e78717c96b70d57e64f65bdb01c5105a54ff9855030b1c8afc211588c9835a276bdf8e35dd3de2defcac86603aab111df629f55729472edc199901eca23206427d3ad0cd20e33710a0538be06ff03f12d1ef8d1f59c10f225a6dd609daa05f95618426a01e9ffd9c3a8d59cda168a2b9357269c2d6b1194a3b196e096ecf0ae85b4d39ad26eb5b4b95df8217a7f3fe0b193de8244df14ffdab8bfe2eb40a94ec5b3166ae8c24525fa2e86a6493ae86fa47816f77e4c601df12d636b46415b9ffbbb250107f7d2a71156efcbb60296d9e9a3050a7018f76948ed24ca12c8a5c3a5d2b0afc2cedb1801cecb27d8e1636199c3f393535aef6e5a65b0a05c1aa7d6b25585d23e13108a2e3f496ebab022b0769a7feb5a026625cfc8ac64bedc9194f29d865e080a8924d67b57db1bd85cec5a504302547d30231532400a4a63dc6ce226a36bc030b8eb3071b74cdd228e07640c9489f14ecbdd96da61989bad374634f1818fbce2b0e2d3f9dbb8d11fb605ac027b23ce8257376a6da3a7e9593beff87270900a76158b8521eb5e48d9a4018cf2935066f60cb1c5636fb3299661f7e9f7ca3e098df990bd3ac4948a6bd77520a1204d2fabd4ab7eb9e81fc72909a56a371a7c2384fcbaedc5e52b6be65864e50647bf75b3798cfc91f9af29b4e42a904e6f43ee5c52f78eeb07b67d2040d11bcc1751eaa8022471c8f9acddcb650272f325e95a988609d00aefa96e94a1852e7027065dcd294da21a7e8771f1c493d1f19d85484263d0f2123ddc3b03de16c40a2b55523a85ce2ebc45d5778cb1976444a9e34ad6938e32fdd7e1bb8679f5c28dbf32859ba77f983cc99e639c3dec7fd5892b40fe96a21cfc9821a4fcb2dc862e86d1b07ebb50a4e542585116c23cc394f5d907aca0370222d3b742aa6b1b5297c7f3248d63e7252540b571694dcbe529ff655eaa6706b70e1166a23d878f16d2d9bfda2a702f379aab623e80653d8d730b22371f85a8544446c2365154ad0c80c337d74519906c84b68c086c84ee19b8a11a2e2b7832eaf4c3741e69a5a5be6ec0a422f35c2da03edde307266f1684323700242fcdfc43086f32e7c63b198a99fa9435caa67727337635faba24ad3053712f0e20644a9491e6348a08dbae36d6fc0d9e3fbbacce16ec5094e0c783f974b9ee243d52979ce9e41ec6eafe5b5b67e7fd3e3a44edf3e3ae240c635d2c5b486ffd55a625d5aed19b845e965ca476ffc0d33db724666ac96156fe4691b57a1c8c9eec499381dbfcc05e30ae031c9d06a74a4637cfb579423d2e2b2f075d4205f38833ed689468dc722dd80f60a1d879b3e0a42a77fde128a6bd13e973bc80985296a28b0d441913538c81f48601400896c9b48e56e015f7fc301b62415d1f7d20ddbdecd0aec257e2ff55ac7e01d0ad1908002aed4d964aa7fd0a80518fad889cda222c84095874d3585ede9b9fb7b48f56bc08db3cb62b28366be16ba54095061e292275944d1c5ee21c432f09b37802f6e287bd60ec9e310fe97e236bec962aea59f1373a97c5dd5970d5b1e34010d694863651d4508696c1ea2bed714e81413295b44414f8e38d0cb8ade88b9c724ecdba7ee3c7e02d690d76132a2e960485092591881678a8959c5adc5d55cf9571dec96207b24e11d237eaf235775136e9f220d9c5f2b34133f8a49514c9daf1488923db6d00c1227ae5ba05ebe07761a4f4df4adc94fa894a5bb9c6c609eb077a13055ddba2296b7ba493442159a635d1ae7654b56912f9bf3eda868da3e4d760555b11d3f5d4030d54589378533bc01277b27731a44bb7b15a2a921f7862874866f4924bcba403d711d8b41c2902b2d6b67631b12f810ced5e87c08e683613dcdd6332b2e2290398675ea12138c2549221226abaa865b0025f698f13e1dabd4a4dddb61ed77965b8d47feffc461587210ac4543294eccfc97e882535680b392576fd4c3b6b587f1987c6dd5b28df1da14cfe2ec98859c651e30641c1610592122348e14e563d54f93a8d125056da7983960c2bf9a4ac22209912e94d90df4934282c65c7b9e65165305c01b160124aee9e2f59b11be25cb6c97c06aa62e04844d2bbf3a1476e6bd048924b7c30166796565c98efa7aef9c9ac52a650be504d8027d6361a2ebb4017da6de1d3cfa9e86fa442c3a63cd24630d563c93540dcffa0c6923a6512ccf274c533ae5e9000c51deaf1f1d664def78059066ec55c31a98c8b44dd11c7277d3d08c0c91d9de556e18aca33e1853a0bf2ee03dcb2f1e5eb6c925c0fa850f31dad0cefcb0eb17a67876c7a61bf775c5cbe07b31b7fa3fa94eddd13af90e8c004f6356ff3ca860d01575e9972e07877b76125cae5e71e90e20493d4ab9fa6169ad64b6139bdbdf7207c7c14702bd61c0aae6a003f05a077b11e09dc5df05a2b32f41ab5005a8c22207bc9dc608ab0ad736e2dee449d5de25108a91d1311a1494b6a3ceca635407765417a74441a19e004082b14efa13bd588366fb8645b3dc97121b4ae981db1f54a3fb101ac38cd7fff38cc7f72bbbeb0e271837fafc4676f4d3beaeb5fb9bcb271f480017edf6fac074e2e9bf9a839a78ad82348cda40fc05aac23ad37c87b921347f2e00a4624b0d6bc179f5e7d027555bc4c9c9e29b59847605b717c2feec208532f098da3f418a467d7aeff336138c2de8c0eb62d637b336e96cbdf448266d15b541ec4cf11e5bd638df5fe5c0099d9eeba815c65098c101ebfc6fc2eb963331326fe9f53f55628fa4fca752b886b317e4a222357a53bd4ef2e59fc751b3798bbe25e0ef2dd19e4b17c3ffa6865c557a7791617dbd33fb6fb250b496d7c7b83adf6c7d69b7b679b2e708eae073ad289988a6bb29a477ee93e854d75468bb5692e429bb209076ffa0a449dec38fd0b29626c16c9661f1ed52f94ce30e2cdf9af8090dd30cba6c41616b7f185b299f4f754a083b2b63dcb7c4fd06a1839ce914dd134cc387552f989f6feda0", 0x1000}}, 0x1006)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000080)={0x49dd, 0xffff, 0x0, 0xc003, 0x0, "fa3d76170000001b"})
write$binfmt_aout(r4, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)={0x0, 0x4, 0x1000000b, 0x9, 0x4, "00000000000000000000c2041a02003d00"})
r5 = syz_open_pts(r4, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x17)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0)={r7}, 0x4)

1.309979844s ago: executing program 3 (id=1100):
fanotify_init(0x0, 0x0)
r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r1 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc0b02)
ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000d40)={0x0, 0x1, 0x4, 0x0, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059"})

1.255789509s ago: executing program 3 (id=1101):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)

1.254992648s ago: executing program 2 (id=1102):
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000c40)='./file0\x00', 0x808080, &(0x7f0000000c80)={[{@discard}, {@bh}, {@noblock_validity}]}, 0x2c, 0x52c, &(0x7f0000000640)="$eJzs3d9rY1kdAPBvMv2Rdjrbru7DKuqO6+oowyRtZrcs+6DriyDLssK6TyKzpc2U0qQpTbpua8EO+Oar4IBP+if4IPggzJPvvumbLyMojDo4TAWRyE1uOm2adMq0aWaazwcuOefc2/s9J3DP6T1J7glgaF2NiN2IGIuIjyNiOi3PpFu829qS4x4/3Fnce7izmIlG48N/jqRH7iy2j2+7nJ4zF/FBkh/vEre2tb26UC6XNtJ8oV5ZL9S2tm+sVBaWS8ultWJxfm5+9u2bbxXPrK2vVX7z4Dsr7330+9998f4fd7/x46TO32rtGkvadmaBDmi9L6MxdaAseefe60ewAbiUtmds0BXhmWQj4jMR8Xqa3pcbXJ0AgP5qNKajMX0w31vmBMcAAM+/5J5/KjLZfHr/PxXZbD7fnMPLvRKT2XK1Vr9+u7q5thTNOayZGM3eXimXZtO5wpkYzST5uWb6Sb7Ykb8ZES9HxM/HJ5r5/GK1vDSof3oAYMhd7hj/H423xv8T8AkBALzIjOQAMHyOjv+jA6kHAHB+3P8DwPA5MP53+60uAHAB5Tp++w8AXHwH7v9Huh7wavzkh+dXHQDgHPj8HwCGyvfefz/ZGnvp86+XPtnaXK1+cmOpVFvNVzYX84vVjfX8crW63HxmT+Vp5ytXq+tzb8bmp4V6qVYv1La2b1Wqm2v1W83net8q+WEBAAzey6/d+3MmInbfmWhu0V7LwRcC4MJzmcPwujToCgAD0/37PsAwMB8PZJ6yv+dXhO72/puJU9QH6L9rn+sx/9/tf4M7+6n/Nc6vikCfmP+H4XW6+X+zB/AiM/8Pw6vRyFjPHwCGzAnu4H1FEC64Z/78HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYVHPLZPPpWuBTkc3m8xFXImJmYjRze6Vcmo2IlyLiT+Oj40l+btCVBgBOKfv3TLr+17XpN6Y6945l/jPefI2IH/3yw198ulCvb8wl5f/aL6/fTcuLXQOM978NAMABI50F7XG6PY631/d9/HBnsb2dZwUffLu1uGgSdy/d2lVvVT4XoxEx+e/MocZkzmhh4t07EfFqZ/uz+/tn0pVPO+Mnsa/0LX40Wzh1KH72UPxsc1/rNXkvPnsGdYFhcy/pf97tdv1l42rzNb3+Moc701z87Gjn+gza/d9eo7P/a13vH1zJNfuabv3f1ZPGePMP3+25786lxudHIvaO9L/tFaFzzdSR+CMRb3Q74U+/+Wizo+gvX/jS673iN34VcS2Oi99KFeqV9UJta/vGSmVhubRcWisW5+fmZ9+++Vax0JyjLrRnqo/6xzvXX+rd/ojJHvFzx7U/Ir7a66Qdfv3fj3/w5WPif/0r3eJn45Vj4idj4tdOGH9h8rc9l+9O4i/1aP/Iofhjh/4uKbt+wvj3/7q9dMJDAYBzUNvaXl0ol0sbEqdN5Pp15svPSQMleiT+9tGha2rg9TmTxMC6JOCcPLnoB10TAAAAAAAAAAAAAACgl9r300f+9fHHcINuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX/wMAAP//OkHLZw==")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200), 0x6)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)

412.157457ms ago: executing program 1 (id=1103):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r1, 0xc2604111, &(0x7f0000000540)={0x10, [[0x586, 0x1, 0x3, 0x8, 0x8, 0x4, 0x6, 0x1], [0x5, 0x1, 0x1, 0x4, 0x0, 0xc2ca, 0xa, 0x9], [0xfffffffc, 0x10001, 0x7f, 0x2, 0x9, 0x1, 0x8000, 0x7]], '\x00', [{0x80000000, 0x6fa2, 0x0, 0x0, 0x1}, {0x1a, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x8001, 0x5, 0x0, 0x0, 0x1}, {0x7, 0x9, 0x0, 0x1, 0x0, 0x1}, {0x4, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x7ff, 0x3, 0x1, 0x1, 0x1}, {0x4, 0x3, 0x0, 0x0, 0x1, 0x1}, {0xffffffff, 0x8fc4, 0x1, 0x0, 0x1}, {0xf, 0x630, 0x0, 0x0, 0x1, 0x1}, {0x7, 0x9, 0x1}, {0x5, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7fff, 0x488800, 0x0, 0x0, 0x0, 0x1}], '\x00', 0x10001})

411.952767ms ago: executing program 1 (id=1104):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x181341, 0x0)
ioctl$TIOCGSOFTCAR(r2, 0x5414, &(0x7f0000000040))

295.463426ms ago: executing program 3 (id=1105):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r0)
sendmsg$NLBL_CALIPSO_C_ADD(r0, 0x0, 0x20020000)

278.585027ms ago: executing program 0 (id=1106):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x1c}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/234)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000002240)=0x2)
writev(r1, &(0x7f00000008c0)=[{&(0x7f0000000280)="41b978", 0x3}, {0x0}, {0x0}], 0x3)

228.157321ms ago: executing program 2 (id=1107):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x4004, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x2, @loopback, 0x8}, {0xa, 0x4e23, 0x7, @remote, 0x8}, r2, 0x10007}}, 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@dellink={0x20, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, 0xc0a742c700ab0d57, 0x301}}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x800)

223.304382ms ago: executing program 3 (id=1108):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000dd2b4256822c9e1c000098110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
r3 = syz_open_dev$vim2m(0x0, 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000580)={0x2, @sliced={0xff63, [0x0, 0x6, 0x7, 0xa, 0x1, 0x5, 0x7, 0x8, 0x9, 0x1, 0x1, 0x6, 0x0, 0x5, 0x113, 0xbe4c, 0x3, 0x40, 0x7, 0x7, 0x401, 0x3, 0x5, 0xffff, 0x4, 0x8, 0xfff8, 0xf, 0x800, 0x6, 0x2, 0x7ff, 0x4, 0x4, 0x100, 0x2, 0xc0, 0xff, 0x8000, 0x3, 0x4, 0x7fff, 0x4c, 0x2, 0xf8ff, 0x81, 0x2, 0x7fff], 0xe6}})
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff)
shmget(0x0, 0x2000, 0x10, &(0x7f0000ffd000/0x2000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r7, 0xc020f509, &(0x7f00000000c0)={r3, 0x73ae, 0x0, 0x8})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2c, r4, 0x401, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x2c}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)

160.026717ms ago: executing program 0 (id=1109):
syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c6163746976655f6c6f67733d362c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c616c6c6f635f6d6f64653d72657573652c6e6f61636c2c686561702c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6a71666d743d7666736f6c642c0059f4bd815bd5269b4f523c9fa8d344a3944fb455fe1b97b3eda5f977db05bfa9d02cc67646849b46fd481fbbd5b0fd213353e4ae7755b4985d63c4a5e13292c6d514d644c884482f93129a82c26ad8f1f7191de0ca75795a5f697573c1828a8ecf4a82e89215d1979fa2738c76683b231a638e5a0d6bd7235d108d564d307b3067ab6ac37a59e50763a2be3d70a1260e"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000740)=@framed, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$kcm(0xf, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x140, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_io_uring_setup(0x42e9, &(0x7f0000000200)={0x0, 0xfe3a, 0x0, 0x3, 0x20000}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
socketpair(0x1e, 0x80004, 0x0, &(0x7f0000000cc0))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, 0x0, 0x0}, 0x20)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0})
io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=1110):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
dup(r2)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

rdered data mode
[  121.366815][ T6300] reiserfs: using flush barriers
[  121.369057][ T6300] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  121.373134][ T6300] REISERFS (device loop4): checking transaction log (loop4)
[  121.382216][ T6300] REISERFS (device loop4): Using r5 hash to sort names
[  121.383598][ T6300] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  121.403452][ T6303] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  121.404971][ T6303] REISERFS (device loop1): using ordered data mode
[  121.409190][ T6303] reiserfs: using flush barriers
[  121.410523][ T6303] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  121.413236][ T6303] REISERFS (device loop1): checking transaction log (loop1)
[  121.550690][ T6303] REISERFS (device loop1): Using tea hash to sort names
[  121.552013][ T6303] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  121.775123][ T4431] Bluetooth: hci3: command 0x0406 tx timeout
[  121.791009][ T6305] loop3: detected capacity change from 0 to 40427
[  121.853557][ T6319] fido_id[6319]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  121.857855][ T6305] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  121.862769][ T6305] F2FS-fs (loop3): invalid crc value
[  121.890338][ T6305] F2FS-fs (loop3): Found nat_bits in checkpoint
[  121.909775][ T6305] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  121.937861][ T6311] loop0: detected capacity change from 0 to 40427
[  121.963548][ T4044] attempt to access beyond end of device
[  121.963548][ T4044] loop3: rw=2049, want=45112, limit=40427
[  121.968924][ T6311] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  121.971582][ T6311] F2FS-fs (loop0): invalid crc value
[  121.996989][ T6311] F2FS-fs (loop0): Found nat_bits in checkpoint
[  122.037698][ T6311] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  122.107117][ T4050] attempt to access beyond end of device
[  122.107117][ T4050] loop0: rw=2049, want=45112, limit=40427
[  122.120385][ T6326] loop1: detected capacity change from 0 to 32768
[  122.161931][   T26] audit: type=1326 audit(122.130:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6330 comm="syz.3.580" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa75ae0a8 code=0x0
[  122.254073][    T7] hid-generic 0000:0000:0000.0035: unknown main item tag 0x0
[  122.258544][    T7] hid-generic 0000:0000:0000.0035: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  122.276522][ T6335] loop1: detected capacity change from 0 to 1024
[  122.391646][ T6336] fido_id[6336]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  122.613207][ T4115] hid-generic 0000:0000:0000.0036: unknown main item tag 0x0
[  122.615422][ T4115] hid-generic 0000:0000:0000.0036: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  122.623701][ T6344] loop2: detected capacity change from 0 to 1024
[  122.650154][ T6341] loop0: detected capacity change from 0 to 40427
[  122.692821][ T6341] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff
[  122.695140][ T6341] F2FS-fs (loop0): invalid crc value
[  122.697303][ T6347] device syzkaller0 entered promiscuous mode
[  122.697521][ T6341] F2FS-fs (loop0): Found nat_bits in checkpoint
[  122.711841][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.585'.
[  122.728941][ T6341] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  122.874107][ T6355] loop4: detected capacity change from 0 to 8192
[  122.959703][ T6358] attempt to access beyond end of device
[  122.959703][ T6358] loop0: rw=2049, want=53504, limit=40427
[  123.338642][ T6355] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  123.340275][ T6355] REISERFS (device loop4): using ordered data mode
[  123.341402][ T6355] reiserfs: using flush barriers
[  123.344838][ T6355] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  123.355429][ T6355] REISERFS (device loop4): checking transaction log (loop4)
[  123.491068][ T6368] loop0: detected capacity change from 0 to 1024
[  123.549947][ T6355] REISERFS (device loop4): Using tea hash to sort names
[  123.551265][ T6355] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  123.645666][ T1891] hfsplus: b-tree write err: -5, ino 4
[  123.714469][ T6364] loop1: detected capacity change from 0 to 40427
[  123.758936][ T6372] loop0: detected capacity change from 0 to 1024
[  123.761165][    T7] hid-generic 0000:0000:0000.0037: unknown main item tag 0x0
[  123.762748][    T7] hid-generic 0000:0000:0000.0037: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  123.771393][ T6364] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  123.774594][ T6364] F2FS-fs (loop1): invalid crc value
[  123.804577][ T6364] F2FS-fs (loop1): Found nat_bits in checkpoint
[  123.823968][ T6364] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  123.835505][ T6375] loop4: detected capacity change from 0 to 8192
[  123.879655][ T6366] loop3: detected capacity change from 0 to 40427
[  123.894201][ T4045] attempt to access beyond end of device
[  123.894201][ T4045] loop1: rw=2049, want=45112, limit=40427
[  123.905199][ T6375] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  123.906755][ T6375] REISERFS (device loop4): using ordered data mode
[  123.907817][ T6375] reiserfs: using flush barriers
[  123.913149][ T6375] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  123.917214][ T6375] REISERFS (device loop4): checking transaction log (loop4)
[  123.937573][ T6366] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  123.939728][ T6375] REISERFS (device loop4): Using r5 hash to sort names
[  123.941012][ T6375] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  123.948700][ T6366] F2FS-fs (loop3): invalid crc value
[  123.983926][ T6379] loop0: detected capacity change from 0 to 8192
[  123.990857][ T6385] loop2: detected capacity change from 0 to 1024
[  124.002123][ T6381] fido_id[6381]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  124.055366][ T6366] F2FS-fs (loop3): Found nat_bits in checkpoint
[  124.070695][ T6366] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  124.071413][ T6379] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  124.073356][ T6379] REISERFS (device loop0): using ordered data mode
[  124.078277][ T6379] reiserfs: using flush barriers
[  124.081660][ T6379] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  124.088386][ T6379] REISERFS (device loop0): checking transaction log (loop0)
[  124.092740][ T6379] REISERFS (device loop0): Using r5 hash to sort names
[  124.093964][ T6379] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  124.199466][ T6391] device syzkaller0 entered promiscuous mode
[  124.234414][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.599'.
[  124.236655][ T4044] attempt to access beyond end of device
[  124.236655][ T4044] loop3: rw=2049, want=45112, limit=40427
[  124.480803][   T26] audit: type=1326 audit(124.450:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.3.600" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa75ae0a8 code=0x0
[  124.720570][ T6396] loop2: detected capacity change from 0 to 40427
[  124.742044][ T6396] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff
[  124.752311][ T6396] F2FS-fs (loop2): invalid crc value
[  124.768686][ T6396] F2FS-fs (loop2): Found nat_bits in checkpoint
[  124.779914][ T6396] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  124.982868][ T6411] attempt to access beyond end of device
[  124.982868][ T6411] loop2: rw=2049, want=53504, limit=40427
[  125.002250][ T6412] loop0: detected capacity change from 0 to 8192
[  125.098779][ T6412] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  125.100680][ T6412] REISERFS (device loop0): using ordered data mode
[  125.101833][ T6412] reiserfs: using flush barriers
[  125.104371][ T6412] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  125.113280][ T6412] REISERFS (device loop0): checking transaction log (loop0)
[  125.199622][ T6417] loop1: detected capacity change from 0 to 256
[  125.216772][ T6417] exFAT-fs (loop1): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d)
[  125.249659][ T6412] REISERFS (device loop0): Using tea hash to sort names
[  125.253033][ T6412] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  125.293418][ T1540] hid-generic 0000:0000:0000.0038: unknown main item tag 0x0
[  125.299077][ T1540] hid-generic 0000:0000:0000.0038: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  125.301608][ T6419] loop1: detected capacity change from 0 to 1024
[  125.549504][ T6423] fido_id[6423]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  125.792447][ T6432] device syzkaller0 entered promiscuous mode
[  125.823131][ T6432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.612'.
[  125.942954][ T6426] loop0: detected capacity change from 0 to 40427
[  126.019734][ T6436] loop4: detected capacity change from 0 to 8192
[  126.022848][ T6430] loop1: detected capacity change from 0 to 40427
[  126.068618][ T6436] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  126.070229][ T6436] REISERFS (device loop4): using ordered data mode
[  126.071216][ T6436] reiserfs: using flush barriers
[  126.074823][ T6430] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  126.081096][ T6430] F2FS-fs (loop1): invalid crc value
[  126.083315][ T6436] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  126.093577][ T6436] REISERFS (device loop4): checking transaction log (loop4)
[  126.099136][ T6430] F2FS-fs (loop1): Found nat_bits in checkpoint
[  126.106729][ T6426] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  126.109141][ T6426] F2FS-fs (loop0): invalid crc value
[  126.113715][ T6436] REISERFS (device loop4): Using r5 hash to sort names
[  126.123472][ T6436] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  126.128785][ T6426] F2FS-fs (loop0): Found nat_bits in checkpoint
[  126.146420][ T6430] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  126.188350][ T6426] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  126.256731][ T6434] loop2: detected capacity change from 0 to 40427
[  126.292413][ T4050] attempt to access beyond end of device
[  126.292413][ T4050] loop0: rw=2049, want=45112, limit=40427
[  126.294683][ T4045] attempt to access beyond end of device
[  126.294683][ T4045] loop1: rw=2049, want=45112, limit=40427
[  126.348944][ T6434] F2FS-fs (loop2): invalid crc value
[  126.421211][ T6434] F2FS-fs (loop2): Found nat_bits in checkpoint
[  126.444983][ T6434] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  126.463234][ T6434] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  126.480788][ T6434] F2FS-fs (loop2): Can't enable fs-verity on inode 10: the verity feature is not enabled on this filesystem
[  126.513858][ T4055] attempt to access beyond end of device
[  126.513858][ T4055] loop2: rw=2049, want=45104, limit=40427
[  126.613804][ T6453] loop3: detected capacity change from 0 to 8192
[  126.672607][ T6451] loop1: detected capacity change from 0 to 8192
[  126.688456][ T6453] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  126.689994][ T6453] REISERFS (device loop3): using ordered data mode
[  126.691055][ T6453] reiserfs: using flush barriers
[  126.692360][ T6453] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  126.699381][ T6453] REISERFS (device loop3): checking transaction log (loop3)
[  127.114597][ T6451] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  127.118130][ T6451] REISERFS (device loop1): using ordered data mode
[  127.119427][ T6451] reiserfs: using flush barriers
[  127.146776][ T6451] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  127.290855][ T6451] REISERFS (device loop1): checking transaction log (loop1)
[  127.303435][ T6451] REISERFS (device loop1): Using r5 hash to sort names
[  127.308172][ T6451] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  127.352232][ T6453] REISERFS (device loop3): Using tea hash to sort names
[  127.353674][ T6453] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  127.421842][   T25] hid-generic 0000:0000:0000.0039: unknown main item tag 0x0
[  127.423748][   T25] hid-generic 0000:0000:0000.0039: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  127.432553][ T6467] loop4: detected capacity change from 0 to 1024
[  127.481005][   T26] audit: type=1326 audit(127.450:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.2.621" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff95c2e0a8 code=0x0
[  127.750297][ T6480] tipc: Started in network mode
[  127.751121][ T6480] tipc: Node identity de2a07d41e7d, cluster identity 4711
[  127.752418][ T6480] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.776341][ T6480] netlink: 8 bytes leftover after parsing attributes in process `syz.4.624'.
[  127.783320][ T6480] tipc: Resetting bearer <eth:syzkaller0>
[  127.809687][ T6475] fido_id[6475]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  127.816752][ T6479] tipc: Disabling bearer <eth:syzkaller0>
[  127.901106][ T6474] loop3: detected capacity change from 0 to 40427
[  127.929488][ T6474] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff
[  127.932036][ T6474] F2FS-fs (loop3): invalid crc value
[  127.950288][ T6474] F2FS-fs (loop3): Found nat_bits in checkpoint
[  127.972337][ T6474] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  128.157262][ T6482] loop4: detected capacity change from 0 to 40427
[  128.175259][ T6482] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  128.180079][ T6482] F2FS-fs (loop4): invalid crc value
[  128.196025][ T6482] F2FS-fs (loop4): Found nat_bits in checkpoint
[  128.214349][ T6484] loop1: detected capacity change from 0 to 40427
[  128.221611][ T6482] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  128.260376][ T6484] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  128.264254][ T4054] attempt to access beyond end of device
[  128.264254][ T4054] loop4: rw=2049, want=45112, limit=40427
[  128.271851][ T6495] attempt to access beyond end of device
[  128.271851][ T6495] loop3: rw=2049, want=53504, limit=40427
[  128.271945][ T6484] F2FS-fs (loop1): invalid crc value
[  128.295043][ T6484] F2FS-fs (loop1): Found nat_bits in checkpoint
[  128.360527][ T6484] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  128.481477][ T4045] attempt to access beyond end of device
[  128.481477][ T4045] loop1: rw=2049, want=45104, limit=40427
[  128.883484][ T6505] loop4: detected capacity change from 0 to 512
[  128.956436][ T6505] EXT4-fs (loop4): 1 orphan inode deleted
[  128.957507][ T6505] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,,errors=continue. Quota mode: writeback.
[  129.348259][ T6512] loop1: detected capacity change from 0 to 8192
[  129.453239][ T6514] loop2: detected capacity change from 0 to 8192
[  129.455337][ T6512] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  129.456882][ T6512] REISERFS (device loop1): using ordered data mode
[  129.457947][ T6512] reiserfs: using flush barriers
[  129.461030][ T6512] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  129.465621][ T6512] REISERFS (device loop1): checking transaction log (loop1)
[  129.467377][ T6512] REISERFS (device loop1): Using r5 hash to sort names
[  129.468657][ T6512] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  129.599535][ T6514] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  129.601271][ T6514] REISERFS (device loop2): using ordered data mode
[  129.602475][ T6514] reiserfs: using flush barriers
[  129.603928][ T6514] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  129.613147][ T6514] REISERFS (device loop2): checking transaction log (loop2)
[  129.622341][ T6520] loop4: detected capacity change from 0 to 1024
[  129.816667][ T6514] REISERFS (device loop2): Using tea hash to sort names
[  129.819139][ T6514] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  129.903754][ T1540] hid-generic 0000:0000:0000.003A: unknown main item tag 0x0
[  129.905458][ T1540] hid-generic 0000:0000:0000.003A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  129.911767][ T6531] loop3: detected capacity change from 0 to 1024
[  129.944955][ T6532] fido_id[6532]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  129.984187][ T6536] tipc: Started in network mode
[  129.985052][ T6536] tipc: Node identity fec470de011b, cluster identity 4711
[  129.986522][ T6536] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  129.989990][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.638'.
[  130.003428][ T6536] tipc: Resetting bearer <eth:syzkaller0>
[  130.010261][ T6535] tipc: Disabling bearer <eth:syzkaller0>
[  130.030237][ T6534] loop2: detected capacity change from 0 to 8192
[  130.119567][ T6534] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  130.121108][ T6534] REISERFS (device loop2): using ordered data mode
[  130.122045][ T6534] reiserfs: using flush barriers
[  130.123296][ T6534] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  130.138753][ T6534] REISERFS (device loop2): checking transaction log (loop2)
[  130.141265][ T6534] REISERFS (device loop2): Using r5 hash to sort names
[  130.143331][ T6534] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  130.148883][ T6529] loop4: detected capacity change from 0 to 40427
[  130.174190][   T26] audit: type=1326 audit(130.140:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6540 comm="syz.1.640" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e3ef0a8 code=0x0
[  130.213795][ T6529] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  130.216300][ T6529] F2FS-fs (loop4): invalid crc value
[  130.222200][ T6529] F2FS-fs (loop4): Found nat_bits in checkpoint
[  130.255245][ T6529] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  130.313910][ T4054] attempt to access beyond end of device
[  130.313910][ T4054] loop4: rw=2049, want=45112, limit=40427
[  130.409346][ T6538] loop3: detected capacity change from 0 to 40427
[  130.418818][ T6538] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  130.424585][ T6538] F2FS-fs (loop3): invalid crc value
[  130.563487][ T6538] F2FS-fs (loop3): Found nat_bits in checkpoint
[  130.593415][ T6538] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  130.735344][ T4044] attempt to access beyond end of device
[  130.735344][ T4044] loop3: rw=2049, want=45104, limit=40427
[  131.066608][ T2066] ieee802154 phy0 wpan0: encryption failed: -22
[  131.068514][ T2066] ieee802154 phy1 wpan1: encryption failed: -22
[  131.077711][ T6562] loop1: detected capacity change from 0 to 1024
[  131.305958][ T6568] loop3: detected capacity change from 0 to 8192
[  131.309560][ T6574] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  131.319307][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.650'.
[  131.328535][ T6574] tipc: Resetting bearer <eth:syzkaller0>
[  131.339168][ T6573] tipc: Disabling bearer <eth:syzkaller0>
[  131.341474][ T6568] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  131.343019][ T6568] REISERFS (device loop3): using ordered data mode
[  131.344137][ T6568] reiserfs: using flush barriers
[  131.346265][ T6568] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  131.351239][ T6568] REISERFS (device loop3): checking transaction log (loop3)
[  131.513830][ T6576] loop1: detected capacity change from 0 to 8192
[  131.576391][ T6568] REISERFS (device loop3): Using tea hash to sort names
[  131.577595][ T6568] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  131.601906][ T6564] loop2: detected capacity change from 0 to 40427
[  131.612943][ T6576] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  131.614428][ T6576] REISERFS (device loop1): using ordered data mode
[  131.615697][ T6576] reiserfs: using flush barriers
[  131.616923][ T6576] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  131.620364][ T6576] REISERFS (device loop1): checking transaction log (loop1)
[  131.626120][ T6576] REISERFS (device loop1): Using r5 hash to sort names
[  131.627362][ T6576] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  131.630644][ T6579] loop0: detected capacity change from 0 to 40427
[  131.639293][ T6564] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff
[  131.644346][ T6564] F2FS-fs (loop2): invalid crc value
[  131.736763][ T6564] F2FS-fs (loop2): Found nat_bits in checkpoint
[  131.742950][ T6579] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  131.747987][ T6579] F2FS-fs (loop0): invalid crc value
[  131.768669][ T6579] F2FS-fs (loop0): Found nat_bits in checkpoint
[  131.774930][ T6564] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  131.817074][ T6579] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  131.959512][ T4050] attempt to access beyond end of device
[  131.959512][ T4050] loop0: rw=2049, want=45112, limit=40427
[  132.224627][ T6595] loop4: detected capacity change from 0 to 8192
[  132.322957][ T6595] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  132.324461][ T6595] REISERFS (device loop4): using ordered data mode
[  132.328636][   T26] audit: type=1326 audit(132.300:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6599 comm="syz.1.657" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e3ef0a8 code=0x0
[  132.328995][ T6595] reiserfs: using flush barriers
[  132.333524][ T6595] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  132.339022][ T6595] REISERFS (device loop4): checking transaction log (loop4)
[  132.340693][ T6595] REISERFS (device loop4): Using r5 hash to sort names
[  132.341918][ T6595] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  132.452925][ T6598] loop0: detected capacity change from 0 to 40427
[  132.488233][ T6598] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  132.498242][ T6598] F2FS-fs (loop0): invalid crc value
[  132.518436][ T6598] F2FS-fs (loop0): Found nat_bits in checkpoint
[  132.569028][ T6598] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  132.649965][ T4050] attempt to access beyond end of device
[  132.649965][ T4050] loop0: rw=2049, want=45104, limit=40427
[  132.757404][ T6610] loop3: detected capacity change from 0 to 1024
[  132.949133][ T6614] loop0: detected capacity change from 0 to 4096
[  132.961475][ T4055] attempt to access beyond end of device
[  132.961475][ T4055] loop2: rw=2049, want=45104, limit=40427
[  133.654339][ T6623] loop1: detected capacity change from 0 to 1024
[  133.662952][ T6625] tipc: Started in network mode
[  133.663950][ T6625] tipc: Node identity 26af7dd7c191, cluster identity 4711
[  133.670430][ T6625] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  133.673411][ T6625] device syzkaller0 entered promiscuous mode
[  133.680056][ T6625] netlink: 8 bytes leftover after parsing attributes in process `syz.2.663'.
[  133.694161][ T6624] tipc: Resetting bearer <eth:syzkaller0>
[  133.703381][ T6624] tipc: Disabling bearer <eth:syzkaller0>
[  133.811885][ T6629] loop1: detected capacity change from 0 to 8192
[  133.851425][ T6629] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  133.852926][ T6629] REISERFS (device loop1): using ordered data mode
[  133.853938][ T6629] reiserfs: using flush barriers
[  133.859286][ T6629] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  133.861884][ T6629] REISERFS (device loop1): checking transaction log (loop1)
[  133.872808][ T6634] loop2: detected capacity change from 0 to 8192
[  134.057274][ T6634] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  134.059059][ T6634] REISERFS (device loop2): using ordered data mode
[  134.060257][ T6634] reiserfs: using flush barriers
[  134.061625][ T6634] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  134.074193][ T6634] REISERFS (device loop2): checking transaction log (loop2)
[  134.082173][ T6629] REISERFS (device loop1): Using tea hash to sort names
[  134.087628][ T6634] REISERFS (device loop2): Using r5 hash to sort names
[  134.094624][ T6629] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  134.098354][ T6634] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  134.167680][ T6631] loop0: detected capacity change from 0 to 40427
[  134.282521][ T6631] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  134.307092][ T6631] F2FS-fs (loop0): invalid crc value
[  134.321515][ T6631] F2FS-fs (loop0): Found nat_bits in checkpoint
[  134.349489][ T6631] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  134.422958][ T4050] attempt to access beyond end of device
[  134.422958][ T4050] loop0: rw=2049, want=45112, limit=40427
[  134.512812][ T6646] loop4: detected capacity change from 0 to 40427
[  134.522640][ T6646] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff
[  134.528900][ T6646] F2FS-fs (loop4): invalid crc value
[  134.544360][ T6646] F2FS-fs (loop4): Found nat_bits in checkpoint
[  134.566844][ T6646] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  134.646985][ T6650] loop1: detected capacity change from 0 to 40427
[  134.657308][   T26] audit: type=1326 audit(134.630:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.3.673" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa75ae0a8 code=0x0
[  134.663783][ T6658] loop0: detected capacity change from 0 to 1024
[  134.688484][ T6650] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  135.007712][ T6650] F2FS-fs (loop1): invalid crc value
[  135.015673][ T6650] F2FS-fs (loop1): Found nat_bits in checkpoint
[  135.031577][ T6650] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  135.071829][ T4045] attempt to access beyond end of device
[  135.071829][ T4045] loop1: rw=2049, want=45112, limit=40427
[  135.212673][ T6668] loop0: detected capacity change from 0 to 8192
[  135.221384][ T6668] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  135.223069][ T6668] REISERFS (device loop0): using ordered data mode
[  135.224061][ T6668] reiserfs: using flush barriers
[  135.230055][ T6668] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  135.243027][ T6668] REISERFS (device loop0): checking transaction log (loop0)
[  135.244880][ T6668] REISERFS (device loop0): Using r5 hash to sort names
[  135.249084][ T6668] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  135.251305][ T6668] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  135.673563][ T6679] loop1: detected capacity change from 0 to 1024
[  135.708508][ T6682] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  135.711607][ T6682] device syzkaller0 entered promiscuous mode
[  135.750188][ T6682] netlink: 8 bytes leftover after parsing attributes in process `syz.3.679'.
[  135.764470][ T6681] tipc: Resetting bearer <eth:syzkaller0>
[  135.791513][ T6681] tipc: Disabling bearer <eth:syzkaller0>
[  135.804985][ T6680] loop4: detected capacity change from 0 to 8192
[  135.880041][ T6680] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  135.881869][ T6680] REISERFS (device loop4): using ordered data mode
[  135.883134][ T6680] reiserfs: using flush barriers
[  135.884584][ T6680] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  135.892845][ T6680] REISERFS (device loop4): checking transaction log (loop4)
[  135.906939][ T6684] loop1: detected capacity change from 0 to 8192
[  135.909811][ T6680] REISERFS (device loop4): Using r5 hash to sort names
[  135.918708][ T6680] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  136.048732][ T6684] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  136.050348][ T6684] REISERFS (device loop1): using ordered data mode
[  136.051377][ T6684] reiserfs: using flush barriers
[  136.052687][ T6684] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  136.072261][ T6684] REISERFS (device loop1): checking transaction log (loop1)
[  136.207528][ T6684] REISERFS (device loop1): Using tea hash to sort names
[  136.208925][ T6684] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  136.280171][ T6698] loop2: detected capacity change from 0 to 8192
[  136.392498][ T6698] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  136.394031][ T6698] REISERFS (device loop2): using ordered data mode
[  136.395021][ T6698] reiserfs: using flush barriers
[  136.396908][ T6698] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  136.401885][ T6698] REISERFS (device loop2): checking transaction log (loop2)
[  136.409181][ T6698] REISERFS (device loop2): Using r5 hash to sort names
[  136.410415][ T6698] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  136.532491][ T6701] loop0: detected capacity change from 0 to 40427
[  136.558523][ T6701] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  136.565439][ T6701] F2FS-fs (loop0): invalid crc value
[  136.582643][ T6701] F2FS-fs (loop0): Found nat_bits in checkpoint
[  136.609096][ T6701] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  136.692653][ T4050] attempt to access beyond end of device
[  136.692653][ T4050] loop0: rw=2049, want=45112, limit=40427
[  136.785768][ T6705] loop1: detected capacity change from 0 to 40427
[  136.799913][ T6705] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  136.806667][ T6705] F2FS-fs (loop1): invalid crc value
[  136.821034][ T6705] F2FS-fs (loop1): Found nat_bits in checkpoint
[  136.862730][ T6705] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  136.931866][ T6715] loop0: detected capacity change from 0 to 1024
[  136.950680][ T4045] attempt to access beyond end of device
[  136.950680][ T4045] loop1: rw=2049, want=45112, limit=40427
[  137.009866][   T26] audit: type=1326 audit(136.980:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6716 comm="syz.0.689" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb5b660a8 code=0x0
[  137.210939][ T6723] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.212568][ T6723] device syzkaller0 entered promiscuous mode
[  137.219450][ T6723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.691'.
[  137.221543][ T6721] tipc: Resetting bearer <eth:syzkaller0>
[  137.228107][ T6721] tipc: Disabling bearer <eth:syzkaller0>
[  137.344996][ T6725] loop2: detected capacity change from 0 to 1024
[  137.391672][ T6722] loop1: detected capacity change from 0 to 40427
[  137.426331][ T6719] loop4: detected capacity change from 0 to 32768
[  137.429911][ T6722] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff
[  137.441407][ T6722] F2FS-fs (loop1): invalid crc value
[  137.473356][ T6722] F2FS-fs (loop1): Found nat_bits in checkpoint
[  137.491030][ T6722] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  137.511794][ T6719] XFS (loop4): Mounting V5 Filesystem
[  138.243409][ T6719] XFS (loop4): Ending clean mount
[  138.254389][ T6719] XFS (loop4): Quotacheck needed: Please wait.
[  138.289446][ T6719] XFS (loop4): Quotacheck: Done.
[  138.305505][ T6762] loop3: detected capacity change from 0 to 1024
[  138.330105][ T4054] XFS (loop4): Unmounting Filesystem
[  138.337729][ T6759] loop2: detected capacity change from 0 to 8192
[  138.382084][ T6754] loop1: detected capacity change from 0 to 40427
[  138.413496][ T6759] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  138.414998][ T6759] REISERFS (device loop2): using ordered data mode
[  138.416509][ T6759] reiserfs: using flush barriers
[  138.417749][ T6759] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  138.422108][ T6759] REISERFS (device loop2): checking transaction log (loop2)
[  138.433753][ T6754] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  138.436691][ T6754] F2FS-fs (loop1): invalid crc value
[  138.437815][ T6759] REISERFS (device loop2): Using r5 hash to sort names
[  138.439160][ T6759] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  138.453127][ T6765] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.455376][ T6757] loop0: detected capacity change from 0 to 40427
[  138.457380][ T6765] device syzkaller0 entered promiscuous mode
[  138.461335][ T6754] F2FS-fs (loop1): Found nat_bits in checkpoint
[  138.542853][ T6765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.703'.
[  138.545671][ T6754] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  138.548240][ T6765] tipc: Resetting bearer <eth:syzkaller0>
[  138.550288][ T6764] tipc: Resetting bearer <eth:syzkaller0>
[  138.553628][ T6764] tipc: Disabling bearer <eth:syzkaller0>
[  138.556794][ T6757] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  138.562282][ T6757] F2FS-fs (loop0): invalid crc value
[  138.571621][ T6757] F2FS-fs (loop0): Found nat_bits in checkpoint
[  138.594645][ T6757] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  138.639691][ T4045] attempt to access beyond end of device
[  138.639691][ T4045] loop1: rw=2049, want=45112, limit=40427
[  138.665869][ T4050] attempt to access beyond end of device
[  138.665869][ T4050] loop0: rw=2049, want=45112, limit=40427
[  138.854593][ T6777] loop4: detected capacity change from 0 to 8192
[  138.894760][ T6780] loop1: detected capacity change from 0 to 1024
[  138.928446][ T6777] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  138.929873][ T6777] REISERFS (device loop4): using ordered data mode
[  138.930829][ T6777] reiserfs: using flush barriers
[  138.932112][ T6777] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  138.940665][ T6777] REISERFS (device loop4): checking transaction log (loop4)
[  138.943409][ T6777] REISERFS (device loop4): Using r5 hash to sort names
[  138.946816][ T6777] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  139.750355][   T26] audit: type=1326 audit(139.720:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6793 comm="syz.4.709" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa80a90a8 code=0x0
[  139.810186][ T6792] loop0: detected capacity change from 0 to 40427
[  139.816530][ T6792] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff
[  139.820536][ T6792] F2FS-fs (loop0): invalid crc value
[  139.825016][ T6792] F2FS-fs (loop0): Found nat_bits in checkpoint
[  139.848971][ T6792] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  140.053384][ T6805] loop1: detected capacity change from 0 to 1024
[  140.464714][ T6812] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.468773][ T6812] device syzkaller0 entered promiscuous mode
[  140.483855][ T6812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.715'.
[  140.512931][ T6812] tipc: Resetting bearer <eth:syzkaller0>
[  140.531699][ T6811] tipc: Resetting bearer <eth:syzkaller0>
[  140.567353][ T6811] tipc: Disabling bearer <eth:syzkaller0>
[  140.736687][ T6824] loop1: detected capacity change from 0 to 1024
[  140.869925][ T6826] loop1: detected capacity change from 0 to 8192
[  140.886925][ T6826] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  140.888585][ T6826] REISERFS (device loop1): using ordered data mode
[  140.889691][ T6826] reiserfs: using flush barriers
[  140.891028][ T6826] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  140.914090][ T6826] REISERFS (device loop1): checking transaction log (loop1)
[  140.917643][ T6826] REISERFS (device loop1): Using r5 hash to sort names
[  140.918919][ T6826] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  140.920101][ T6817] loop4: detected capacity change from 0 to 40427
[  140.939141][ T6817] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  140.944892][ T6817] F2FS-fs (loop4): invalid crc value
[  141.004904][ T6817] F2FS-fs (loop4): Found nat_bits in checkpoint
[  141.049173][ T6817] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  141.056650][ T6815] loop2: detected capacity change from 0 to 40427
[  141.092249][ T4054] attempt to access beyond end of device
[  141.092249][ T4054] loop4: rw=2049, want=45112, limit=40427
[  141.115054][ T6833] loop3: detected capacity change from 0 to 8192
[  141.123271][ T6815] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff
[  141.127858][ T6815] F2FS-fs (loop2): invalid crc value
[  141.141457][ T6815] F2FS-fs (loop2): Found nat_bits in checkpoint
[  141.156081][ T6833] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  141.156875][ T6815] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  141.157707][ T6833] REISERFS (device loop3): using ordered data mode
[  141.162724][ T6833] reiserfs: using flush barriers
[  141.164191][ T6833] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  141.168917][ T6833] REISERFS (device loop3): checking transaction log (loop3)
[  141.171891][ T6833] REISERFS (device loop3): Using r5 hash to sort names
[  141.173143][ T6833] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  141.311351][ T4055] attempt to access beyond end of device
[  141.311351][ T4055] loop2: rw=2049, want=45112, limit=40427
[  141.890010][   T26] audit: type=1326 audit(141.860:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6854 comm="syz.0.728" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb5b660a8 code=0x0
[  142.003828][ T6857] loop1: detected capacity change from 0 to 1024
[  142.108367][ T6859] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  142.115759][ T6859] device syzkaller0 entered promiscuous mode
[  142.131572][ T6859] netlink: 8 bytes leftover after parsing attributes in process `syz.1.729'.
[  142.140316][ T6859] tipc: Resetting bearer <eth:syzkaller0>
[  142.151833][ T6846] loop3: detected capacity change from 0 to 40427
[  142.153135][ T6858] tipc: Resetting bearer <eth:syzkaller0>
[  142.170959][ T6846] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff
[  142.175610][ T6858] tipc: Disabling bearer <eth:syzkaller0>
[  142.183897][ T6846] F2FS-fs (loop3): invalid crc value
[  142.202737][ T6846] F2FS-fs (loop3): Found nat_bits in checkpoint
[  142.244213][ T6846] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  142.536129][ T6871] loop4: detected capacity change from 0 to 1024
[  142.605939][ T6874] loop4: detected capacity change from 0 to 8192
[  142.666885][ T6877] attempt to access beyond end of device
[  142.666885][ T6877] loop3: rw=2049, want=53504, limit=40427
[  142.779464][ T6874] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  142.781018][ T6874] REISERFS (device loop4): using ordered data mode
[  142.782056][ T6874] reiserfs: using flush barriers
[  142.784949][ T6874] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  142.793150][ T6874] REISERFS (device loop4): checking transaction log (loop4)
[  142.805154][ T6874] REISERFS (device loop4): Using r5 hash to sort names
[  142.808396][ T6874] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  142.946680][ T6868] loop2: detected capacity change from 0 to 40427
[  142.960032][ T6868] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff
[  142.976945][ T6868] F2FS-fs (loop2): invalid crc value
[  143.052576][ T6868] F2FS-fs (loop2): Found nat_bits in checkpoint
[  143.088258][ T6868] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  143.439427][ T4055] attempt to access beyond end of device
[  143.439427][ T4055] loop2: rw=2049, want=45112, limit=40427
[  143.503917][ T6880] loop0: detected capacity change from 0 to 40427
[  143.549187][ T6880] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  143.556340][ T6880] F2FS-fs (loop0): invalid crc value
[  143.562693][ T6890] loop1: detected capacity change from 0 to 8192
[  143.566599][ T6880] F2FS-fs (loop0): Found nat_bits in checkpoint
[  143.596932][ T6880] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  143.603293][ T6890] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  143.604839][ T6890] REISERFS (device loop1): using ordered data mode
[  143.606161][ T6890] reiserfs: using flush barriers
[  143.607487][ T6890] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  143.627914][ T6890] REISERFS (device loop1): checking transaction log (loop1)
[  143.631307][ T6890] REISERFS (device loop1): Using r5 hash to sort names
[  143.632579][ T6890] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  143.740953][ T4050] attempt to access beyond end of device
[  143.740953][ T4050] loop0: rw=2049, want=45112, limit=40427
[  143.931234][ T6902] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  143.939220][ T6902] device syzkaller0 entered promiscuous mode
[  143.948905][ T6902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.741'.
[  143.958151][ T6902] tipc: Resetting bearer <eth:syzkaller0>
[  143.963700][ T6901] tipc: Resetting bearer <eth:syzkaller0>
[  144.012050][ T6901] tipc: Disabling bearer <eth:syzkaller0>
[  144.093495][ T6908] loop0: detected capacity change from 0 to 1024
[  144.113563][   T26] audit: type=1326 audit(144.080:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6909 comm="syz.4.745" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa80a90a8 code=0x0
[  144.187252][ T6915] loop3: detected capacity change from 0 to 4096
[  144.204220][ T6915] ntfs: (device loop3): check_mft_mirror(): Incomplete multi sector transfer detected in mft record 2.
[  144.208366][ T6915] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  144.227231][ T6915] ntfs: volume version 3.1.
[  144.227996][ T6915] ntfs: (device loop3): map_mft_record_page(): Mft record 0x2 is corrupt.  Run chkdsk.
[  144.231748][ T6915] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[  144.234259][ T6915] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x2 as bad.  Run chkdsk.
[  144.240930][ T6915] ntfs: (device loop3): load_system_files(): Failed to load $LogFile.  Will not be able to remount read-write.  Mount in Windows.
[  144.259904][ T6915] ntfs: (device loop3): ntfs_read_locked_inode(): Index block size (0) < NTFS_BLOCK_SIZE (512) is not supported.  Sorry.
[  144.268580][ T6915] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -95.  Marking corrupt inode 0x40 as bad.  Run chkdsk.
[  144.363719][ T6918] loop0: detected capacity change from 0 to 8192
[  144.389819][ T6918] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  144.391374][ T6918] REISERFS (device loop0): using ordered data mode
[  144.392559][ T6918] reiserfs: using flush barriers
[  144.393897][ T6918] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  144.408202][ T6918] REISERFS (device loop0): checking transaction log (loop0)
[  144.410625][ T6918] REISERFS (device loop0): Using r5 hash to sort names
[  144.411873][ T6918] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  144.738189][ T6925] loop1: detected capacity change from 0 to 40427
[  144.821072][ T6925] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  144.823955][ T6925] F2FS-fs (loop1): invalid crc value
[  144.838849][ T6925] F2FS-fs (loop1): Found nat_bits in checkpoint
[  144.858169][ T6925] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  144.885902][ T4045] attempt to access beyond end of device
[  144.885902][ T4045] loop1: rw=2049, want=45112, limit=40427
[  145.087993][ T6928] loop0: detected capacity change from 0 to 40427
[  145.096337][ T6928] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  145.106792][ T6938] loop1: detected capacity change from 0 to 16
[  145.112536][ T6928] F2FS-fs (loop0): invalid crc value
[  145.114011][ T6938] erofs: Unknown parameter 'rootcontext'
[  145.120361][ T6928] F2FS-fs (loop0): Found nat_bits in checkpoint
[  145.152479][ T6928] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  145.298773][ T4050] attempt to access beyond end of device
[  145.298773][ T4050] loop0: rw=2049, want=45112, limit=40427
[  145.319413][ T6946] loop2: detected capacity change from 0 to 1024
[  145.348138][ T6948] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  145.349609][ T6948] device syzkaller0 entered promiscuous mode
[  145.352085][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.3.756'.
[  145.371213][ T6936] loop4: detected capacity change from 0 to 40427
[  145.376838][ T6948] tipc: Resetting bearer <eth:syzkaller0>
[  145.381562][ T6947] tipc: Resetting bearer <eth:syzkaller0>
[  145.390082][ T6947] tipc: Disabling bearer <eth:syzkaller0>
[  145.422978][ T6952] loop2: detected capacity change from 0 to 1024
[  145.424617][ T6936] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff
[  145.438782][ T6936] F2FS-fs (loop4): invalid crc value
[  145.454507][ T6936] F2FS-fs (loop4): Found nat_bits in checkpoint
[  145.503495][ T6936] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  145.600153][ T6960] loop2: detected capacity change from 0 to 8192
[  145.624229][ T6960] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  145.627313][ T6961] loop3: detected capacity change from 0 to 8192
[  145.631605][ T6960] REISERFS (device loop2): using ordered data mode
[  145.632759][ T6960] reiserfs: using flush barriers
[  145.638954][ T6960] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  145.663053][ T6960] REISERFS (device loop2): checking transaction log (loop2)
[  145.684998][ T6960] REISERFS (device loop2): Using r5 hash to sort names
[  145.692774][ T6960] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  145.698433][ T6961] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  145.699971][ T6961] REISERFS (device loop3): using ordered data mode
[  145.700993][ T6961] reiserfs: using flush barriers
[  145.702428][ T6961] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  145.708747][ T6961] REISERFS (device loop3): checking transaction log (loop3)
[  145.715964][ T6961] REISERFS (device loop3): Using r5 hash to sort names
[  145.721845][ T6961] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  146.227929][ T6971] attempt to access beyond end of device
[  146.227929][ T6971] loop4: rw=2049, want=53504, limit=40427
[  146.230027][    T7] Bluetooth: hci3: command 0x2016 tx timeout
[  146.341294][   T26] audit: type=1326 audit(146.310:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6974 comm="syz.3.763" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa75ae0a8 code=0x0
[  146.486021][ T6967] loop0: detected capacity change from 0 to 40427
[  146.524413][ T6967] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  146.527561][ T6967] F2FS-fs (loop0): invalid crc value
[  146.531506][ T6967] F2FS-fs (loop0): Found nat_bits in checkpoint
[  146.545637][ T6967] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  146.603518][ T4050] attempt to access beyond end of device
[  146.603518][ T4050] loop0: rw=2049, want=45112, limit=40427
[  147.078665][ T6986] loop1: detected capacity change from 0 to 40427
[  147.083913][ T6986] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  147.090277][ T6986] F2FS-fs (loop1): invalid crc value
[  147.102683][ T6986] F2FS-fs (loop1): Found nat_bits in checkpoint
[  147.120451][ T6986] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  147.159720][ T6997] loop4: detected capacity change from 0 to 1024
[  147.192258][ T7000] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  147.193923][ T7000] device syzkaller0 entered promiscuous mode
[  147.197840][ T7000] netlink: 8 bytes leftover after parsing attributes in process `syz.3.770'.
[  147.202993][ T7000] tipc: Resetting bearer <eth:syzkaller0>
[  147.216219][ T4045] attempt to access beyond end of device
[  147.216219][ T4045] loop1: rw=2049, want=45112, limit=40427
[  147.218680][ T6999] tipc: Resetting bearer <eth:syzkaller0>
[  147.234439][ T6999] tipc: Disabling bearer <eth:syzkaller0>
[  147.403540][ T7005] loop4: detected capacity change from 0 to 8192
[  147.414899][ T7005] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  147.421952][ T7005] REISERFS (device loop4): using ordered data mode
[  147.429467][ T7005] reiserfs: using flush barriers
[  147.443802][ T7008] loop3: detected capacity change from 0 to 8192
[  147.446171][ T7005] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  147.451321][ T7005] REISERFS (device loop4): checking transaction log (loop4)
[  147.471172][ T7005] REISERFS (device loop4): Using r5 hash to sort names
[  147.474065][ T7011] loop1: detected capacity change from 0 to 1024
[  147.477637][ T7005] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  147.486847][ T7008] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  147.488407][ T7008] REISERFS (device loop3): using ordered data mode
[  147.489435][ T7008] reiserfs: using flush barriers
[  147.491129][ T7008] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  147.515682][ T7008] REISERFS (device loop3): checking transaction log (loop3)
[  147.524689][ T7008] REISERFS (device loop3): Using r5 hash to sort names
[  147.526051][ T7008] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  147.972936][ T7020] loop1: detected capacity change from 0 to 1024
[  148.079552][ T7020] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  148.087336][ T7020] EXT4-fs error (device loop1): ext4_map_blocks:739: inode #15: block 1: comm syz.1.777: lblock 1 mapped to illegal pblock 1 (length 1)
[  148.111816][ T4389] EXT4-fs error (device loop1): ext4_map_blocks:739: inode #15: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  148.116345][ T4389] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 117
[  148.118380][ T4389] EXT4-fs (loop1): This should not happen!! Data will be lost
[  148.118380][ T4389] 
[  148.209178][ T7016] loop2: detected capacity change from 0 to 40427
[  148.301532][ T7016] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff
[  148.318834][ T7016] F2FS-fs (loop2): invalid crc value
[  148.367058][ T7016] F2FS-fs (loop2): Found nat_bits in checkpoint
[  148.425456][ T4588] Bluetooth: hci0: command 0x2016 tx timeout
[  148.438194][ T7016] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  148.513192][ T4055] attempt to access beyond end of device
[  148.513192][ T4055] loop2: rw=2049, want=45112, limit=40427
[  148.700169][ T7027] loop0: detected capacity change from 0 to 40427
[  148.709611][ T7027] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  148.733000][ T7027] F2FS-fs (loop0): invalid crc value
[  148.748567][ T7027] F2FS-fs (loop0): Found nat_bits in checkpoint
[  148.773921][ T7027] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  148.789269][ T7033] loop4: detected capacity change from 0 to 40427
[  148.801620][ T7035] loop3: detected capacity change from 0 to 32768
[  148.834901][ T7033] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff
[  148.857029][ T7033] F2FS-fs (loop4): invalid crc value
[  148.860352][ T4050] attempt to access beyond end of device
[  148.860352][ T4050] loop0: rw=2049, want=45112, limit=40427
[  148.884307][ T7033] F2FS-fs (loop4): Found nat_bits in checkpoint
[  148.889140][ T7035] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.779 (7035)
[  148.892750][ T7035] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  148.894478][ T7035] BTRFS info (device loop3): using free space tree
[  148.901367][ T7035] BTRFS info (device loop3): has skinny extents
[  148.916996][ T7033] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  149.053605][ T7035] BTRFS info (device loop3): enabling ssd optimizations
[  149.122383][ T7067] attempt to access beyond end of device
[  149.122383][ T7067] loop4: rw=2049, want=53504, limit=40427
[  149.150634][ T7066] loop0: detected capacity change from 0 to 1024
[  149.483493][ T7078] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.492388][ T7078] device syzkaller0 entered promiscuous mode
[  149.498103][ T7076] loop0: detected capacity change from 0 to 1024
[  149.499662][ T7078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.784'.
[  149.509758][ T7078] tipc: Resetting bearer <eth:syzkaller0>
[  149.515369][ T7077] tipc: Resetting bearer <eth:syzkaller0>
[  149.519890][ T7077] tipc: Disabling bearer <eth:syzkaller0>
[  149.570924][ T7083] loop4: detected capacity change from 0 to 8192
[  149.573503][ T7085] loop3: detected capacity change from 0 to 1024
[  149.689740][ T7088] loop2: detected capacity change from 0 to 8192
[  149.844359][ T7083] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  149.844874][ T7088] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  149.845953][ T7083] REISERFS (device loop4): using ordered data mode
[  149.851495][ T7083] reiserfs: using flush barriers
[  149.853051][ T7083] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  149.853438][ T7088] REISERFS (device loop2): using ordered data mode
[  149.858803][ T7088] reiserfs: using flush barriers
[  149.860901][ T7088] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  149.866587][ T7088] REISERFS (device loop2): checking transaction log (loop2)
[  149.871409][ T7083] REISERFS (device loop4): checking transaction log (loop4)
[  149.874035][ T7088] REISERFS (device loop2): Using r5 hash to sort names
[  149.875498][ T7088] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  149.878590][ T7083] REISERFS (device loop4): Using r5 hash to sort names
[  149.889416][ T7083] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  150.640242][ T7094] loop0: detected capacity change from 0 to 40427
[  150.815151][ T4110] Bluetooth: hci4: command 0x2016 tx timeout
[  150.971139][ T7094] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  150.993831][ T7094] F2FS-fs (loop0): invalid crc value
[  151.028600][ T7094] F2FS-fs (loop0): Found nat_bits in checkpoint
[  151.058766][ T7094] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  151.138176][ T4050] attempt to access beyond end of device
[  151.138176][ T4050] loop0: rw=2049, want=45112, limit=40427
[  151.242247][ T7102] loop4: detected capacity change from 0 to 40427
[  151.278790][ T7107] loop2: detected capacity change from 0 to 40427
[  151.308402][ T7107] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff
[  151.308981][ T7102] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  151.314179][ T7107] F2FS-fs (loop2): invalid crc value
[  151.318649][ T7102] F2FS-fs (loop4): invalid crc value
[  151.358288][ T7107] F2FS-fs (loop2): Found nat_bits in checkpoint
[  151.377783][ T7102] F2FS-fs (loop4): Found nat_bits in checkpoint
[  151.379549][ T7118] loop1: detected capacity change from 0 to 1024
[  151.393867][ T7107] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  151.397428][ T7102] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  151.502077][ T4054] attempt to access beyond end of device
[  151.502077][ T4054] loop4: rw=2049, want=45112, limit=40427
[  151.585996][ T7127] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.589832][ T7127] device syzkaller0 entered promiscuous mode
[  151.595757][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.1.801'.
[  151.608974][ T7127] tipc: Resetting bearer <eth:syzkaller0>
[  151.613566][ T7126] tipc: Resetting bearer <eth:syzkaller0>
[  151.646896][ T7129] attempt to access beyond end of device
[  151.646896][ T7129] loop2: rw=2049, want=53504, limit=40427
[  151.650747][ T7126] tipc: Disabling bearer <eth:syzkaller0>
[  151.767647][ T7137] loop3: detected capacity change from 0 to 1024
[  151.812409][ T4048] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  151.814046][ T4048] CPU: 0 PID: 4048 Comm: kworker/u5:2 Not tainted 5.15.189-syzkaller #0
[  151.815383][ T4048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  151.817100][ T4048] Workqueue: hci3 hci_rx_work
[  151.817904][ T4048] Call trace:
[  151.818463][ T4048]  dump_backtrace+0x0/0x43c
[  151.819200][ T4048]  show_stack+0x2c/0x3c
[  151.819915][ T4048]  __dump_stack+0x30/0x40
[  151.820675][ T4048]  dump_stack_lvl+0xf8/0x160
[  151.821418][ T4048]  dump_stack+0x1c/0x5c
[  151.822135][ T4048]  sysfs_create_dir_ns+0x22c/0x24c
[  151.822985][ T4048]  kobject_add_internal+0x590/0xc54
[  151.823791][ T4048]  kobject_add+0x134/0x1f8
[  151.824496][ T4048]  device_add+0x3f0/0xf94
[  151.825256][ T4048]  hci_conn_add_sysfs+0xbc/0x1cc
[  151.826030][ T4048]  le_conn_complete_evt+0x9a4/0x11bc
[  151.826924][ T4048]  hci_le_meta_evt+0x85c/0x3010
[  151.827740][ T4048]  hci_event_packet+0xd10/0x11bc
[  151.828499][ T4048]  hci_rx_work+0x1cc/0x880
[  151.829184][ T4048]  process_one_work+0x79c/0x1140
[  151.829927][ T4048]  worker_thread+0x8f4/0x101c
[  151.830627][ T4048]  kthread+0x374/0x454
[  151.831239][ T4048]  ret_from_fork+0x10/0x20
[  151.833640][ T4048] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  151.835951][ T4048] Bluetooth: hci3: failed to register connection device
[  151.846780][   T26] kauditd_printk_skb: 1 callbacks suppressed
[  151.846787][   T26] audit: type=1326 audit(151.820:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.4.802" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa80a90a8 code=0x0
[  152.289989][ T7141] loop3: detected capacity change from 0 to 8192
[  152.316748][ T7141] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  152.320692][ T7141] REISERFS (device loop3): using ordered data mode
[  152.322329][ T7141] reiserfs: using flush barriers
[  152.324389][ T7141] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  152.332547][ T7141] REISERFS (device loop3): checking transaction log (loop3)
[  152.337568][ T7141] REISERFS (device loop3): Using r5 hash to sort names
[  152.341033][ T7141] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  152.995644][ T7149] loop0: detected capacity change from 0 to 8192
[  153.159478][ T7149] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  153.167603][ T7149] REISERFS (device loop0): using ordered data mode
[  153.168698][ T7149] reiserfs: using flush barriers
[  153.178159][ T7149] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  153.188815][ T7149] REISERFS (device loop0): checking transaction log (loop0)
[  153.199494][ T7149] REISERFS (device loop0): Using r5 hash to sort names
[  153.203899][ T7149] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  153.282131][ T7151] loop4: detected capacity change from 0 to 40427
[  153.306679][ T7151] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  153.310523][ T7151] F2FS-fs (loop4): invalid crc value
[  153.312504][ T7151] F2FS-fs (loop4): Found nat_bits in checkpoint
[  153.322734][ T7151] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  153.372510][ T4054] attempt to access beyond end of device
[  153.372510][ T4054] loop4: rw=2049, want=45112, limit=40427
[  153.550021][ T7160] loop3: detected capacity change from 0 to 40427
[  153.564809][ T7160] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  153.574158][ T7160] F2FS-fs (loop3): invalid crc value
[  153.578759][ T7165] loop4: detected capacity change from 0 to 1024
[  153.583088][ T7160] F2FS-fs (loop3): Found nat_bits in checkpoint
[  153.591985][ T7160] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  153.715809][ T4044] attempt to access beyond end of device
[  153.715809][ T4044] loop3: rw=2049, want=45112, limit=40427
[  153.855255][ T4431] Bluetooth: hci3: command 0x2016 tx timeout
[  153.883230][ T7173] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  153.890354][ T7175] loop4: detected capacity change from 0 to 1024
[  153.892169][ T7173] device syzkaller0 entered promiscuous mode
[  153.899432][ T7173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.815'.
[  153.905625][ T7173] tipc: Resetting bearer <eth:syzkaller0>
[  153.907803][ T7172] tipc: Resetting bearer <eth:syzkaller0>
[  153.911389][ T7172] tipc: Disabling bearer <eth:syzkaller0>
[  154.033647][ T4048] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  154.035710][ T4048] CPU: 0 PID: 4048 Comm: kworker/u5:2 Not tainted 5.15.189-syzkaller #0
[  154.037102][ T4048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  154.038813][ T4048] Workqueue: hci1 hci_rx_work
[  154.039563][ T4048] Call trace:
[  154.040104][ T4048]  dump_backtrace+0x0/0x43c
[  154.040834][ T4048]  show_stack+0x2c/0x3c
[  154.041461][ T4048]  __dump_stack+0x30/0x40
[  154.042127][ T4048]  dump_stack_lvl+0xf8/0x160
[  154.042827][   T26] audit: type=1326 audit(154.010:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7182 comm="syz.1.819" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e3ef0a8 code=0x0
[  154.042846][ T4048]  dump_stack+0x1c/0x5c
[  154.046684][ T4048]  sysfs_create_dir_ns+0x22c/0x24c
[  154.047517][ T4048]  kobject_add_internal+0x590/0xc54
[  154.048418][ T4048]  kobject_add+0x134/0x1f8
[  154.049122][ T4048]  device_add+0x3f0/0xf94
[  154.049875][ T4048]  hci_conn_add_sysfs+0xbc/0x1cc
[  154.050641][ T4048]  le_conn_complete_evt+0x9a4/0x11bc
[  154.051468][ T4048]  hci_le_meta_evt+0x85c/0x3010
[  154.052232][ T4048]  hci_event_packet+0xd10/0x11bc
[  154.053043][ T4048]  hci_rx_work+0x1cc/0x880
[  154.053772][ T4048]  process_one_work+0x79c/0x1140
[  154.054594][ T4048]  worker_thread+0x8f4/0x101c
[  154.055370][ T4048]  kthread+0x374/0x454
[  154.056057][ T4048]  ret_from_fork+0x10/0x20
[  154.058083][ T4048] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  154.060326][ T4048] Bluetooth: hci1: failed to register connection device
[  154.207946][ T7179] loop4: detected capacity change from 0 to 32768
[  154.280816][ T7179] XFS (loop4): Mounting V5 Filesystem
[  154.284542][ T7189] loop3: detected capacity change from 0 to 8192
[  154.300014][ T7189] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  154.301482][ T7189] REISERFS (device loop3): using ordered data mode
[  154.303656][ T7189] reiserfs: using flush barriers
[  154.329345][ T7179] XFS (loop4): Ending clean mount
[  154.334702][ T7189] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  154.354153][ T7189] REISERFS (device loop3): checking transaction log (loop3)
[  154.363284][ T7189] REISERFS (device loop3): Using r5 hash to sort names
[  154.364685][ T7189] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  154.381546][ T4054] XFS (loop4): Unmounting Filesystem
[  155.001306][ T7200] loop2: detected capacity change from 0 to 40427
[  155.023529][ T7200] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff
[  155.069902][ T7200] F2FS-fs (loop2): invalid crc value
[  155.087043][ T7207] loop0: detected capacity change from 0 to 1024
[  155.096258][ T7200] F2FS-fs (loop2): Found nat_bits in checkpoint
[  155.115132][ T7200] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  155.133127][ T7205] loop1: detected capacity change from 0 to 40427
[  155.169296][ T7205] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  155.178815][ T7205] F2FS-fs (loop1): invalid crc value
[  155.188822][ T4055] attempt to access beyond end of device
[  155.188822][ T4055] loop2: rw=2049, want=45112, limit=40427
[  155.194544][ T7214] loop3: detected capacity change from 0 to 8192
[  155.199131][ T7205] F2FS-fs (loop1): Found nat_bits in checkpoint
[  155.240350][ T7214] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  155.241883][ T7214] REISERFS (device loop3): using ordered data mode
[  155.242931][ T7214] reiserfs: using flush barriers
[  155.248683][ T7214] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  155.251347][ T7214] REISERFS (device loop3): checking transaction log (loop3)
[  155.258565][ T7205] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  155.264271][ T7214] REISERFS (device loop3): Using r5 hash to sort names
[  155.266888][ T7214] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  155.391468][ T7218] loop4: detected capacity change from 0 to 40427
[  155.396789][ T4045] attempt to access beyond end of device
[  155.396789][ T4045] loop1: rw=2049, want=45112, limit=40427
[  155.449312][ T7218] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1ffff
[  155.463222][ T7212] loop0: detected capacity change from 0 to 32768
[  155.481692][ T7218] F2FS-fs (loop4): invalid crc value
[  155.487768][ T7218] F2FS-fs (loop4): Found nat_bits in checkpoint
[  155.504641][ T7218] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  155.508347][ T7212] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.826 (7212)
[  155.788773][ T7233] loop1: detected capacity change from 0 to 1024
[  155.802896][ T7234] attempt to access beyond end of device
[  155.802896][ T7234] loop4: rw=2049, want=53504, limit=40427
[  155.855496][ T7212] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm
[  155.857116][ T7212] BTRFS info (device loop0): force clearing of disk cache
[  155.858327][ T7212] BTRFS info (device loop0): enabling auto defrag
[  155.859395][ T7212] BTRFS info (device loop0): max_inline at 0
[  155.860304][ T7212] BTRFS info (device loop0): enabling disk space caching
[  155.863240][ T7212] BTRFS info (device loop0): disk space caching is enabled
[  155.868076][ T7212] BTRFS info (device loop0): has skinny extents
[  155.950560][ T7212] BTRFS info (device loop0): enabling ssd optimizations
[  155.952373][ T7212] BTRFS info (device loop0): clearing free space tree
[  155.953569][ T7212] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  155.959518][ T7212] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  155.971139][ T7254] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  155.982068][ T7254] device syzkaller0 entered promiscuous mode
[  155.990408][ T7254] netlink: 8 bytes leftover after parsing attributes in process `syz.1.830'.
[  156.003573][ T7254] tipc: Resetting bearer <eth:syzkaller0>
[  156.054629][ T7253] tipc: Resetting bearer <eth:syzkaller0>
[  156.064540][ T7253] tipc: Disabling bearer <eth:syzkaller0>
[  156.095189][ T4431] Bluetooth: hci1: command 0x2016 tx timeout
[  156.203709][ T7259] loop1: detected capacity change from 0 to 1024
[  156.447421][ T7259] EXT4-fs (loop1): inline encryption not supported
[  156.448480][ T7259] EXT4-fs (loop1): Ignoring removed bh option
[  156.449645][ T7259] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  156.471317][ T7259] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,discard,data_err=ignore,grpquota,noblock_validity,user_xattr,bh,errors=remount-ro,. Quota mode: writeback.
[  156.498960][ T4048] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  156.500426][ T4048] CPU: 0 PID: 4048 Comm: kworker/u5:2 Not tainted 5.15.189-syzkaller #0
[  156.501840][ T4048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  156.503356][ T4048] Workqueue: hci4 hci_rx_work
[  156.504084][ T4048] Call trace:
[  156.504589][ T4048]  dump_backtrace+0x0/0x43c
[  156.505265][ T4048]  show_stack+0x2c/0x3c
[  156.505885][ T4048]  __dump_stack+0x30/0x40
[  156.506542][ T4048]  dump_stack_lvl+0xf8/0x160
[  156.507268][ T4048]  dump_stack+0x1c/0x5c
[  156.507922][ T4048]  sysfs_create_dir_ns+0x22c/0x24c
[  156.508676][ T4048]  kobject_add_internal+0x590/0xc54
[  156.509473][ T4048]  kobject_add+0x134/0x1f8
[  156.510164][ T4048]  device_add+0x3f0/0xf94
[  156.510826][ T4048]  hci_conn_add_sysfs+0xbc/0x1cc
[  156.511691][ T4048]  le_conn_complete_evt+0x9a4/0x11bc
[  156.512618][ T4048]  hci_le_meta_evt+0x85c/0x3010
[  156.513293][ T4048]  hci_event_packet+0xd10/0x11bc
[  156.514163][ T4048]  hci_rx_work+0x1cc/0x880
[  156.514898][ T4048]  process_one_work+0x79c/0x1140
[  156.515677][ T4048]  worker_thread+0x8f4/0x101c
[  156.516467][ T4048]  kthread+0x374/0x454
[  156.517103][ T4048]  ret_from_fork+0x10/0x20
[  156.538370][ T4048] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  156.540690][ T4048] Bluetooth: hci4: failed to register connection device
[  156.575250][   T26] audit: type=1326 audit(156.530:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7262 comm="syz.2.833" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff95c2e0a8 code=0x0
[  156.769931][ T7271] loop0: detected capacity change from 0 to 8192
[  156.848681][ T7271] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  156.850136][ T7271] REISERFS (device loop0): using ordered data mode
[  156.851204][ T7271] reiserfs: using flush barriers
[  156.852680][ T7271] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  156.866569][ T7271] REISERFS (device loop0): checking transaction log (loop0)
[  156.930154][ T7271] REISERFS (device loop0): Using r5 hash to sort names
[  156.933890][ T7271] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  157.582855][ T7281] loop0: detected capacity change from 0 to 1024
[  157.603250][ T7283] udc-core: couldn't find an available UDC or it's busy
[  157.604434][ T7283] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  157.682284][ T7283] udc-core: couldn't find an available UDC or it's busy
[  157.683541][ T7283] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  157.787817][ T7290] loop3: detected capacity change from 0 to 1024
[  157.871061][ T7290] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  157.890082][ T7294] udc-core: couldn't find an available UDC or it's busy
[  157.901489][ T7294] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  157.987043][ T7285] loop4: detected capacity change from 0 to 40427
[  158.399949][ T7285] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  158.403844][ T7285] F2FS-fs (loop4): invalid crc value
[  158.419444][ T7285] F2FS-fs (loop4): Found nat_bits in checkpoint
[  158.445232][ T7285] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  158.500645][ T4054] attempt to access beyond end of device
[  158.500645][ T4054] loop4: rw=2049, want=45112, limit=40427
[  158.578772][   T13] Bluetooth: hci4: command 0x2016 tx timeout
[  158.692499][ T7306] loop4: detected capacity change from 0 to 8192
[  158.734451][ T7309] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.735766][ T4110] Bluetooth: hci0: command 0x0406 tx timeout
[  158.739917][ T4110] Bluetooth: hci1: command 0x0406 tx timeout
[  158.749334][ T7309] device syzkaller0 entered promiscuous mode
[  158.753408][ T7309] netlink: 8 bytes leftover after parsing attributes in process `syz.3.843'.
[  158.756439][ T7306] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  158.758007][ T7306] REISERFS (device loop4): using ordered data mode
[  158.759272][ T7306] reiserfs: using flush barriers
[  158.760652][ T7306] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  158.763363][ T7306] REISERFS (device loop4): checking transaction log (loop4)
[  158.864067][  T234] block nbd2: Attempted send on invalid socket
[  158.865377][  T234] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  159.094168][ T7306] REISERFS (device loop4): Using r5 hash to sort names
[  159.095678][ T7306] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  159.128929][ T7315] tipc: Resetting bearer <eth:syzkaller0>
[  159.223417][ T7307] tipc: Resetting bearer <eth:syzkaller0>
[  159.227420][ T7307] tipc: Disabling bearer <eth:syzkaller0>
[  159.281224][ T7320] loop2: detected capacity change from 0 to 8192
[  159.328680][ T7320] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  159.330337][ T7320] REISERFS (device loop2): using ordered data mode
[  159.331334][ T7320] reiserfs: using flush barriers
[  159.332890][ T7320] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  159.345300][ T7320] REISERFS (device loop2): checking transaction log (loop2)
[  159.347144][ T7320] REISERFS (device loop2): Using r5 hash to sort names
[  159.348424][ T7320] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  159.996758][ T7322] loop1: detected capacity change from 0 to 40427
[  160.080064][ T7322] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  160.088612][ T7324] loop3: detected capacity change from 0 to 40427
[  160.097177][ T7322] F2FS-fs (loop1): invalid crc value
[  160.122235][ T7335] loop4: detected capacity change from 0 to 1024
[  160.125165][ T7324] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff
[  160.128836][ T7324] F2FS-fs (loop3): invalid crc value
[  160.130912][ T7322] F2FS-fs (loop1): Found nat_bits in checkpoint
[  160.144269][ T7324] F2FS-fs (loop3): Found nat_bits in checkpoint
[  160.163620][ T7322] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  160.192834][ T7324] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  160.288751][ T7345] loop4: detected capacity change from 0 to 1024
[  160.330286][ T4045] attempt to access beyond end of device
[  160.330286][ T4045] loop1: rw=2049, want=45112, limit=40427
[  160.384603][ T7348] attempt to access beyond end of device
[  160.384603][ T7348] loop3: rw=2049, want=53504, limit=40427
[  160.739046][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  160.740776][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  160.742136][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  160.743783][ T4046] Workqueue: hci1 hci_rx_work
[  160.744612][ T4046] Call trace:
[  160.745147][ T4046]  dump_backtrace+0x0/0x43c
[  160.745919][ T4046]  show_stack+0x2c/0x3c
[  160.746572][ T4046]  __dump_stack+0x30/0x40
[  160.747273][ T4046]  dump_stack_lvl+0xf8/0x160
[  160.747991][ T4046]  dump_stack+0x1c/0x5c
[  160.748679][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  160.749479][ T4046]  kobject_add_internal+0x590/0xc54
[  160.750344][ T4046]  kobject_add+0x134/0x1f8
[  160.751004][ T4046]  device_add+0x3f0/0xf94
[  160.751642][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  160.752422][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  160.753274][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  160.754106][ T4046]  hci_event_packet+0xd10/0x11bc
[  160.754924][ T4046]  hci_rx_work+0x1cc/0x880
[  160.755664][ T4046]  process_one_work+0x79c/0x1140
[  160.756493][ T4046]  worker_thread+0x8f4/0x101c
[  160.757263][ T4046]  kthread+0x374/0x454
[  160.757864][ T4046]  ret_from_fork+0x10/0x20
[  160.759447][ T7342] loop2: detected capacity change from 0 to 40427
[  160.761971][ T4046] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  160.764297][ T4046] Bluetooth: hci1: failed to register connection device
[  160.768669][   T26] audit: type=1326 audit(160.740:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7352 comm="syz.1.854" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e3ef0a8 code=0x0
[  160.801476][ T7342] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff
[  160.830124][ T7342] F2FS-fs (loop2): invalid crc value
[  160.896633][ T7342] F2FS-fs (loop2): Found nat_bits in checkpoint
[  160.969227][ T7342] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  161.054037][ T4055] attempt to access beyond end of device
[  161.054037][ T4055] loop2: rw=2049, want=45112, limit=40427
[  161.482953][ T7372] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  161.486900][ T7372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  161.488315][ T7372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  161.525639][ T7368] loop0: detected capacity change from 0 to 8192
[  161.539228][ T7368] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  161.544993][ T7370] loop4: detected capacity change from 0 to 8192
[  161.546615][ T7368] REISERFS (device loop0): using ordered data mode
[  161.548466][ T7368] reiserfs: using flush barriers
[  161.566502][ T7370] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  161.567989][ T7370] REISERFS (device loop4): using ordered data mode
[  161.568920][ T7370] reiserfs: using flush barriers
[  161.580385][ T7370] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  161.583152][ T7370] REISERFS (device loop4): checking transaction log (loop4)
[  161.585863][ T7368] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  161.588625][ T7368] REISERFS (device loop0): checking transaction log (loop0)
[  161.611323][ T7370] REISERFS (device loop4): Using r5 hash to sort names
[  161.620040][ T7368] REISERFS (device loop0): Using r5 hash to sort names
[  161.624729][ T7370] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  161.627636][ T7368] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  162.396592][ T7383] loop1: detected capacity change from 0 to 40427
[  162.528456][ T7383] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  162.534917][ T7383] F2FS-fs (loop1): invalid crc value
[  162.563148][ T7383] F2FS-fs (loop1): Found nat_bits in checkpoint
[  162.617808][ T7383] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  162.830086][ T4430] Bluetooth: hci1: command 0x2016 tx timeout
[  162.872828][ T4045] attempt to access beyond end of device
[  162.872828][ T4045] loop1: rw=2049, want=45112, limit=40427
[  163.058930][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  163.060813][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  163.061021][   T26] audit: type=1326 audit(163.030:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.2.874" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff95c2e0a8 code=0x0
[  163.062172][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  163.066680][ T4046] Workqueue: hci4 hci_rx_work
[  163.067426][ T4046] Call trace:
[  163.067899][ T4046]  dump_backtrace+0x0/0x43c
[  163.068573][ T4046]  show_stack+0x2c/0x3c
[  163.069147][ T4046]  __dump_stack+0x30/0x40
[  163.069773][ T4046]  dump_stack_lvl+0xf8/0x160
[  163.070458][ T4046]  dump_stack+0x1c/0x5c
[  163.071098][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  163.071977][ T4046]  kobject_add_internal+0x590/0xc54
[  163.072845][ T4046]  kobject_add+0x134/0x1f8
[  163.073550][ T4046]  device_add+0x3f0/0xf94
[  163.074243][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  163.075016][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  163.075857][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  163.076692][ T4046]  hci_event_packet+0xd10/0x11bc
[  163.077495][ T4046]  hci_rx_work+0x1cc/0x880
[  163.078192][ T4046]  process_one_work+0x79c/0x1140
[  163.079005][ T4046]  worker_thread+0x8f4/0x101c
[  163.079814][ T4046]  kthread+0x374/0x454
[  163.080455][ T4046]  ret_from_fork+0x10/0x20
[  163.081445][ T4046] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  163.083859][ T4046] Bluetooth: hci4: failed to register connection device
[  163.613429][ T7397] loop0: detected capacity change from 0 to 40427
[  163.678954][ T7397] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff
[  163.684061][ T7397] F2FS-fs (loop0): invalid crc value
[  163.714265][ T7397] F2FS-fs (loop0): Found nat_bits in checkpoint
[  163.729412][ T7397] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  163.819440][ T7397] attempt to access beyond end of device
[  163.819440][ T7397] loop0: rw=2049, want=53504, limit=40427
[  164.110264][ T7428] loop3: detected capacity change from 0 to 8192
[  164.174610][ T7428] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  164.176316][ T7428] REISERFS (device loop3): using ordered data mode
[  164.177409][ T7428] reiserfs: using flush barriers
[  164.179459][ T7428] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  164.187912][ T7428] REISERFS (device loop3): checking transaction log (loop3)
[  164.190235][ T7428] REISERFS (device loop3): Using r5 hash to sort names
[  164.191517][ T7428] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  164.216469][ T7420] loop2: detected capacity change from 0 to 32768
[  164.584571][ T7434] loop4: detected capacity change from 0 to 8192
[  164.618104][ T7420] XFS (loop2): Mounting V5 Filesystem
[  164.640436][ T7420] XFS (loop2): Ending clean mount
[  164.655308][ T7434] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  164.657045][ T7434] REISERFS (device loop4): using ordered data mode
[  164.659404][ T7434] reiserfs: using flush barriers
[  164.663833][ T7434] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  164.667028][ T7434] REISERFS (device loop4): checking transaction log (loop4)
[  164.675880][ T7434] REISERFS (device loop4): Using r5 hash to sort names
[  164.677393][ T7434] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  164.683501][ T4055] XFS (loop2): Unmounting Filesystem
[  164.810200][ T7436] loop0: detected capacity change from 0 to 40427
[  165.170247][ T7436] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1ffff
[  165.172245][ T4430] Bluetooth: hci4: command 0x2016 tx timeout
[  165.183852][ T7436] F2FS-fs (loop0): invalid crc value
[  165.257342][ T7436] F2FS-fs (loop0): Found nat_bits in checkpoint
[  165.269725][ T7436] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  165.635009][  T234] block nbd1: Attempted send on invalid socket
[  165.636183][  T234] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  165.655203][ T4046] Bluetooth: hci4: link tx timeout
[  165.656277][ T4046] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  165.658453][ T4046] Bluetooth: hci4: link tx timeout
[  165.660062][ T4046] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  165.673717][ T4050] attempt to access beyond end of device
[  165.673717][ T4050] loop0: rw=2049, want=45112, limit=40427
[  165.706406][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  165.708056][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  165.709350][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  165.710950][ T4046] Workqueue: hci0 hci_rx_work
[  165.711739][ T4046] Call trace:
[  165.712303][ T4046]  dump_backtrace+0x0/0x43c
[  165.713068][ T4046]  show_stack+0x2c/0x3c
[  165.713716][ T4046]  __dump_stack+0x30/0x40
[  165.714403][ T4046]  dump_stack_lvl+0xf8/0x160
[  165.715153][ T4046]  dump_stack+0x1c/0x5c
[  165.715807][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  165.716661][ T4046]  kobject_add_internal+0x590/0xc54
[  165.717490][ T4046]  kobject_add+0x134/0x1f8
[  165.718176][ T4046]  device_add+0x3f0/0xf94
[  165.718913][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  165.719704][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  165.720577][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  165.721330][ T4046]  hci_event_packet+0xd10/0x11bc
[  165.722114][ T4046]  hci_rx_work+0x1cc/0x880
[  165.722778][ T4046]  process_one_work+0x79c/0x1140
[  165.723578][ T4046]  worker_thread+0x8f4/0x101c
[  165.724295][ T4046]  kthread+0x374/0x454
[  165.724925][ T4046]  ret_from_fork+0x10/0x20
[  165.728072][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  165.730020][ T4046] Bluetooth: hci0: failed to register connection device
[  165.732106][   T26] audit: type=1326 audit(165.700:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7458 comm="syz.3.887" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa75ae0a8 code=0x0
[  166.007290][ T7468] loop0: detected capacity change from 0 to 40427
[  166.020558][ T7468] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1ffff
[  166.360943][ T7468] F2FS-fs (loop0): invalid crc value
[  166.364697][ T7480] loop1: detected capacity change from 0 to 1024
[  166.371332][ T7468] F2FS-fs (loop0): Found nat_bits in checkpoint
[  166.380601][ T7468] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  166.459170][ T7468] attempt to access beyond end of device
[  166.459170][ T7468] loop0: rw=2049, want=53504, limit=40427
[  166.661981][ T7488] loop1: detected capacity change from 0 to 64
[  167.231207][ T7496] loop2: detected capacity change from 0 to 8192
[  167.274784][ T7496] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  167.277224][ T7496] REISERFS (device loop2): using ordered data mode
[  167.278351][ T7496] reiserfs: using flush barriers
[  167.283670][ T7496] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  167.305661][ T7496] REISERFS (device loop2): checking transaction log (loop2)
[  167.317819][ T7496] REISERFS (device loop2): Using r5 hash to sort names
[  167.322410][ T7496] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  167.825029][   T13] Bluetooth: hci0: command 0x2016 tx timeout
[  168.447697][ T7515] tipc: Cannot configure node identity twice
[  168.693844][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  168.695899][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  168.697165][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  168.698800][ T4046] Workqueue: hci0 hci_rx_work
[  168.699642][ T4046] Call trace:
[  168.700206][ T4046]  dump_backtrace+0x0/0x43c
[  168.700956][ T4046]  show_stack+0x2c/0x3c
[  168.701632][ T4046]  __dump_stack+0x30/0x40
[  168.702326][ T4046]  dump_stack_lvl+0xf8/0x160
[  168.703030][ T4046]  dump_stack+0x1c/0x5c
[  168.703654][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  168.704393][ T4046]  kobject_add_internal+0x590/0xc54
[  168.705138][ T4046]  kobject_add+0x134/0x1f8
[  168.705795][ T4046]  device_add+0x3f0/0xf94
[  168.706455][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  168.707161][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  168.707919][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  168.708700][ T4046]  hci_event_packet+0xd10/0x11bc
[  168.709496][ T4046]  hci_rx_work+0x1cc/0x880
[  168.710181][ T4046]  process_one_work+0x79c/0x1140
[  168.710964][ T4046]  worker_thread+0x8f4/0x101c
[  168.711681][ T4046]  kthread+0x374/0x454
[  168.712270][ T4046]  ret_from_fork+0x10/0x20
[  168.713627][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  168.715873][ T4046] Bluetooth: hci0: failed to register connection device
[  168.717022][ T4046] Bluetooth: hci0: link tx timeout
[  168.718561][ T4046] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  168.720093][ T4046] Bluetooth: hci0: link tx timeout
[  168.720931][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  168.723240][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  168.724623][ T4046] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  168.748535][ T7498] loop1: detected capacity change from 0 to 40427
[  168.770170][ T7531] loop2: detected capacity change from 0 to 1024
[  168.778386][ T7498] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  168.781928][ T7498] F2FS-fs (loop1): invalid crc value
[  168.790020][ T7498] F2FS-fs (loop1): Found nat_bits in checkpoint
[  168.799204][ T7498] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  168.876162][ T4045] attempt to access beyond end of device
[  168.876162][ T4045] loop1: rw=2049, want=45112, limit=40427
[  168.979744][  T149] block nbd0: Attempted send on invalid socket
[  168.980942][  T149] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  169.135738][ T7544] loop2: detected capacity change from 0 to 164
[  169.161409][ T7544] rock: directory entry would overflow storage
[  169.162645][ T7544] rock: sig=0x66, size=4, remaining=3
[  169.175473][ T7546] udc-core: couldn't find an available UDC or it's busy
[  169.177735][ T7546] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  169.490073][ T7550] loop4: detected capacity change from 0 to 32768
[  169.524073][ T7550] XFS (loop4): Mounting V5 Filesystem
[  169.549878][ T7550] XFS (loop4): Ending clean mount
[  169.593334][ T4054] XFS (loop4): Unmounting Filesystem
[  169.666548][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  169.668098][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  169.669488][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  169.671027][ T4046] Workqueue: hci0 hci_rx_work
[  169.671753][ T4046] Call trace:
[  169.672242][ T4046]  dump_backtrace+0x0/0x43c
[  169.672952][ T4046]  show_stack+0x2c/0x3c
[  169.673618][ T4046]  __dump_stack+0x30/0x40
[  169.674354][ T4046]  dump_stack_lvl+0xf8/0x160
[  169.675107][ T4046]  dump_stack+0x1c/0x5c
[  169.675740][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  169.676515][ T4046]  kobject_add_internal+0x590/0xc54
[  169.677297][ T4046]  kobject_add+0x134/0x1f8
[  169.678051][ T4046]  device_add+0x3f0/0xf94
[  169.678736][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  169.679583][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  169.680493][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  169.681302][ T4046]  hci_event_packet+0xd10/0x11bc
[  169.682125][ T4046]  hci_rx_work+0x1cc/0x880
[  169.682849][ T4046]  process_one_work+0x79c/0x1140
[  169.683615][ T4046]  worker_thread+0x8f4/0x101c
[  169.684411][ T4046]  kthread+0x374/0x454
[  169.685118][ T4046]  ret_from_fork+0x10/0x20
[  169.685928][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  169.687893][ T4046] Bluetooth: hci0: failed to register connection device
[  169.689201][ T4046] Bluetooth: hci0: link tx timeout
[  169.690024][ T4046] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  169.691140][ T4046] Bluetooth: hci0: link tx timeout
[  169.692013][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  169.693307][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  169.694551][ T4046] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  169.763122][  T234] block nbd3: Attempted send on invalid socket
[  169.764223][  T234] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  169.954774][ T7573] loop3: detected capacity change from 0 to 1024
[  170.459860][ T7567] loop1: detected capacity change from 0 to 40427
[  170.476912][ T7567] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  170.499991][ T7567] F2FS-fs (loop1): invalid crc value
[  170.520805][ T7567] F2FS-fs (loop1): Found nat_bits in checkpoint
[  170.562394][ T7567] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  170.664105][ T4045] attempt to access beyond end of device
[  170.664105][ T4045] loop1: rw=2049, want=45112, limit=40427
[  170.765867][ T4430] Bluetooth: hci0: command 0x0406 tx timeout
[  171.028625][ T7595] udc-core: couldn't find an available UDC or it's busy
[  171.029838][ T7595] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  171.110141][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  171.111757][ T4046] CPU: 1 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  171.113017][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  171.114507][ T4046] Workqueue: hci2 hci_rx_work
[  171.115244][ T4046] Call trace:
[  171.115262][ T7593] loop1: detected capacity change from 0 to 32768
[  171.115677][ T4046]  dump_backtrace+0x0/0x43c
[  171.117318][ T4046]  show_stack+0x2c/0x3c
[  171.117894][ T4046]  __dump_stack+0x30/0x40
[  171.118550][ T4046]  dump_stack_lvl+0xf8/0x160
[  171.119208][ T4046]  dump_stack+0x1c/0x5c
[  171.119907][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  171.120700][ T4046]  kobject_add_internal+0x590/0xc54
[  171.121544][ T4046]  kobject_add+0x134/0x1f8
[  171.122176][ T4046]  device_add+0x3f0/0xf94
[  171.122813][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  171.123634][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  171.124428][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  171.125213][ T4046]  hci_event_packet+0xd10/0x11bc
[  171.125952][ T4046]  hci_rx_work+0x1cc/0x880
[  171.126590][ T4046]  process_one_work+0x79c/0x1140
[  171.127360][ T4046]  worker_thread+0x8f4/0x101c
[  171.128093][ T4046]  kthread+0x374/0x454
[  171.128680][ T4046]  ret_from_fork+0x10/0x20
[  171.134104][ T4046] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  171.135235][ T4430] Bluetooth: hci4: command 0x0405 tx timeout
[  171.136993][ T4046] Bluetooth: hci2: failed to register connection device
[  171.138858][ T4046] Bluetooth: hci2: link tx timeout
[  171.139640][ T4046] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  171.140890][ T4046] Bluetooth: hci2: link tx timeout
[  171.141696][ T4046] Bluetooth: hci2: killing stalled connection 00:00:00:00:00:00
[  171.142874][ T4046] Bluetooth: hci2: killing stalled connection 00:00:00:00:00:00
[  171.144249][ T4046] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  171.179443][ T7593] XFS (loop1): Mounting V5 Filesystem
[  171.210871][ T7608] loop0: detected capacity change from 0 to 1024
[  171.221211][ T7593] XFS (loop1): Ending clean mount
[  171.239340][ T4045] XFS (loop1): Unmounting Filesystem
[  171.353247][ T7613] loop0: detected capacity change from 0 to 1024
[  171.360246][ T7615] loop4: detected capacity change from 0 to 256
[  171.401884][ T7615] exFAT-fs (loop4): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d)
[  171.719935][ T7622] loop1: detected capacity change from 0 to 8192
[  171.738481][ T7622] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  171.740095][ T7622] REISERFS (device loop1): using ordered data mode
[  171.744270][ T7622] reiserfs: using flush barriers
[  171.752859][ T7622] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  171.771959][ T7622] REISERFS (device loop1): checking transaction log (loop1)
[  171.784060][ T7622] REISERFS (device loop1): Using r5 hash to sort names
[  171.790515][ T7622] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  171.810333][ T7625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.939'.
[  172.287505][ T7620] loop4: detected capacity change from 0 to 40427
[  172.379117][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  172.380670][ T4046] CPU: 1 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  172.381876][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  172.383314][ T4046] Workqueue: hci0 hci_rx_work
[  172.384009][ T4046] Call trace:
[  172.384468][ T4046]  dump_backtrace+0x0/0x43c
[  172.385105][ T4046]  show_stack+0x2c/0x3c
[  172.385703][ T4046]  __dump_stack+0x30/0x40
[  172.386357][ T4046]  dump_stack_lvl+0xf8/0x160
[  172.387045][ T4046]  dump_stack+0x1c/0x5c
[  172.387708][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  172.388449][ T4046]  kobject_add_internal+0x590/0xc54
[  172.389215][ T4046]  kobject_add+0x134/0x1f8
[  172.389890][ T4046]  device_add+0x3f0/0xf94
[  172.390599][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  172.391430][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  172.392357][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  172.393196][ T4046]  hci_event_packet+0xd10/0x11bc
[  172.393924][ T4046]  hci_rx_work+0x1cc/0x880
[  172.394556][ T4046]  process_one_work+0x79c/0x1140
[  172.395356][ T4046]  worker_thread+0x8f4/0x101c
[  172.396041][ T4046]  kthread+0x374/0x454
[  172.396642][ T4046]  ret_from_fork+0x10/0x20
[  172.398426][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  172.400668][ T4046] Bluetooth: hci0: failed to register connection device
[  172.401776][ T4046] Bluetooth: hci0: link tx timeout
[  172.402522][ T4046] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  172.403325][ T7638] loop3: detected capacity change from 0 to 1024
[  172.403706][ T4046] Bluetooth: hci0: link tx timeout
[  172.405708][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  172.407455][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  172.408819][ T4046] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  172.414980][ T7620] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  172.420072][ T7620] F2FS-fs (loop4): invalid crc value
[  172.422854][ T7620] F2FS-fs (loop4): Found nat_bits in checkpoint
[  172.763375][ T7638] EXT4-fs (loop3): Ignoring removed nobh option
[  172.769182][ T7638] EXT4-fs (loop3): Ignoring removed bh option
[  172.777940][ T7620] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  172.792273][ T7638] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,minixdf,,errors=continue. Quota mode: writeback.
[  172.815160][ T4430] Bluetooth: hci0: command 0x0406 tx timeout
[  172.897590][ T4054] attempt to access beyond end of device
[  172.897590][ T4054] loop4: rw=2049, want=45112, limit=40427
[  173.216533][ T7655] loop4: detected capacity change from 0 to 1024
[  173.228217][ T4585] Bluetooth: hci2: command 0x0406 tx timeout
[  173.242091][ T7657] loop0: detected capacity change from 0 to 256
[  173.252382][ T7648] loop1: detected capacity change from 0 to 32768
[  173.308550][ T7657] exFAT-fs (loop0): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d)
[  173.319730][ T7659] loop3: detected capacity change from 0 to 1024
[  173.328398][ T7648] XFS (loop1): Mounting V5 Filesystem
[  173.351629][ T7648] XFS (loop1): Ending clean mount
[  173.367900][ T4045] XFS (loop1): Unmounting Filesystem
[  173.420212][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  173.421828][ T4046] CPU: 1 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  173.423038][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  173.424518][ T4046] Workqueue: hci0 hci_rx_work
[  173.425300][ T4046] Call trace:
[  173.425779][ T4046]  dump_backtrace+0x0/0x43c
[  173.426458][ T4046]  show_stack+0x2c/0x3c
[  173.427095][ T4046]  __dump_stack+0x30/0x40
[  173.427728][ T4046]  dump_stack_lvl+0xf8/0x160
[  173.428422][ T4046]  dump_stack+0x1c/0x5c
[  173.429083][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  173.429848][ T4046]  kobject_add_internal+0x590/0xc54
[  173.430614][ T4046]  kobject_add+0x134/0x1f8
[  173.431249][ T4046]  device_add+0x3f0/0xf94
[  173.431875][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  173.432668][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  173.433455][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  173.434190][ T4046]  hci_event_packet+0xd10/0x11bc
[  173.434935][ T4046]  hci_rx_work+0x1cc/0x880
[  173.435600][ T4046]  process_one_work+0x79c/0x1140
[  173.436355][ T4046]  worker_thread+0x8f4/0x101c
[  173.437050][ T4046]  kthread+0x374/0x454
[  173.437672][ T4046]  ret_from_fork+0x10/0x20
[  173.440182][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  173.442210][ T4046] Bluetooth: hci0: failed to register connection device
[  173.444092][ T4046] Bluetooth: hci0: link tx timeout
[  173.444913][ T4046] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  173.446203][ T4046] Bluetooth: hci0: link tx timeout
[  173.447016][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  173.448225][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  173.449340][ T4046] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  173.490991][ T7681] udc-core: couldn't find an available UDC or it's busy
[  173.492250][ T7681] misc raw-gadget: fail, usb_gadget_probe_driver returned -19
[  173.622649][ T7685] loop0: detected capacity change from 0 to 8192
[  173.987607][ T7685] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  173.991449][ T7685] REISERFS (device loop0): using ordered data mode
[  173.992532][ T7685] reiserfs: using flush barriers
[  173.999136][ T7685] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  174.013491][ T7685] REISERFS (device loop0): checking transaction log (loop0)
[  174.021143][ T7685] REISERFS (device loop0): Using r5 hash to sort names
[  174.028931][ T7685] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  174.182873][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.951'.
[  174.600859][ T7699] loop2: detected capacity change from 0 to 1024
[  175.075998][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  175.077530][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  175.078744][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  175.080206][ T4046] Workqueue: hci1 hci_rx_work
[  175.080889][ T4046] Call trace:
[  175.081341][ T4046]  dump_backtrace+0x0/0x43c
[  175.082030][ T4046]  show_stack+0x2c/0x3c
[  175.082623][ T4046]  __dump_stack+0x30/0x40
[  175.083302][ T4046]  dump_stack_lvl+0xf8/0x160
[  175.084023][ T4046]  dump_stack+0x1c/0x5c
[  175.084675][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  175.085446][ T4046]  kobject_add_internal+0x590/0xc54
[  175.086233][ T4046]  kobject_add+0x134/0x1f8
[  175.086993][ T4046]  device_add+0x3f0/0xf94
[  175.087694][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  175.088525][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  175.089324][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  175.090080][ T4046]  hci_event_packet+0xd10/0x11bc
[  175.090924][ T4046]  hci_rx_work+0x1cc/0x880
[  175.091622][ T4046]  process_one_work+0x79c/0x1140
[  175.092476][ T4046]  worker_thread+0x8f4/0x101c
[  175.093275][ T4046]  kthread+0x374/0x454
[  175.093987][ T4046]  ret_from_fork+0x10/0x20
[  175.094860][ T4046] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  175.094970][  T234] block nbd2: Attempted send on invalid socket
[  175.097006][ T4046] Bluetooth: hci1: failed to register connection device
[  175.097997][  T234] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  175.101430][ T4585] Bluetooth: hci0: command 0x0406 tx timeout
[  175.295204][ T4585] Bluetooth: hci2: command 0x0406 tx timeout
[  175.798048][ T7731] loop2: detected capacity change from 0 to 32768
[  175.830002][ T7731] jfs_strtoUCS: char2uni returned -22.
[  175.831449][ T7731] charset = cp950, char = 0xd4
[  176.038494][ T7736] loop2: detected capacity change from 0 to 1024
[  176.271519][  T149] block nbd2: Attempted send on invalid socket
[  176.272694][  T149] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  176.573045][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  176.574723][ T4046] CPU: 0 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  176.575945][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  176.577451][ T4046] Workqueue: hci0 hci_rx_work
[  176.578198][ T4046] Call trace:
[  176.578727][ T4046]  dump_backtrace+0x0/0x43c
[  176.579427][ T4046]  show_stack+0x2c/0x3c
[  176.580071][ T4046]  __dump_stack+0x30/0x40
[  176.580801][ T4046]  dump_stack_lvl+0xf8/0x160
[  176.581558][ T4046]  dump_stack+0x1c/0x5c
[  176.582234][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  176.583010][ T4046]  kobject_add_internal+0x590/0xc54
[  176.583798][ T4046]  kobject_add+0x134/0x1f8
[  176.584506][ T4046]  device_add+0x3f0/0xf94
[  176.585224][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  176.586080][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  176.586967][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  176.587769][ T4046]  hci_event_packet+0xd10/0x11bc
[  176.588621][ T4046]  hci_rx_work+0x1cc/0x880
[  176.589391][ T4046]  process_one_work+0x79c/0x1140
[  176.590189][ T4046]  worker_thread+0x8f4/0x101c
[  176.590861][ T4046]  kthread+0x374/0x454
[  176.591468][ T4046]  ret_from_fork+0x10/0x20
[  176.592636][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  176.594958][ T4046] Bluetooth: hci0: failed to register connection device
[  176.596340][ T4046] Bluetooth: hci0: link tx timeout
[  176.597166][ T4046] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  176.598423][ T4046] Bluetooth: hci0: link tx timeout
[  176.599232][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  176.600523][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  176.601802][ T4046] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  177.236076][ T7768] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  177.237863][ T7768] device syzkaller0 entered promiscuous mode
[  177.375305][ T4588] Bluetooth: hci2: command 0x0406 tx timeout
[  177.555882][ T7768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.984'.
[  177.559309][ T7767] tipc: Resetting bearer <eth:syzkaller0>
[  177.566830][ T7767] tipc: Disabling bearer <eth:syzkaller0>
[  177.593353][ T7758] loop3: detected capacity change from 0 to 40427
[  177.605197][ T7758] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  177.609882][ T7758] F2FS-fs (loop3): invalid crc value
[  177.638421][ T7758] F2FS-fs (loop3): Found nat_bits in checkpoint
[  177.662967][ T7777] loop1: detected capacity change from 0 to 1024
[  177.667267][ T7758] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  177.732411][ T4044] attempt to access beyond end of device
[  177.732411][ T4044] loop3: rw=2049, want=45112, limit=40427
[  177.903114][ T7784] dns_resolver: Unsupported server list version (0)
[  177.911244][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  177.920153][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  177.924150][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  177.974680][ T7786] loop2: detected capacity change from 0 to 64
[  178.101433][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  178.102946][ T4046] CPU: 1 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  178.104186][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  178.105810][ T4046] Workqueue: hci0 hci_rx_work
[  178.106572][ T4046] Call trace:
[  178.107053][ T4046]  dump_backtrace+0x0/0x43c
[  178.107773][ T4046]  show_stack+0x2c/0x3c
[  178.108406][ T4046]  __dump_stack+0x30/0x40
[  178.109050][ T4046]  dump_stack_lvl+0xf8/0x160
[  178.109692][ T4046]  dump_stack+0x1c/0x5c
[  178.110302][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  178.111045][ T4046]  kobject_add_internal+0x590/0xc54
[  178.111785][ T4046]  kobject_add+0x134/0x1f8
[  178.112438][ T4046]  device_add+0x3f0/0xf94
[  178.113074][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  178.113820][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  178.114606][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  178.115342][ T4046]  hci_event_packet+0xd10/0x11bc
[  178.116066][ T4046]  hci_rx_work+0x1cc/0x880
[  178.116704][ T4046]  process_one_work+0x79c/0x1140
[  178.117505][ T4046]  worker_thread+0x8f4/0x101c
[  178.118196][ T4046]  kthread+0x374/0x454
[  178.118819][ T4046]  ret_from_fork+0x10/0x20
[  178.119668][ T4046] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  178.121736][ T4046] Bluetooth: hci0: failed to register connection device
[  178.122946][ T4046] Bluetooth: hci0: link tx timeout
[  178.123719][ T4046] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  178.124980][ T4046] Bluetooth: hci0: link tx timeout
[  178.125919][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  178.127112][ T4046] Bluetooth: hci0: killing stalled connection 00:00:00:00:00:00
[  178.128372][ T4046] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  178.647179][ T7796] loop3: detected capacity change from 0 to 8192
[  178.689295][ T7796] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
[  178.690712][ T7796] REISERFS (device loop3): using ordered data mode
[  178.691745][ T7796] reiserfs: using flush barriers
[  178.695431][ T7796] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  178.698144][ T7796] REISERFS (device loop3): checking transaction log (loop3)
[  178.709649][ T7796] REISERFS (device loop3): Using r5 hash to sort names
[  178.711416][ T7796] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  179.324492][ T7810] loop2: detected capacity change from 0 to 1024
[  179.483765][ T7804] loop0: detected capacity change from 0 to 32768
[  179.541770][ T4046] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  179.543528][ T4046] CPU: 1 PID: 4046 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[  179.544804][ T4046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  179.546417][ T4046] Workqueue: hci1 hci_rx_work
[  179.547146][ T4046] Call trace:
[  179.547634][ T4046]  dump_backtrace+0x0/0x43c
[  179.548303][ T4046]  show_stack+0x2c/0x3c
[  179.548947][ T4046]  __dump_stack+0x30/0x40
[  179.549574][ T4046]  dump_stack_lvl+0xf8/0x160
[  179.550233][ T4046]  dump_stack+0x1c/0x5c
[  179.550862][ T4046]  sysfs_create_dir_ns+0x22c/0x24c
[  179.551705][ T4046]  kobject_add_internal+0x590/0xc54
[  179.552468][ T4046]  kobject_add+0x134/0x1f8
[  179.553090][ T4046]  device_add+0x3f0/0xf94
[  179.553704][ T4046]  hci_conn_add_sysfs+0xbc/0x1cc
[  179.554448][ T4046]  le_conn_complete_evt+0x9a4/0x11bc
[  179.555275][ T4046]  hci_le_meta_evt+0x85c/0x3010
[  179.555975][ T4046]  hci_event_packet+0xd10/0x11bc
[  179.556664][ T4046]  hci_rx_work+0x1cc/0x880
[  179.557320][ T4046]  process_one_work+0x79c/0x1140
[  179.558024][ T4046]  worker_thread+0x8f4/0x101c
[  179.558688][ T4046]  kthread+0x374/0x454
[  179.559350][ T4046]  ret_from_fork+0x10/0x20
[  179.560928][ T4046] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  179.562880][ T4046] Bluetooth: hci1: failed to register connection device
[  179.593081][ T7804] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  179.619133][ T7804] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  179.747438][ T7825] loop6: detected capacity change from 0 to 7
[  179.754334][ T7825] Dev loop6: unable to read RDB block 7
[  179.755391][ T7825]  loop6: AHDI p3 p4
[  179.755958][ T7825] loop6: partition table partially beyond EOD, truncated
[  179.757163][ T7825] loop6: p3 start 1697710181 is beyond EOD, truncated
[  179.759261][ T4050] ocfs2: Unmounting device (7,0) on (node local)
[  180.117331][ T7816] loop3: detected capacity change from 0 to 40427
[  180.131536][ T7816] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[  180.139257][ T7816] F2FS-fs (loop3): invalid crc value
[  180.154681][ T7816] F2FS-fs (loop3): Found nat_bits in checkpoint
[  180.180170][ T7816] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  180.274727][ T4044] attempt to access beyond end of device
[  180.274727][ T4044] loop3: rw=2049, want=45112, limit=40427
[  181.215121][ T4585] Bluetooth: hci1: command 0x0406 tx timeout
[  181.216249][ T4587] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  181.532360][ T7845] loop3: detected capacity change from 0 to 40427
[  181.555984][ T7845] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff
[  181.572696][ T7845] F2FS-fs (loop3): invalid crc value
[  181.597025][ T7845] F2FS-fs (loop3): Found nat_bits in checkpoint
[  181.605324][ T4587] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  181.607069][ T4587] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  181.608501][ T4587] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  181.609805][ T4587] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.625771][ T7845] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  181.629389][ T7849] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  181.733615][ T7863] netlink: 'syz.1.1016': attribute type 10 has an invalid length.
[  181.756737][ T7861] attempt to access beyond end of device
[  181.756737][ T7861] loop3: rw=2049, want=53504, limit=40427
[  181.772106][ T7863] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  182.027914][  T234] block nbd1: Attempted send on invalid socket
[  182.029050][  T234] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  182.676758][ T7881] block device autoloading is deprecated and will be removed.
[  182.788031][ T4588] Bluetooth: hci0: command 0x0406 tx timeout
[  182.800115][ T4588] usb 1-1: USB disconnect, device number 4
[  183.209668][ T7891] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1027'.
[  183.312086][ T7896] netlink: 308 bytes leftover after parsing attributes in process `syz.0.1028'.
[  183.585250][ T7900] loop1: detected capacity change from 0 to 64
[  183.619200][ T7267] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  183.855528][ T7267] usb 1-1: Using ep0 maxpacket: 16
[  184.246728][ T7267] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  184.699374][ T7924] loop3: detected capacity change from 0 to 128
[  184.790224][ T7267] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  184.793664][ T7267] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  184.795746][ T7267] usb 1-1: Product: syz
[  184.796402][ T7267] usb 1-1: Manufacturer: syz
[  184.797161][ T7267] usb 1-1: SerialNumber: syz
[  184.806114][ T7267] usb 1-1: config 0 descriptor??
[  184.891687][ T7917] loop1: detected capacity change from 0 to 40427
[  184.909562][ T7917] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  184.919584][ T7917] F2FS-fs (loop1): invalid crc value
[  184.932602][ T7917] F2FS-fs (loop1): Found nat_bits in checkpoint
[  184.947764][ T7934] loop3: detected capacity change from 0 to 1024
[  184.969652][ T7917] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  185.024973][ T4045] attempt to access beyond end of device
[  185.024973][ T4045] loop1: rw=2049, want=45112, limit=40427
[  185.269700][ T7896] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1028'.
[  185.349727][ T7942] loop1: detected capacity change from 0 to 1024
[  185.400210][ T7942] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,,errors=continue. Quota mode: none.
[  185.475277][ T7942] EXT4-fs (loop1): Ignoring removed orlov option
[  185.476440][ T7942] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  185.478067][ T7942] EXT4-fs (loop1): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,sb=0x0000000000000064,orlov,quota,data_err=abort,nomblk_io_submit,. Quota mode: writeback.
[  185.482591][ T4585] usb 1-1: USB disconnect, device number 5
[  185.523377][ T7947] loop2: detected capacity change from 0 to 2048
[  185.616376][ T7947]  loop2: p1 < > p4
[  185.617551][ T7947] loop2: p4 size 8388608 extends beyond EOD, truncated
[  185.637861][ T7953] loop1: detected capacity change from 0 to 1024
[  185.695181][ T4587] Bluetooth: hci1: command 0x0406 tx timeout
[  186.072141][ T4174] udevd[4174]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  186.089797][ T4228] udevd[4228]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  186.567140][ T7972] loop1: detected capacity change from 0 to 40427
[  186.926380][ T7972] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff
[  186.948791][ T7972] F2FS-fs (loop1): invalid crc value
[  186.971060][ T7972] F2FS-fs (loop1): Found nat_bits in checkpoint
[  186.984094][ T7988] loop0: detected capacity change from 0 to 1024
[  186.988398][ T7990] binder: 7989:7990 tried to acquire reference to desc 0, got 1 instead
[  186.990058][ T7990] binder: 7989:7990 transaction failed 29201/-22, size 0-0 line 3059
[  187.008772][ T4585] binder: undelivered TRANSACTION_ERROR: 29201
[  187.023373][ T7972] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  187.426073][ T4045] attempt to access beyond end of device
[  187.426073][ T4045] loop1: rw=2049, want=45112, limit=40427
[  187.528151][ T4046] Bluetooth: hci2: link tx timeout
[  187.528952][ T4046] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  187.530145][ T4046] Bluetooth: hci2: link tx timeout
[  187.531004][ T4046] Bluetooth: hci2: killing stalled connection 00:00:00:00:00:00
[  187.532195][ T4046] Bluetooth: hci2: killing stalled connection 00:00:00:00:00:00
[  187.533290][ T4046] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  187.638195][ T8023] syz.1.1068 uses obsolete (PF_INET,SOCK_PACKET)
[  187.983828][ T8029] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub
[  188.006367][ T8031] loop2: detected capacity change from 0 to 1024
[  188.244159][ T8039] loop2: detected capacity change from 0 to 40427
[  188.263105][ T8039] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1ffff
[  188.276259][ T8039] F2FS-fs (loop2): invalid crc value
[  188.299863][ T8039] F2FS-fs (loop2): Found nat_bits in checkpoint
[  188.355985][ T8039] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  188.473830][ T4055] attempt to access beyond end of device
[  188.473830][ T4055] loop2: rw=2049, want=45112, limit=40427
[  189.042456][ T7267] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0
[  189.044007][ T7267] hid-generic 0000:0000:0000.003B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  189.129860][ T8060] loop1: detected capacity change from 0 to 1024
[  189.925035][ T8079] device vxcan3 entered promiscuous mode
[  190.173324][ T8089] loop1: detected capacity change from 0 to 128
[  190.219537][ T8081] loop4: detected capacity change from 0 to 40427
[  190.346447][  T234] block nbd2: Attempted send on invalid socket
[  190.347654][  T234] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  190.721643][ T8081] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[  190.802063][ T8081] F2FS-fs (loop4): invalid crc value
[  190.827809][ T8081] F2FS-fs (loop4): Found nat_bits in checkpoint
[  191.121498][ T4110] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0
[  191.123089][ T4110] hid-generic 0000:0000:0000.003C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  191.129925][ T8103] loop2: detected capacity change from 0 to 1024
[  191.163174][ T8081] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  191.269173][ T4054] attempt to access beyond end of device
[  191.269173][ T4054] loop4: rw=2049, want=45112, limit=40427
[  191.499689][ T8118] loop3: detected capacity change from 0 to 40427
[  191.555148][ T8118] F2FS-fs (loop3): Unrecognized mount option "age_extent_cache" or missing value
[  191.771462][ T8120] loop2: detected capacity change from 0 to 512
[  192.495867][ T2066] ieee802154 phy0 wpan0: encryption failed: -22
[  192.496950][ T2066] ieee802154 phy1 wpan1: encryption failed: -22
[  192.872605][ T8143] Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP
[  192.873954][ T8143] Modules linked in:
[  192.874620][ T8143] CPU: 0 PID: 8143 Comm: syz.4.1098 Not tainted 5.15.189-syzkaller #0
[  192.875908][ T8143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  192.877586][ T8143] pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc)
[  192.878907][ T8143] pc : bpf_obj_get_info_by_fd+0x16d0/0x30c0
[  192.879858][ T8143] lr : bpf_obj_get_info_by_fd+0x16b4/0x30c0
[  192.880821][ T8143] sp : ffff80001fe07900
[  192.881497][ T8143] x29: ffff80001fe07bc0 x28: ffff700003fc0f34 x27: ffff0000dcb6ac80
[  192.882759][ T8143] x26: 0000000000000000 x25: dfff800000000000 x24: ffff0000dcb6ac81
[  192.884038][ T8143] x23: 00000000fffffff2 x22: 0000000000000000 x21: 0000000000000001
[  192.885312][ T8143] x20: 0000000000000400 x19: 0000000000000004 x18: 0000000000000000
[  192.886559][ T8143] x17: 0000000000000002 x16: ffff800008524918 x15: ffff80001fe079c0
[  192.887892][ T8143] x14: 0000000000ff0100 x13: 1ffff0000282e06b x12: 0000000000080000
[  192.889284][ T8143] x11: 00000000000001ff x10: 0000000000000004 x9 : 0000ffffffffffff
[  192.890679][ T8143] x8 : 0000000000000004 x7 : ffff800008750ed4 x6 : 0000000000000000
[  192.892018][ T8143] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
[  192.893313][ T8143] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000
[  192.894681][ T8143] Call trace:
[  192.895209][ T8143]  bpf_obj_get_info_by_fd+0x16d0/0x30c0
[  192.896114][ T8143]  __sys_bpf+0x39c/0x5f0
[  192.896823][ T8143]  __arm64_sys_bpf+0x80/0x98
[  192.897544][ T8143]  invoke_syscall+0x98/0x2b8
[  192.898267][ T8143]  el0_svc_common+0x138/0x258
[  192.899063][ T8143]  do_el0_svc+0x58/0x14c
[  192.899756][ T8143]  el0_svc+0x78/0x1e0
[  192.900387][ T8143]  el0t_64_sync_handler+0xcc/0xe4
[  192.901227][ T8143]  el0t_64_sync+0x1a0/0x1a4
[  192.901951][ T8143] Code: 9a9f026a d503229f 2a1f03f7 b8000956 (2a1f03e0) 
[  192.903086][ T8143] ---[ end trace 20deba649db63d26 ]---
[  193.157691][ T8143] Kernel panic - not syncing: Oops - BTI: Fatal exception
[  193.158836][ T8143] SMP: stopping secondary CPUs
[  193.159623][ T8143] Kernel Offset: disabled
[  193.160338][ T8143] CPU features: 0x8,000003c1,7d33ffd9
[  193.161234][ T8143] Memory Limit: none
[  193.412173][ T8143] Rebooting in 86400 seconds..