last executing test programs:

14m3.308836424s ago: executing program 32 (id=118):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
setitimer(0x1, 0x0, 0x0)
getitimer(0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000b98bc2c900000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000004}, 0x94)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x1f)
openat$cgroup_ro(r3, 0x0, 0x275a, 0x0)
io_uring_register$IORING_REGISTER_NAPI(0xffffffffffffffff, 0x1b, 0x0, 0x1)

13m42.188429527s ago: executing program 33 (id=163):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$rtc(&(0x7f0000000400), 0x1, 0xcc42)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}})
r1 = socket$isdn(0x22, 0x2, 0x10)
dup3(0xffffffffffffffff, r1, 0x0)
r2 = fsopen(&(0x7f0000000040)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x0, 0x0})

12m22.179802128s ago: executing program 34 (id=336):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="5c00000012006b009a3fe3d86e17aa31106b870000000000000000050000006504001a00380035002a31a0e69ee52bd34460bc06000000a705251e6182949a3651f60a84c9f0d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x400c840)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x20000c0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'dvmrp1\x00', 0x2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x14, 0x0, 0x0, 0xfffff03c}, {0x6, 0x0, 0x0, 0xffffffff}]})

12m1.992919443s ago: executing program 6 (id=338):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6c617a7974696d652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313235342c6661756c745f747970653d30303030303030303030303030303033323736372c6772706a71756f74613d2c6e6f666c7573685f6d657267652c6e6f636865636b706f696e745f6d657267652c61636c2c67635f6d657267652c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c00cef235c93369e015a17ee2ff7fb3ad2b9406058804552c36be902e976d7836f82ef7fe1a91fd5fe53fa7c93ff6227910f46434ee3e5b851845bcaeb4a5731075f9887d22e18a989131940a04c4b9064af9cc9519dd7aa9078ad5ac798fbd81aa90dd19ce130ce6f37c3303199b6026122d39fdf5de1d4949e33dfbf7"], 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="02000000010000000000000404000000000000001000"], 0x24, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x5)
getdents64(r0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000440)='./bus\x00', 0x41)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

11m58.715762305s ago: executing program 6 (id=417):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x810)

11m55.747766955s ago: executing program 6 (id=426):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000080), &(0x7f0000000440)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)

11m55.100458101s ago: executing program 35 (id=426):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000080), &(0x7f0000000440)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)

11m55.070781322s ago: executing program 0 (id=429):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)

11m54.904506129s ago: executing program 0 (id=431):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x1})
ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454c9, 0x1)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x300)

11m53.903133399s ago: executing program 0 (id=433):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
r1 = syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
io_uring_register$IORING_REGISTER_NAPI(r1, 0x1b, 0x0, 0x1)
io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_pidfd_open(0x0, 0x0)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)

11m52.995468796s ago: executing program 0 (id=436):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6c617a7974696d652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313235342c6661756c745f747970653d30303030303030303030303030303033323736372c6772706a71756f74613d2c6e6f666c7573685f6d657267652c6e6f636865636b706f696e745f6d657267652c61636c2c67635f6d657267652c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c00cef235c93369e015a17ee2ff7fb3ad2b9406058804552c36be902e976d7836f82ef7fe1a91fd5fe53fa7c93ff6227910f46434ee3e5b851845bcaeb4a5731075f9887d22e18a989131940a04c4b9064af9cc9519dd7aa9078ad5ac798fbd81aa90dd19ce130ce6f37c3303199b6026122d39fdf5de1d4949e33dfbf7"], 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="0200000001000000000000040400000000000000100000000000"], 0x24, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x5)
getdents64(r0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000440)='./bus\x00', 0x41)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

11m50.386491571s ago: executing program 0 (id=444):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
r1 = syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
io_uring_register$IORING_REGISTER_NAPI(r1, 0x1b, 0x0, 0x1)
io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_pidfd_open(0x0, 0x0)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)

11m46.123566503s ago: executing program 0 (id=456):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x4000, &(0x7f0000000380)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid={'afid', 0x3d, 0x7}}], [], 0x6b}})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r2, 0x541c, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
r3 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000240)='uid', 0x0, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x100500, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, 0x0)

11m45.578580355s ago: executing program 36 (id=456):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x4000, &(0x7f0000000380)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@afid={'afid', 0x3d, 0x7}}], [], 0x6b}})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r2, 0x541c, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
r3 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000240)='uid', 0x0, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x100500, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, 0x0)

11m29.487631385s ago: executing program 5 (id=509):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d004892e822a6abc02ad2602a5ad6f7007ea60864160af365935cfaea3f49d8df1931a0e64ffc4c78029ee517d34460bc06000000938037e70e457ae2bb24ef6697070000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000002e00)=""/4104, 0x1008}, {&(0x7f0000002d00)=""/197, 0xc5}, {&(0x7f0000001ac0)=""/4147, 0x1033}, {&(0x7f0000000200)=""/215, 0xd7}, {&(0x7f0000000040)=""/43, 0x2b}], 0x5}, 0x0)
recvmsg$kcm(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x10182)

11m28.918512388s ago: executing program 5 (id=511):
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="170000008a0000007600000000000000270000000000000095000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)

11m28.467485797s ago: executing program 5 (id=512):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

11m28.262550615s ago: executing program 5 (id=513):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6c617a7974696d652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313235342c6661756c745f747970653d30303030303030303030303030303033323736372c6772706a71756f74613d2c6e6f666c7573685f6d657267652c6e6f636865636b706f696e745f6d657267652c61636c2c67635f6d657267652c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c00cef235c93369e015a17ee2ff7fb3ad2b9406058804552c36be902e976d7836f82ef7fe1a91fd5fe53fa7c93ff6227910f46434ee3e5b851845bcaeb4a5731075f9887d22e18a989131940a04c4b9064af9cc9519dd7aa9078ad5ac798fbd81aa90dd19ce130ce6f37c3303199b6026122d39fdf5de1d4949e33dfbf7"], 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="0200000001000000000000040400000000000000100000000000000020"], 0x24, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x5)
getdents64(r0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000440)='./bus\x00', 0x41)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

11m24.538191645s ago: executing program 5 (id=524):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
r2 = socket$kcm(0xa, 0x1, 0x0)
sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r4}, &(0x7f0000000000), &(0x7f00000000c0)=r1}, 0x20)
recvmsg$can_j1939(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000840)=""/126, 0x7e}], 0x1}, 0x22)

11m22.212871539s ago: executing program 5 (id=532):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

11m21.006886018s ago: executing program 37 (id=532):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

5m23.781904381s ago: executing program 8 (id=1584):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0x1, 0x9, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0x10000, 0xfffffff4]})
sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x600000, 0x9)
getsockopt$rose(r0, 0x104, 0x3, 0x0, &(0x7f0000000140))
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x80040000, 0x5)

5m21.294647912s ago: executing program 8 (id=1589):
socket$inet6(0xa, 0x80002, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
sendfile(r0, r0, 0x0, 0x200000)

5m17.667930728s ago: executing program 8 (id=1593):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=@deltaction={0x14, 0x31, 0x8, 0x70bd26, 0x25dfdbfb}, 0x14}}, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000007000010010ab4be68e8da23507000000", @ANYRES32=r3, @ANYBLOB="100001800400", @ANYRES8=r0], 0x28}}, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5m17.043195513s ago: executing program 8 (id=1596):
r0 = syz_open_dev$loop(0x0, 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)

5m15.667174419s ago: executing program 8 (id=1600):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = getpgrp(0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r4, 0x29, 0x39, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e2b, 0xb, @private1={0xfc, 0x1, '\x00', 0x6}, 0x6}, 0x1c)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

5m13.095709932s ago: executing program 8 (id=1605):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000200)={0xffffffff, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x0, 0x0, 'none\x00'}, 0x2c)

4m58.093514168s ago: executing program 38 (id=1605):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000200)={0xffffffff, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x0, 0x0, 'none\x00'}, 0x2c)

2m33.872883063s ago: executing program 9 (id=1933):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd, 0xffffffffffffff7f, 0x0, 0x0, 0x4, 0x1})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m32.670768182s ago: executing program 9 (id=1935):
socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40480a0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x2, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x400000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @rand_addr, 0x1}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)

2m32.33156454s ago: executing program 9 (id=1937):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = getpgrp(0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

2m26.547631848s ago: executing program 9 (id=1943):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd, 0xffffffffffffff7f, 0x0, 0x0, 0x4, 0x1})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m25.365927017s ago: executing program 9 (id=1944):
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r0=>0x0], 0x0, 0x0, 0x0, 0x1})
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x740, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048041}, 0x4004080)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x44)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x12, r5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x10f4, 0x1a, 0x12, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, &(0x7f0000000000)={r0, 0x0, 0x0, 0x0, 0x2})

2m23.915615319s ago: executing program 9 (id=1947):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)="81b641f1f3", 0x5}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000400)=[{0x2, 0x2, {0x1, 0x0, 0x2}, {0x2, 0xff, 0x1}, 0xfe, 0xfe}], 0x20)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)

2m8.715578658s ago: executing program 39 (id=1947):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)="81b641f1f3", 0x5}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000400)=[{0x2, 0x2, {0x1, 0x0, 0x2}, {0x2, 0xff, 0x1}, 0xfe, 0xfe}], 0x20)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)

1m25.139973707s ago: executing program 4 (id=2026):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0})
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x740, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048041}, 0x4004080)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x44)
add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x12, r5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x10f4, 0x1a, 0x12, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2})

1m23.956989397s ago: executing program 4 (id=2027):
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2084)
writev(r0, &(0x7f0000002100)=[{&(0x7f0000002080)='T01\n', 0x4}, {&(0x7f0000002140)="08b5", 0x2}], 0x2)

1m23.627626741s ago: executing program 4 (id=2029):
recvmmsg(0xffffffffffffffff, &(0x7f00000055c0)=[{{0x0, 0x0, &(0x7f0000005280)=[{0x0}, {&(0x7f0000005200)=""/124, 0x7c}], 0x2}, 0x34}], 0x1, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)

1m23.144277981s ago: executing program 4 (id=2031):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x0, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096})
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

1m19.8706498s ago: executing program 4 (id=2036):
socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40480a0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x2, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @rand_addr, 0x1}, 0x1c)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)

1m18.000414899s ago: executing program 4 (id=2039):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x40)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
move_pages(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x5, 0xe4340000, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)

1m0.974144079s ago: executing program 40 (id=2039):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x40)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
move_pages(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x5, 0xe4340000, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)

16.712908912s ago: executing program 1 (id=2137):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000002400)=ANY=[@ANYBLOB="200e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000580)=ANY=[@ANYBLOB="e71a0d"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r0, 0x0, &(0x7f00000000c0)={0x44, &(0x7f0000000780)={0x0, 0x17, 0x1, "04"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

13.119608404s ago: executing program 2 (id=2142):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x8000)
r0 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000190c0)='syscall\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000480))
fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @multicast1}, {0x2, 0x4624, @dev={0xac, 0x14, 0x14, 0x1e}}, {0x2, 0x4e24, @rand_addr=0x64010102}, 0x221, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd1, 0xc})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20004044}, 0x24040804)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

12.904094653s ago: executing program 2 (id=2143):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="1400000010000100005602640e4052e98bae28712b00000000000a00000a48000000060a0b040000000000000000020000001c000480180001800e000100636f6e6e6c696d6974000000040002800900010073797a30000000000945a8c0ddc7d35c6900000014000000110001"], 0x70}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0200001900010000000000000000000a0101000000000000000000000000000a01010100000000000000000000000000000003000000000a00000008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fcffffffffffffff0000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000001e0000000000000001000000040000000000000000000000fdffffffffffffff0600000000000000040000000000000000000100000000008401050020010000000000000000000000000001000000002b00000000000000fc010000000000000000000000000001000000000000ff000000000000000000000000000000000000000000000000000000000100000000320000000000000000000000000000000000ffffac1e0001feffbfff0000000000000000000000000700000000000000000000000000000000000001000000003c00000002000000fe8800000000000000000000000001010100000001030000000000000000000009000000ff020000000000000000000000000001000000003200000002000000200100000000000000000000000000010000000000000000000000000300000000000000e0000002000000000000000000000000000000002b00000002"], 0x23c}}, 0x8000000)

12.672121873s ago: executing program 2 (id=2145):
syz_io_uring_setup(0x837, 0x0, &(0x7f0000000040), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x1}, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000380)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000128001007f00000001"], 0x48)

11.710531814s ago: executing program 1 (id=2146):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100)
r0 = syz_pidfd_open(0x0, 0x0)
setns(r0, 0x24020000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x200000000000000)

11.159298917s ago: executing program 2 (id=2147):
r0 = getpgrp(0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102400, 0x19000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000007, 0x40032, 0xffffffffffffffff, 0x40000000)

10.054582354s ago: executing program 1 (id=2148):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x4004040)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0)
gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, 0x0)
fcntl$setsig(r1, 0xa, 0x12)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
readv(r2, 0x0, 0x0)

8.804151287s ago: executing program 2 (id=2149):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0x1c}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0xffffffffffffffff, &(0x7f0000000100))
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x122)
mount$9p_xen(&(0x7f0000000300), &(0x7f0000000340)='./file1\x00', &(0x7f0000000380), 0x101000c, 0x0)
futex(&(0x7f0000000040)=0x4, 0x5, 0x1, 0x0, &(0x7f0000004000)=0x1, 0xb1024000)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1c)

8.417317203s ago: executing program 3 (id=2150):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000280)=[@nested_create_vm={0x12d, 0x18}, @enable_nested={0x12c, 0x18}, @nested_amd_stgi={0x17e, 0x10}], 0x40})
ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x3a, [0xfffffff8, 0x8, 0x5, 0x10009, 0x8, 0x155f, 0x6, 0x2, 0x25cd, 0x1, 0xb4, 0xa, 0xb2b9, 0x6, 0x8, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x1000, 0x1, 0x0, 0xd, 0x4, 0x12a0, 0x8000, 0x1, 0x7, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10001, 0x5, 0x91, 0x4, 0x4, 0x16, 0x0, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0xffffff81, 0xff, 0x2, 0x2, 0x2, 0x2, 0x7, 0x4, 0x7, 0x4, 0x4007f, 0xffffffff, 0x9212], [0x9, 0x16e, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000077, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffd, 0x80a, 0x4, 0x5, 0x1000, 0x0, 0x200b395, 0x400000, 0x80000000, 0x4, 0x19, 0x7, 0x1, 0x3, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x96, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x1, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1ce, 0x1, 0x80000004, 0x80000001, 0x6, 0x2, 0x9, 0x95, 0x80000000, 0x4, 0xfffffff9, 0x40000003, 0x1000, 0xfffff804, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x5, 0x200006, 0x8, 0x400, 0xfffffffe, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x89, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x401, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x80, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0x0, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0x3, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x8000007, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x7, 0x5396, 0x936, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xffffffff, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x0, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0xc, 0x463f, 0x4, 0xdab, 0x8003, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40081271, &(0x7f0000000980)=0x4000)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

7.423236045s ago: executing program 1 (id=2152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = socket(0x11, 0x800000003, 0x0)
bind$packet(r2, &(0x7f0000000d00)={0x11, 0x0, r1, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb5}}, 0x14)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000040)="390000001300034700bb65e1c3e4", 0xe}], 0x1)

7.30814101s ago: executing program 7 (id=2153):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x1f2f, 0x0, 0x0, 0x0, 0x0, 0x241, 0x0, 0x96, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6", 0x0}, 0x50)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

7.095699759s ago: executing program 1 (id=2154):
syz_usb_connect(0x1, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000084a48e08d112f74247aa000000010902440001000000000904000003ff016900052406"], 0x0)

6.963860835s ago: executing program 3 (id=2155):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000880)={@in6={{0xa, 0x4e20, 0x3333, @loopback, 0x1000}}, 0x0, 0x0, 0x1e, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e24740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd00"}, 0xd8)
sendto$inet6(r2, &(0x7f0000000000)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x40, @empty}, 0x1c)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e1301"], 0x16)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)

6.942887116s ago: executing program 7 (id=2156):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100)
r0 = syz_pidfd_open(0x0, 0x0)
setns(r0, 0x24020000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
socket$pppoe(0x18, 0x1, 0x0)
close_range(r4, 0xffffffffffffffff, 0x200000000000000)

5.761905706s ago: executing program 7 (id=2157):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, 0x0, 0x4004040)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0)
r1 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r2, 0xa, 0x12)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
readv(r3, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/157, 0x9d}], 0x1)
dup2(r2, r3)
fcntl$setown(r2, 0x8, r1)
tkill(r1, 0x13)

2.672618866s ago: executing program 3 (id=2158):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4)

2.213869416s ago: executing program 2 (id=2159):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1c42, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xc5)
ioctl$SIOCAX25DELUID(r1, 0x89e2, &(0x7f0000000080)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x37)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r2], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.11565846s ago: executing program 1 (id=2160):
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

1.806292613s ago: executing program 7 (id=2161):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x8000)
r0 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
openat$cgroup_procs(r1, 0x0, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000190c0)='syscall\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000480))
fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @multicast1}, {0x2, 0x4624, @dev={0xac, 0x14, 0x14, 0x1e}}, {0x2, 0x4e24, @rand_addr=0x64010102}, 0x221, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd1, 0xc})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20004044}, 0x24040804)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

1.678312109s ago: executing program 3 (id=2162):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02077e46a3dd42226e06000027bf00000005", @ANYRES32, @ANYBLOB='\x00'/13], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1fffffd7})
r3 = socket(0x40000000015, 0x5, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
listen(r4, 0x0)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000000080)=0x4, 0x4)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, 0x0, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e1e, @empty}, 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r6})
socket$nl_netfilter(0x10, 0x3, 0xc)

561.810636ms ago: executing program 3 (id=2163):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card1/oss_mixer\x00', 0x8301, 0x0)
dup3(r0, r1, 0x0)

378.685794ms ago: executing program 7 (id=2164):
r0 = socket(0xa, 0x5, 0x0)
listen(r0, 0x100)
r1 = dup(r0)
sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000280)=@in6={0xa, 0x4e22, 0x4, @private2, 0xfffffff7}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000200)='\r', 0x1}], 0x1, &(0x7f0000000140)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x6000002}}], 0x18, 0x4080081}, 0x8050)

119.608154ms ago: executing program 3 (id=2165):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100)
r0 = syz_pidfd_open(0x0, 0x0)
setns(r0, 0x24020000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$pppoe(0x18, 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000)

0s ago: executing program 7 (id=2166):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff5644d, 0x70bd2c, 0x7fffe, {0x0, 0x0, 0x0, r7, {}, {0xb, 0xb}, {0xf, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0xffffffff, 0x32, 0x5, 0x7, 0x2, 0x9, 0x1, 0x1, 0x1, {0xffff1c72, 0x0, 0x7, 0xc, 0xfffffffa, 0x7583}}}}]}, 0x78}}, 0x8000)
sendto$packet(r4, &(0x7f0000000240)="bad33075218151db00316f3a277f", 0xe, 0x22008001, &(0x7f0000000080)={0x11, 0x88a8, r3, 0x1, 0xda, 0x6, @multicast}, 0x14)

kernel console output (not intermixed with test programs):

2] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.229350][ T9041] netlink: 16 bytes leftover after parsing attributes in process `syz.8.787'.
[  373.259944][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.548858][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.624754][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.690070][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.742882][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.761833][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.967819][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.975438][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  373.982205][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  374.007344][ T9049] netdevsim netdevsim8: loading /lib/firmware/. failed with error -22
[  374.015619][ T9049] netdevsim netdevsim8: Direct firmware load for . failed with error -22
[  374.024077][ T9049] netdevsim netdevsim8: Falling back to sysfs fallback for: .
[  374.532913][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.043855][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.050658][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.057533][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.101525][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.114706][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.121631][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.145633][ T9048] delete_channel: no stack
[  375.150223][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.278257][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.285155][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.292978][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.299759][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.320848][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.327738][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.335030][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.341794][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.473543][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.480578][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.544241][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.678870][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.785304][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.878468][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  375.999237][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.050097][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.098664][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.163114][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.227362][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.302592][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.346741][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.381688][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.399811][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.423087][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.453094][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.675945][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.682726][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.689853][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.696676][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.704766][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.711996][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.718942][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.726482][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.733311][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.740071][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.746919][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.753832][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.760624][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.767732][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  376.901880][ T9085] loop4: detected capacity change from 0 to 1024
[  377.076046][ T9085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  377.088976][ T9085] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  377.517152][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.526667][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.533533][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.540288][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.547322][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.561777][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  377.573027][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.579754][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.735032][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.742363][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.749221][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.756038][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.762925][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.770162][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.777144][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.783932][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.790677][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.804957][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.894476][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  377.933873][ T5812] kye 0003:0458:5013.0001: unknown main item tag 0x0
[  378.775593][ T5812] kye 0003:0458:5013.0001: hidraw0: USB HID vff.fa Device [HID 0458:5013] on usb-dummy_hcd.9-1/input0
[  378.806027][ T5812] kye 0003:0458:5013.0001: tablet-enabling feature report not found
[  378.828429][ T5812] kye 0003:0458:5013.0001: tablet enabling failed
[  378.938592][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  378.948129][ T9081] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (33554434)
[  378.959463][ T9081] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[  378.971077][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  378.981206][ T9081] netlink: 48 bytes leftover after parsing attributes in process `syz.7.799'.
[  379.112646][ T5812] usb 10-1: USB disconnect, device number 5
[  379.495958][ T9102] netdevsim netdevsim8: loading /lib/firmware/. failed with error -22
[  379.504463][ T9102] netdevsim netdevsim8: Direct firmware load for . failed with error -22
[  379.513079][ T9102] netdevsim netdevsim8: Falling back to sysfs fallback for: .
[  379.648458][ T9098] fido_id[9098]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[  379.916733][ T5812] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  380.144396][ T5812] usb 8-1: unable to get BOS descriptor or descriptor too short
[  380.193457][ T5812] usb 8-1: not running at top speed; connect to a high speed hub
[  380.237836][ T9101] delete_channel: no stack
[  380.276408][ T5812] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.317554][ T5812] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  380.350092][ T5812] usb 8-1: New USB device found, idVendor=1235, idProduct=8012, bcdDevice= 0.40
[  380.360578][ T5812] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.382842][ T5812] usb 8-1: Product: syz
[  380.387959][ T5812] usb 8-1: Manufacturer: syz
[  380.418761][ T5812] usb 8-1: SerialNumber: syz
[  381.529897][ T9128] loop8: detected capacity change from 0 to 1024
[  381.636706][ T9128] EXT4-fs (loop8): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  381.649263][ T9128] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  381.699327][ T5812] usb 8-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  381.726493][ T5812] usb 8-1: 0:2 : does not exist
[  381.942536][ T5812] usb 8-1: USB disconnect, device number 4
[  381.976018][ T7759] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  382.140721][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  386.126192][ T9171] loop7: detected capacity change from 0 to 1024
[  386.197807][ T5776] Bluetooth: hci1: command 0x0406 tx timeout
[  386.767294][ T9171] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  386.779724][ T9171] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  387.137689][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  391.598289][ T9230] loop4: detected capacity change from 0 to 1024
[  392.294192][ T9230] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  392.306553][ T9230] ext4 filesystem being mounted at /200/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  392.638222][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  392.805007][ T8804] failed to send hello msg
[  392.825431][ T8804] failed while handling packet from 1:60042
[  392.884017][ T9239] block device autoloading is deprecated and will be removed.
[  394.322508][ T5776] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  394.823258][    T9] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  395.075274][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  395.104397][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  395.153311][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  395.191637][    T9] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  395.228164][    T9] usb 5-1: New USB device found, idVendor=1235, idProduct=8012, bcdDevice= 0.40
[  395.249061][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.265512][    T9] usb 5-1: Product: syz
[  395.276043][    T9] usb 5-1: Manufacturer: syz
[  395.306557][    T9] usb 5-1: SerialNumber: syz
[  395.562927][   T23] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  395.601572][    T9] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  395.630900][    T9] usb 5-1: 0:2 : does not exist
[  395.699522][    T9] usb 5-1: USB disconnect, device number 9
[  395.774157][   T23] usb 10-1: Using ep0 maxpacket: 8
[  395.787968][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  395.805054][   T23] usb 10-1: config 9 has an invalid interface number: 122 but max is 0
[  395.833003][   T23] usb 10-1: config 9 has no interface number 0
[  395.843836][   T23] usb 10-1: config 9 interface 122 has no altsetting 0
[  395.876509][   T23] usb 10-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=f7.cd
[  395.913481][   T23] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.932489][   T23] usb 10-1: Product: syz
[  395.962675][   T23] usb 10-1: Manufacturer: syz
[  395.978091][   T23] usb 10-1: SerialNumber: syz
[  396.233797][   T23] appledisplay 10-1:9.122: Could not find int-in endpoint
[  396.263512][   T23] usbhid 10-1:9.122: couldn't find an input interrupt endpoint
[  396.300754][   T23] usb 10-1: USB disconnect, device number 6
[  396.360948][ T5776] Bluetooth: hci3: command 0x0406 tx timeout
[  400.363012][   T23] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  400.403238][ T6969] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  400.515274][ T9321] loop8: detected capacity change from 0 to 40427
[  400.534371][ T9321] F2FS-fs (loop8): build fault injection attr: rate: 684, type: 0x7ffff
[  400.547438][ T9321] F2FS-fs (loop8): build fault injection attr: rate: 0, type: 0x35f7
[  400.569506][ T9321] F2FS-fs (loop8): Image doesn't support compression
[  400.580894][ T9321] F2FS-fs (loop8): invalid crc value
[  400.591395][   T23] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  400.601828][ T6969] usb 10-1: Using ep0 maxpacket: 16
[  400.614086][ T9321] F2FS-fs (loop8): Found nat_bits in checkpoint
[  400.628490][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.645913][ T6969] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.666542][ T6969] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  400.666592][   T23] usb 5-1: config 0 descriptor??
[  400.693703][ T6969] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  400.706028][   T23] cp210x 5-1:0.0: cp210x converter detected
[  400.728656][ T6969] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.756102][ T6969] usb 10-1: Product: syz
[  400.768034][ T6969] usb 10-1: Manufacturer: syz
[  400.797187][ T6969] usb 10-1: SerialNumber: syz
[  400.843118][ T9321] F2FS-fs (loop8): Start checkpoint disabled!
[  400.885096][ T9321] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  401.000293][ T9321] F2FS-fs (loop8): access invalid blkaddr:4043309056
[  401.025690][ T9359] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(7)
[  401.032931][ T9359] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  401.050558][ T9321] CPU: 0 PID: 9321 Comm: syz.8.855 Not tainted syzkaller #0
[  401.057956][ T9321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  401.062655][ T6969] usb 10-1: 0:2 : does not exist
[  401.068056][ T9321] Call Trace:
[  401.068077][ T9321]  <TASK>
[  401.068090][ T9321]  dump_stack_lvl+0x18c/0x250
[  401.084152][ T9321]  ? show_regs_print_info+0x20/0x20
[  401.089464][ T9321]  ? __lock_acquire+0x1273/0x7d40
[  401.094560][ T9321]  ? f2fs_get_next_page_offset+0x690/0x690
[  401.100446][ T9321]  ? f2fs_mpage_readpages+0x1b08/0x1ea0
[  401.106119][ T9321]  f2fs_is_valid_blkaddr+0xef8/0x1580
[  401.111664][ T9321]  f2fs_map_blocks+0xde5/0x3e60
[  401.116598][ T9321]  ? verify_lock_unused+0x140/0x140
[  401.121905][ T9321]  ? f2fs_get_block_locked+0xe0/0xe0
[  401.127265][ T9321]  ? __lock_acquire+0x7d40/0x7d40
[  401.130775][ T6969] usb 10-1: unit 6 not found!
[  401.132367][ T9321]  ? xas_descend+0x3a4/0x490
[  401.141832][ T9321]  ? xa_load+0x2b7/0x2e0
[  401.146144][ T9321]  ? xa_load+0x64/0x2e0
[  401.150407][ T9321]  ? page_index+0xe7/0x460
[  401.154900][ T9321]  f2fs_mpage_readpages+0xa26/0x1ea0
[  401.155973][   T23] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  401.160251][ T9321]  ? detach_page_private+0x4b0/0x4b0
[  401.160278][ T9321]  ? __mod_lruvec_page_state+0xa5/0x410
[  401.178704][ T9321]  ? f2fs_readahead+0x167/0x2f0
[  401.183705][ T9321]  ? f2fs_dirty_data_folio+0x800/0x800
[  401.189255][ T9321]  read_pages+0x189/0x850
[  401.193743][ T9321]  ? folio_put+0xd0/0xd0
[  401.198059][ T9321]  ? page_cache_ra_unbounded+0x770/0x770
[  401.203778][ T9321]  ? filemap_add_folio+0x192/0x3c0
[  401.208961][ T9321]  page_cache_ra_unbounded+0x68a/0x770
[  401.214504][ T9321]  f2fs_readdir+0x494/0x970
[  401.219527][ T9321]  ? f2fs_fill_dentries+0xc00/0xc00
[  401.224821][ T9321]  ? mutex_lock_nested+0x20/0x20
[  401.229817][ T9321]  ? end_current_label_crit_section+0x149/0x170
[  401.236146][ T9321]  ? down_read_killable+0x1d0/0x340
[  401.241452][ T9321]  ? fsnotify_perm+0x271/0x5e0
[  401.246302][ T9321]  iterate_dir+0x1c2/0x580
[  401.250840][ T9321]  __se_sys_getdents64+0xf6/0x270
[  401.255958][ T9321]  ? __x64_sys_getdents64+0x80/0x80
[  401.261248][ T9321]  ? filldir+0x660/0x660
[  401.265626][ T9321]  ? lockdep_hardirqs_on+0x98/0x150
[  401.270919][ T9321]  do_syscall_64+0x55/0xa0
[  401.275424][ T9321]  ? clear_bhb_loop+0x40/0x90
[  401.280221][ T9321]  ? clear_bhb_loop+0x40/0x90
[  401.285058][ T9321]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  401.291021][ T9321] RIP: 0033:0x7f7110d9c799
[  401.295852][ T9321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  401.315607][ T9321] RSP: 002b:00007f710eff6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  401.324182][ T9321] RAX: ffffffffffffffda RBX: 00007f7111015fa0 RCX: 00007f7110d9c799
[  401.332251][ T9321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  401.340291][ T9321] RBP: 00007f7110e32c99 R08: 0000000000000000 R09: 0000000000000000
[  401.348347][ T9321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  401.351764][ T6969] usb 10-1: USB disconnect, device number 7
[  401.356530][ T9321] R13: 00007f7111016038 R14: 00007f7111015fa0 R15: 00007fffd1ba1418
[  401.356577][ T9321]  </TASK>
[  401.420234][ T9321] syz.8.855: attempt to access beyond end of device
[  401.420234][ T9321] loop8: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  401.440835][ T9359] vhci_hcd vhci_hcd.0: Device attached
[  401.467261][ T9321] syz.8.855: attempt to access beyond end of device
[  401.467261][ T9321] loop8: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  401.473105][ T9368] vhci_hcd vhci_hcd.0: pdev(7) rhport(1) sockfd(10)
[  401.487384][ T9368] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  401.507795][   T23] usb 5-1: cp210x converter now attached to ttyUSB0
[  401.524049][ T9368] vhci_hcd vhci_hcd.0: Device attached
[  401.547991][ T9371] vhci_hcd vhci_hcd.0: pdev(7) rhport(2) sockfd(9)
[  401.554608][ T9371] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  401.572962][ T9359] vhci_hcd vhci_hcd.0: pdev(7) rhport(3) sockfd(14)
[  401.579656][ T9359] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  401.627559][ T9371] vhci_hcd vhci_hcd.0: Device attached
[  401.663002][ T9359] vhci_hcd vhci_hcd.0: Device attached
[  401.690446][ T9368] vhci_hcd vhci_hcd.0: pdev(7) rhport(4) sockfd(13)
[  401.697156][ T9368] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  401.705007][ T8105] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[  401.765381][ T9368] vhci_hcd vhci_hcd.0: Device attached
[  401.785436][ T9359] vhci_hcd vhci_hcd.0: pdev(7) rhport(5) sockfd(19)
[  401.792221][ T9359] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  401.848977][ T9371] vhci_hcd vhci_hcd.0: pdev(7) rhport(6) sockfd(24)
[  401.855703][ T9371] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  401.869756][   T23] usb 5-1: USB disconnect, device number 10
[  401.893544][ T9359] vhci_hcd vhci_hcd.0: Device attached
[  401.903769][   T23] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  401.942358][ T9371] vhci_hcd vhci_hcd.0: Device attached
[  401.971347][   T23] cp210x 5-1:0.0: device disconnected
[  402.028743][ T9376] vhci_hcd: connection closed
[  402.029804][ T1134] kworker/u4:6: attempt to access beyond end of device
[  402.029804][ T1134] loop8: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  402.054288][ T9369] vhci_hcd: connection closed
[  402.055055][ T9361] vhci_hcd: connection reset by peer
[  402.060813][ T9372] vhci_hcd: connection closed
[  402.065450][ T9374] vhci_hcd: connection closed
[  402.072743][ T6752] vhci_hcd: stop threads
[  402.105016][ T9379] vhci_hcd: connection closed
[  402.120033][ T6752] vhci_hcd: release socket
[  402.130707][ T9381] vhci_hcd: connection closed
[  402.132946][ T1134] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  402.150990][ T6752] vhci_hcd: disconnect device
[  402.158471][ T6752] vhci_hcd: stop threads
[  402.167406][ T6752] vhci_hcd: release socket
[  402.171988][ T6752] vhci_hcd: disconnect device
[  402.176970][ T1134] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  402.177764][ T6752] vhci_hcd: stop threads
[  402.200519][ T6752] vhci_hcd: release socket
[  402.206380][ T6752] vhci_hcd: disconnect device
[  402.213257][ T6752] vhci_hcd: stop threads
[  402.217762][ T1134] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  402.224502][ T6752] vhci_hcd: release socket
[  402.234283][ T6752] vhci_hcd: disconnect device
[  402.239643][ T6752] vhci_hcd: stop threads
[  402.252988][ T6752] vhci_hcd: release socket
[  402.257522][ T6752] vhci_hcd: disconnect device
[  402.271236][ T6752] vhci_hcd: stop threads
[  402.290186][ T6752] vhci_hcd: release socket
[  402.308745][ T6752] vhci_hcd: disconnect device
[  402.323228][ T6752] vhci_hcd: stop threads
[  402.327679][ T6752] vhci_hcd: release socket
[  402.337811][ T6752] vhci_hcd: disconnect device
[  402.802916][ T6969] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  403.056147][ T6969] usb 5-1: unable to get BOS descriptor or descriptor too short
[  403.109921][ T6969] usb 5-1: not running at top speed; connect to a high speed hub
[  403.160401][ T6969] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  403.171813][ T6969] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  403.193481][ T6969] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  403.266633][ T6969] usb 5-1: New USB device found, idVendor=0582, idProduct=0114, bcdDevice= 0.40
[  403.293526][ T6969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.322900][ T6969] usb 5-1: Product: syz
[  403.328554][ T6969] usb 5-1: Manufacturer: syz
[  403.333464][ T6969] usb 5-1: SerialNumber: syz
[  403.743420][ T6969] usb 5-1: Quirk or no altest; falling back to MIDI 1.0
[  403.762982][ T6969] usb 5-1: MIDIStreaming interface descriptor not found
[  403.888171][ T6969] usb 5-1: USB disconnect, device number 11
[  403.969543][ T5785] udevd[5785]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  404.629150][    T8] usb 10-1: new full-speed USB device number 8 using dummy_hcd
[  404.871471][    T8] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  404.906023][    T8] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  404.945310][    T8] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  404.979758][    T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.251631][ T9421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  405.315649][ T9421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.369343][    T8] usb 10-1: usb_control_msg returned -32
[  405.404074][    T8] usbtmc 10-1:16.0: can't read capabilities
[  407.427160][ T6969] usb 10-1: USB disconnect, device number 8
[  407.463559][ T8105] vhci_hcd: vhci_device speed not set
[  407.486595][ T9424] loop4: detected capacity change from 0 to 40427
[  407.535980][ T9424] F2FS-fs (loop4): build fault injection attr: rate: 684, type: 0x7ffff
[  407.558383][ T9424] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7
[  407.593147][ T9424] F2FS-fs (loop4): Image doesn't support compression
[  407.630815][ T9424] F2FS-fs (loop4): invalid crc value
[  407.659655][ T9424] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4)
[  408.330002][ T9469] netlink: 12 bytes leftover after parsing attributes in process `syz.7.883'.
[  408.341515][ T5812] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  408.575125][ T5812] usb 10-1: config 0 interface 0 has no altsetting 0
[  408.601561][ T5812] usb 10-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  408.653342][ T5812] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.697902][ T5812] usb 10-1: config 0 descriptor??
[  408.946834][ T5812]  (null): keene_cmd_main failed (-71)
[  409.302152][ T5812] video4linux radio48: keene_cmd_main failed (-71)
[  409.372818][ T5812] radio-keene 10-1:0.0: V4L2 device registered as radio48
[  409.436863][ T9481] random: crng reseeded on system resumption
[  409.529351][ T5812] usb 10-1: USB disconnect, device number 9
[  410.840842][ T9501] comedi comedi0: Minor 3 could not be opened
[  411.883095][ T9522] program syz.8.896 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  412.115539][ T9492] loop7: detected capacity change from 0 to 40427
[  412.167511][ T9492] F2FS-fs (loop7): build fault injection attr: rate: 684, type: 0x7ffff
[  412.191450][ T9492] F2FS-fs (loop7): build fault injection attr: rate: 0, type: 0x35f7
[  412.234684][ T9492] F2FS-fs (loop7): Image doesn't support compression
[  412.275624][ T9492] F2FS-fs (loop7): invalid crc value
[  412.316316][ T9492] F2FS-fs (loop7): Found nat_bits in checkpoint
[  412.598979][ T9492] F2FS-fs (loop7): Start checkpoint disabled!
[  412.819369][ T9492] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  414.009342][ T9555] netdevsim netdevsim8: loading /lib/firmware/. failed with error -22
[  414.018295][ T9555] netdevsim netdevsim8: Direct firmware load for . failed with error -22
[  414.027111][ T9555] netdevsim netdevsim8: Falling back to sysfs fallback for: .
[  414.126335][ T9559] Bluetooth: MGMT ver 1.22
[  414.867475][ T9554] delete_channel: no stack
[  416.444688][ T9595] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  416.613030][   T23] usb 10-1: new full-speed USB device number 10 using dummy_hcd
[  416.828864][   T23] usb 10-1: unable to get BOS descriptor or descriptor too short
[  416.854116][   T23] usb 10-1: not running at top speed; connect to a high speed hub
[  416.889671][   T23] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  416.916648][   T23] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.971993][   T23] usb 10-1: New USB device found, idVendor=0582, idProduct=0114, bcdDevice= 0.40
[  417.001078][   T23] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.021380][   T23] usb 10-1: Product: syz
[  417.036858][   T23] usb 10-1: Manufacturer: syz
[  417.041650][   T23] usb 10-1: SerialNumber: syz
[  417.307249][   T23] usb 10-1: Quirk or no altest; falling back to MIDI 1.0
[  417.335193][   T23] usb 10-1: MIDIStreaming interface descriptor not found
[  417.592040][ T9614] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004
[  417.894441][   T23] usb 10-1: USB disconnect, device number 10
[  418.403705][ T5785] udevd[5785]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  421.968908][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  423.263125][ T5812] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  423.310516][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  423.483217][ T5812] usb 10-1: Using ep0 maxpacket: 32
[  423.504606][ T5812] usb 10-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice= 0.40
[  423.542560][ T5812] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.573216][ T5812] usb 10-1: Product: syz
[  423.592368][ T5812] usb 10-1: Manufacturer: syz
[  423.603844][ T5812] usb 10-1: SerialNumber: syz
[  423.846767][ T5812] snd-usb-audio: probe of 10-1:1.0 failed with error -71
[  423.875793][ T5812] snd-usb-audio: probe of 10-1:1.1 failed with error -71
[  423.912288][ T5812] snd-usb-audio: probe of 10-1:1.2 failed with error -71
[  423.937609][ T5812] usb 10-1: USB disconnect, device number 11
[  424.042209][ T9694] genirq: Flags mismatch irq 4. 00000000 (pcl812) vs. 00000000 (ttyS0)
[  424.237529][    T8] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  424.560887][    T8] usb 8-1: Using ep0 maxpacket: 16
[  424.670793][    T8] usb 8-1: config 1 interface 0 altsetting 193 bulk endpoint 0x1 has invalid maxpacket 1024
[  424.803290][    T8] usb 8-1: config 1 interface 0 altsetting 193 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  424.939522][    T8] usb 8-1: config 1 interface 0 has no altsetting 0
[  424.999240][    T8] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  425.019235][    T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.061222][    T8] usb 8-1: Product: syz
[  425.076206][    T8] usb 8-1: Manufacturer: syz
[  425.080896][    T8] usb 8-1: SerialNumber: syz
[  425.148913][ T9692] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  425.313251][ T5083] Bluetooth: hci4: command 0x1003 tx timeout
[  425.321895][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  425.411123][    T8] usb 8-1: USB disconnect, device number 5
[  428.535798][ T9756] loop8: detected capacity change from 0 to 1024
[  429.500713][ T9756] EXT4-fs (loop8): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  429.513049][ T9756] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  429.844133][ T7759] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  430.839581][ T9773] overlayfs: overlapping lowerdir path
[  431.925573][ T9797] loop8: detected capacity change from 0 to 1024
[  432.098373][ T9797] EXT4-fs (loop8): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  432.111737][ T9797] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  432.615123][ T7759] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  433.129377][    T8] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  433.292954][    T8] usb 9-1: device descriptor read/64, error -71
[  433.426010][ T9824] overlayfs: overlapping lowerdir path
[  433.601420][    T8] usb 9-1: new full-speed USB device number 6 using dummy_hcd
[  433.763049][    T8] usb 9-1: device descriptor read/64, error -71
[  433.883202][    T8] usb usb9-port1: attempt power cycle
[  434.292976][    T8] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  434.343667][    T8] usb 9-1: device descriptor read/8, error -71
[  434.625158][    T8] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[  434.684571][    T8] usb 9-1: device descriptor read/8, error -71
[  434.818227][    T8] usb usb9-port1: unable to enumerate USB device
[  435.033193][ T5836] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  435.242735][ T5836] usb 5-1: unable to get BOS descriptor or descriptor too short
[  435.315124][ T5836] usb 5-1: not running at top speed; connect to a high speed hub
[  435.404684][ T5836] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  435.495603][ T5836] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  435.644036][ T5836] usb 5-1: New USB device found, idVendor=0582, idProduct=0114, bcdDevice= 0.40
[  435.701032][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.753113][ T5836] usb 5-1: Product: syz
[  435.782651][ T5836] usb 5-1: Manufacturer: syz
[  435.810575][ T5836] usb 5-1: SerialNumber: syz
[  436.294595][ T5836] usb 5-1: Quirk or no altest; falling back to MIDI 1.0
[  436.302697][ T5836] usb 5-1: MIDIStreaming interface descriptor not found
[  436.343129][ T5836] usb 5-1: USB disconnect, device number 12
[  437.108160][ T9877] loop9: detected capacity change from 0 to 1024
[  437.184727][ T9877] EXT4-fs (loop9): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  437.197109][ T9877] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  437.417254][ T5785] udevd[5785]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  437.768140][ T8098] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  438.192107][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.7.973'.
[  439.715837][ T9914] loop4: detected capacity change from 0 to 1024
[  440.250258][ T9915] netlink: 'syz.8.976': attribute type 10 has an invalid length.
[  440.287784][ T9914] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  440.301071][ T9914] ext4 filesystem being mounted at /239/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  440.364600][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  440.376438][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  440.687510][ T9915] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  440.848997][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  441.353062][  T789] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  441.553382][  T789] usb 5-1: Using ep0 maxpacket: 8
[  441.902550][  T789] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  441.985789][  T789] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  442.048623][  T789] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  442.103967][  T789] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  442.502914][  T789] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  442.567350][  T789] usb 5-1: config 168 interface 0 has no altsetting 0
[  442.598831][  T789] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  442.610577][  T789] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  442.652428][  T789] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  442.802366][  T789] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  442.917359][  T789] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  443.052935][  T789] usb 5-1: config 168 interface 0 has no altsetting 0
[  443.092218][  T789] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  443.111871][  T789] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  443.153986][  T789] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  443.187914][  T789] usb 5-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  443.218107][  T789] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  443.231840][  T789] usb 5-1: config 168 interface 0 has no altsetting 0
[  443.245477][  T789] usb 5-1: string descriptor 0 read error: -22
[  443.251872][  T789] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  443.272240][  T789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.306968][  T789] adutux 5-1:168.0: interrupt endpoints not found
[  443.321593][ T2997] Bluetooth: hci4: Frame reassembly failed (-84)
[  444.428755][ T8105] usb 5-1: USB disconnect, device number 13
[  445.314431][ T5083] Bluetooth: hci4: command 0x1003 tx timeout
[  445.322130][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  447.504539][T10026] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[  447.513172][T10026] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[  447.521869][T10026] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[  448.151075][T10021] delete_channel: no stack
[  448.738928][   T49] Bluetooth: hci4: Frame reassembly failed (-84)
[  451.867381][ T5083] Bluetooth: hci4: command 0x1003 tx timeout
[  451.876395][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  452.552506][T10078] syzkaller0: entered promiscuous mode
[  452.589566][T10078] syzkaller0: entered allmulticast mode
[  455.676096][T10117] loop7: detected capacity change from 0 to 1024
[  455.721479][T10117] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  455.735407][T10117] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  456.456160][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  458.039374][T10151] tipc: Started in network mode
[  458.068452][T10151] tipc: Node identity 4, cluster identity 4711
[  458.143183][T10151] tipc: Node number set to 4
[  460.416569][  T788] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  460.432997][ T8105] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[  460.692309][  T788] usb 5-1: unable to get BOS descriptor or descriptor too short
[  461.047787][  T788] usb 5-1: not running at top speed; connect to a high speed hub
[  461.057158][ T8105] usb 9-1: unable to get BOS descriptor or descriptor too short
[  461.096662][ T8105] usb 9-1: unable to read config index 0 descriptor/start: -71
[  461.105624][  T788] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  461.144213][ T8105] usb 9-1: can't read configurations, error -71
[  461.171767][  T788] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  461.217312][  T788] usb 5-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0x0, skipping
[  461.297500][  T788] usb 5-1: New USB device found, idVendor=1235, idProduct=8012, bcdDevice= 0.40
[  461.455284][  T788] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.670355][  T788] usb 5-1: Product: syz
[  461.787711][  T788] usb 5-1: Manufacturer: syz
[  461.885777][  T788] usb 5-1: SerialNumber: syz
[  463.092417][  T788] usb 5-1: 0:2 : does not exist
[  463.316902][  T788] usb 5-1: USB disconnect, device number 14
[  463.646074][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  466.813068][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  469.475904][T10254] hfs: can't find a HFS filesystem on dev nullb0
[  471.862889][    T8] usb 9-1: new low-speed USB device number 11 using dummy_hcd
[  472.413375][    T8] usb 9-1: No LPM exit latency info found, disabling LPM.
[  472.566453][    T8] usb 9-1: config 0 has no interfaces?
[  472.613556][    T8] usb 9-1: string descriptor 0 read error: -22
[  472.620023][    T8] usb 9-1: New USB device found, idVendor=2304, idProduct=0242, bcdDevice=71.50
[  472.680372][    T8] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.723621][    T8] usb 9-1: config 0 descriptor??
[  473.038904][    T9] usb 9-1: USB disconnect, device number 11
[  473.056967][T10293] loop7: detected capacity change from 0 to 1024
[  473.126091][T10293] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  473.138586][T10293] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  473.809892][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  474.796868][T10319] "syz.9.1083" (10319) uses obsolete ecb(arc4) skcipher
[  477.432207][T10353] loop4: detected capacity change from 0 to 1024
[  477.504794][T10353] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  477.518085][T10353] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  477.796611][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  479.433235][    T8] usb 10-1: new full-speed USB device number 12 using dummy_hcd
[  479.645115][    T8] usb 10-1: unable to get BOS descriptor or descriptor too short
[  479.674504][    T8] usb 10-1: not running at top speed; connect to a high speed hub
[  479.694261][    T8] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  479.729456][    T8] usb 10-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  479.759955][    T8] usb 10-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  479.805196][    T8] usb 10-1: New USB device found, idVendor=1235, idProduct=8012, bcdDevice= 0.40
[  479.886174][    T8] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.934226][T10398] loop7: detected capacity change from 0 to 1024
[  479.972671][    T8] usb 10-1: Product: syz
[  480.007948][    T8] usb 10-1: Manufacturer: syz
[  480.031829][    T8] usb 10-1: SerialNumber: syz
[  480.057570][T10398] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  480.070286][T10398] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  480.306830][    T8] usb 10-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  480.321725][    T8] usb 10-1: 0:2 : does not exist
[  480.364493][    T8] usb 10-1: USB disconnect, device number 12
[  480.447695][ T5773] udevd[5773]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  480.587084][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  481.314499][ T5083] Bluetooth: hci4: command 0x1003 tx timeout
[  481.323309][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  483.246051][T10449] loop9: detected capacity change from 0 to 1024
[  483.494352][T10449] EXT4-fs (loop9): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  483.507418][T10449] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  483.970180][ T8098] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  483.990643][T10461] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  485.612234][T10445] loop8: detected capacity change from 0 to 40427
[  485.633471][T10445] F2FS-fs (loop8): build fault injection attr: rate: 684, type: 0x7ffff
[  485.641920][T10445] F2FS-fs (loop8): build fault injection attr: rate: 0, type: 0x35f7
[  485.681525][T10445] F2FS-fs (loop8): Image doesn't support compression
[  485.786688][T10445] F2FS-fs (loop8): invalid crc value
[  485.963678][T10445] F2FS-fs (loop8): Found nat_bits in checkpoint
[  486.042132][ T6728] Bluetooth: hci4: Frame reassembly failed (-84)
[  487.375494][T10445] F2FS-fs (loop8): Start checkpoint disabled!
[  487.788585][T10511] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  488.032967][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  488.033473][ T5083] Bluetooth: hci4: command 0x1003 tx timeout
[  488.295186][T10523] netdevsim netdevsim9: loading /lib/firmware/. failed with error -22
[  488.304516][T10523] netdevsim netdevsim9: Direct firmware load for . failed with error -22
[  488.313800][T10523] netdevsim netdevsim9: Falling back to sysfs fallback for: .
[  490.580402][T10519] delete_channel: no stack
[  490.923771][T10529] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  492.455046][T10558] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  492.749958][ T6752] Bluetooth: hci4: Frame reassembly failed (-84)
[  493.652976][ T9139] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  493.848416][ T9139] usb 10-1: config 0 interface 0 has no altsetting 0
[  493.856317][ T9139] usb 10-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  493.866351][ T9139] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.883762][ T9139] usb 10-1: config 0 descriptor??
[  494.739447][T10611] IPVS: set_ctl: invalid protocol: 59 224.0.0.2:20004
[  494.753398][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  494.759629][ T5083] Bluetooth: hci4: command 0x1003 tx timeout
[  494.943230][ T9139] video4linux radio48: keene_cmd_main failed (-71)
[  494.982670][ T9139] radio-keene 10-1:0.0: V4L2 device registered as radio48
[  495.013402][ T9139] usb 10-1: USB disconnect, device number 13
[  495.497844][  T789] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  496.403062][  T789] usb 8-1: Using ep0 maxpacket: 16
[  496.426305][T10633] syzkaller0: entered promiscuous mode
[  496.448397][  T789] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  496.462945][T10633] syzkaller0: entered allmulticast mode
[  496.485751][  T789] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  496.515916][  T789] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.555360][  T789] usb 8-1: Product: syz
[  496.559613][  T789] usb 8-1: Manufacturer: syz
[  496.575605][  T789] usb 8-1: SerialNumber: syz
[  496.597968][  T789] usb 8-1: config 0 descriptor??
[  496.639890][  T789] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  496.708888][  T789] em28xx 8-1:0.0: DVB interface 0 found: bulk
[  497.271058][  T789] em28xx 8-1:0.0: unknown em28xx chip ID (0)
[  497.322421][T10652] IPVS: set_ctl: invalid protocol: 59 224.0.0.2:20004
[  497.493806][T10655] overlayfs: missing 'lowerdir'
[  497.787509][  T789] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  497.807095][  T789] em28xx 8-1:0.0: board has no eeprom
[  498.835054][  T789] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  498.867473][  T789] em28xx 8-1:0.0: dvb set to bulk mode.
[  498.883539][ T9139] em28xx 8-1:0.0: Binding DVB extension
[  498.920454][  T789] usb 8-1: USB disconnect, device number 6
[  498.944743][  T789] em28xx 8-1:0.0: Disconnecting em28xx
[  499.168370][ T9139] em28xx 8-1:0.0: Registering input extension
[  499.236546][  T789] em28xx 8-1:0.0: Closing input extension
[  499.404218][  T789] em28xx 8-1:0.0: Freeing device
[  499.715139][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  500.643005][T10704] overlayfs: missing 'lowerdir'
[  501.302966][ T8804] Bluetooth: hci4: Frame reassembly failed (-84)
[  501.801304][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  501.807780][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  503.312907][ T5083] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  503.319763][ T5776] Bluetooth: hci4: command 0x1003 tx timeout
[  504.156372][T10770] loop7: detected capacity change from 0 to 1024
[  504.197816][T10773] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  504.224321][T10770] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  504.237013][T10770] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  504.440225][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  504.888937][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  504.919085][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  506.080003][T10823] loop4: detected capacity change from 0 to 1024
[  506.281687][T10823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  506.294608][T10823] ext4 filesystem being mounted at /292/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  506.695865][T10828] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  506.711371][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  506.918044][ T5083] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  506.924804][ T5776] Bluetooth: hci4: command 0x1003 tx timeout
[  506.992003][T10833] overlayfs: missing 'lowerdir'
[  508.337717][T10865] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  508.676230][T10867] loop7: detected capacity change from 0 to 1024
[  508.814032][T10867] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  508.826920][T10867] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  509.364604][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  509.404787][T10875] overlayfs: missing 'lowerdir'
[  512.146150][T10930] loop4: detected capacity change from 0 to 1024
[  512.487055][T10930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  512.499816][T10930] ext4 filesystem being mounted at /296/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  512.918058][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  515.691938][T10974] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  515.721297][T10974] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  520.341744][T11024] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  520.416320][T11024] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  520.874398][   T49] Bluetooth: hci4: Frame reassembly failed (-84)
[  522.918153][ T5083] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  523.474866][T11074] overlayfs: missing 'lowerdir'
[  527.333928][T11151] overlayfs: missing 'lowerdir'
[  533.518473][T11216] overlayfs: missing 'lowerdir'
[  535.895322][T11225] syz.9.1272 (11225) used greatest stack depth: 17576 bytes left
[  536.353117][ T5812] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  536.555139][ T5812] usb 10-1: config 0 has no interfaces?
[  536.560816][ T5812] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  536.601322][ T5812] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.632643][ T5812] usb 10-1: config 0 descriptor??
[  537.334381][ T5776] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  537.344716][ T5776] CPU: 1 PID: 5776 Comm: kworker/u5:3 Not tainted syzkaller #0
[  537.352313][ T5776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  537.362498][ T5776] Workqueue: hci2 hci_rx_work
[  537.367236][ T5776] Call Trace:
[  537.370551][ T5776]  <TASK>
[  537.373510][ T5776]  dump_stack_lvl+0x18c/0x250
[  537.378231][ T5776]  ? show_regs_print_info+0x20/0x20
[  537.383584][ T5776]  ? load_image+0x400/0x400
[  537.388130][ T5776]  sysfs_create_dir_ns+0x26e/0x2a0
[  537.393271][ T5776]  ? sysfs_warn_dup+0xa0/0xa0
[  537.398005][ T5776]  ? do_raw_spin_unlock+0x121/0x230
[  537.403244][ T5776]  kobject_add_internal+0x61c/0xcc0
[  537.408487][ T5776]  kobject_add+0x164/0x240
[  537.412972][ T5776]  ? __rwlock_init+0x150/0x150
[  537.417786][ T5776]  ? kobject_init+0x1e0/0x1e0
[  537.422501][ T5776]  ? _raw_spin_unlock+0x28/0x40
[  537.427387][ T5776]  ? get_device_parent+0x366/0x390
[  537.432542][ T5776]  device_add+0x408/0xc20
[  537.436962][ T5776]  hci_conn_add_sysfs+0xd5/0x1e0
[  537.441957][ T5776]  le_conn_complete_evt+0xf5d/0x1540
[  537.447272][ T5776]  ? hci_event_packet+0x4cb/0x1270
[  537.452430][ T5776]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  537.458744][ T5776]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  537.464415][ T5776]  ? skb_pull_data+0xfb/0x200
[  537.469139][ T5776]  hci_le_conn_complete_evt+0x187/0x440
[  537.474788][ T5776]  ? hci_remote_host_features_evt+0x150/0x150
[  537.480893][ T5776]  hci_event_packet+0x7ba/0x1270
[  537.485933][ T5776]  ? bis_list+0x290/0x290
[  537.490399][ T5776]  ? lockdep_hardirqs_on+0x98/0x150
[  537.495631][ T5776]  ? hci_send_to_monitor+0xd7/0x4f0
[  537.500865][ T5776]  hci_rx_work+0x43a/0xd60
[  537.505358][ T5776]  ? process_scheduled_works+0x96f/0x15d0
[  537.511112][ T5776]  process_scheduled_works+0xa5d/0x15d0
[  537.516715][ T5776]  ? worker_attach_to_pool+0x380/0x380
[  537.522228][ T5776]  ? assign_work+0x3d2/0x5d0
[  537.526858][ T5776]  worker_thread+0xa55/0xfc0
[  537.531597][ T5776]  kthread+0x2fa/0x390
[  537.535692][ T5776]  ? pr_cont_work+0x560/0x560
[  537.540402][ T5776]  ? kthread_blkcg+0xd0/0xd0
[  537.545016][ T5776]  ret_from_fork+0x48/0x80
[  537.549489][ T5776]  ? kthread_blkcg+0xd0/0xd0
[  537.554109][ T5776]  ret_from_fork_asm+0x11/0x20
[  537.558926][ T5776]  </TASK>
[  537.655065][T11267] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1277'.
[  537.865894][ T5776] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  537.887277][ T5776] Bluetooth: hci2: failed to register connection device
[  540.938569][T11273] overlayfs: missing 'workdir'
[  541.473221][    T9] usb 10-1: USB disconnect, device number 14
[  541.495186][T11235] udevd[11235]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  541.525988][T11172] udevd[11172]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  544.415853][T11304] overlayfs: missing 'workdir'
[  547.625833][T11356] overlayfs: missing 'workdir'
[  547.995338][ T9139] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  548.193279][ T9139] usb 9-1: Using ep0 maxpacket: 16
[  548.205352][ T9139] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  548.225752][ T9139] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  548.249445][ T9139] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  548.270524][ T9139] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  548.284601][ T9139] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  548.299747][ T9139] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  548.306148][    C1] vkms_vblank_simulate: vblank timer overrun
[  548.322142][ T9139] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  548.332539][ T9139] usb 9-1: Manufacturer: syz
[  548.347328][ T9139] usb 9-1: config 0 descriptor??
[  548.733443][ T9139] rc_core: IR keymap rc-hauppauge not found
[  548.745134][ T9139] Registered IR keymap rc-empty
[  548.773137][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  548.803006][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  548.872891][ T9139] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  548.892453][ T9139] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input6
[  548.956724][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  548.993455][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.025414][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.068557][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.104180][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.138304][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.180119][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.214296][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.249722][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.297556][ T9139] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  549.354646][ T9139] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  549.363979][ T9139] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  549.377159][ T9139] usb 9-1: USB disconnect, device number 12
[  549.919481][T11369] netlink: 204 bytes leftover after parsing attributes in process `syz.8.1300'.
[  549.937814][T11369] netlink: 84 bytes leftover after parsing attributes in process `syz.8.1300'.
[  563.239740][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  563.246278][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  565.390528][ T5776] Bluetooth: hci0: command 0x0406 tx timeout
[  566.977640][T11504] cgroup: fork rejected by pids controller in /syz7
[  567.741211][ T9139] IPVS: starting estimator thread 0...
[  567.923078][T11555] IPVS: using max 17 ests per chain, 40800 per kthread
[  572.472852][ T9139] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  572.688321][ T9139] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  572.743813][ T9139] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  572.808238][ T9139] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  572.838620][ T9139] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.917619][ T9139] usb 5-1: config 0 descriptor??
[  572.970950][T11629] xt_hashlimit: size too large, truncated to 1048576
[  573.152908][ T9139] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  575.435131][    T9] usb 5-1: USB disconnect, device number 15
[  576.813001][T11665] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1361'.
[  582.904591][T11665] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  582.951382][T11665] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  582.990652][T11665] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  583.051431][T11665] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  585.149152][T11754] netlink: 'syz.8.1380': attribute type 10 has an invalid length.
[  586.061687][T11754] 8021q: adding VLAN 0 to HW filter on device batadv0
[  586.071329][T11754] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  586.509478][    T9] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  586.931563][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  587.112986][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  587.303688][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  587.373148][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  587.424481][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.473272][    T9] usb 5-1: Product: syz
[  587.498058][    T9] usb 5-1: Manufacturer: 쾚䨽轰燆긲ଅ졫ѻ곽ㄈ벜ꍁ㵂讑㓼㼛숅Ŝ怤鲊饢܆꩏鿵੄懩ۿ౦捼摦攠᛺넢ᱢ縡ೄ㕎쟾냓汷䍯ῤꪜ엊
[  587.547797][    T9] usb 5-1: SerialNumber: syz
[  587.858662][    T9] cdc_ether: probe of 5-1:1.0 failed with error -71
[  587.910990][    T9] usb 5-1: USB disconnect, device number 16
[  589.413362][T11812] syzkaller0: entered promiscuous mode
[  589.423651][T11812] syzkaller0: entered allmulticast mode
[  591.462486][   T59] Bluetooth: hci4: Frame reassembly failed (-84)
[  592.252788][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  593.552886][ T5776] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  595.021295][T11847] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  595.336502][T11854] syzkaller0: entered promiscuous mode
[  595.372943][T11854] syzkaller0: entered allmulticast mode
[  599.014383][   T27] audit: type=1326 audit(1774649312.629:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11872 comm="syz.4.1411" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f400619c799 code=0x0
[  599.156731][ T5083] Bluetooth: hci2: unexpected event 0x0b length: 5 < 11
[  599.435943][T11889] syzkaller0: entered promiscuous mode
[  599.446422][T11889] syzkaller0: entered allmulticast mode
[  602.492784][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  604.381395][T11943] syz.4.1433 (11943): drop_caches: 2
[  605.244141][T11953] input: syz0 as /devices/virtual/input/input7
[  606.534363][T11971] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1444'.
[  616.192908][T11709] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  617.070205][T12085] xt_hashlimit: size too large, truncated to 1048576
[  617.373253][T11709] usb 10-1: Using ep0 maxpacket: 32
[  617.504006][T11709] usb 10-1: config 0 has an invalid interface number: 188 but max is 0
[  617.512361][T11709] usb 10-1: config 0 has no interface number 0
[  617.602929][T11709] usb 10-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  617.662162][T11709] usb 10-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  617.705791][T11709] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.753061][T11709] usb 10-1: Product: syz
[  617.791264][T11709] usb 10-1: Manufacturer: syz
[  617.807636][T11709] usb 10-1: SerialNumber: syz
[  617.825176][T11709] usb 10-1: config 0 descriptor??
[  617.878214][T12078] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  618.850246][T12078] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  620.334645][T11709] asix 10-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  620.356084][T11709] asix 10-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  620.402998][T11709] asix: probe of 10-1:0.188 failed with error -71
[  620.440872][T11709] usb 10-1: USB disconnect, device number 15
[  620.542961][  T789] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  620.742950][  T789] usb 9-1: Using ep0 maxpacket: 16
[  620.766821][  T789] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  620.794053][  T789] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.807660][  T789] usb 9-1: Product: syz
[  620.814534][  T789] usb 9-1: Manufacturer: syz
[  620.819262][  T789] usb 9-1: SerialNumber: syz
[  622.125239][  T789] snd-usb-audio: probe of 9-1:1.0 failed with error -71
[  622.139862][  T789] usb 9-1: USB disconnect, device number 13
[  623.208863][T12137] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  624.307968][ T5083] Bluetooth: hci0: unexpected event for opcode 0x0c03
[  624.643161][  T788] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  624.691933][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  624.702939][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  624.883783][  T788] usb 5-1: config 0 has no interfaces?
[  624.937913][  T788] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  625.025376][  T788] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.216767][  T788] usb 5-1: config 0 descriptor??
[  625.607738][T12161] xt_hashlimit: size too large, truncated to 1048576
[  626.484030][T12166] netlink: 204 bytes leftover after parsing attributes in process `syz.8.1504'.
[  626.898749][T12170] Bluetooth: hci0: unsupported parameter 255
[  626.912785][T12170] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  628.456517][T12195] netlink: 204 bytes leftover after parsing attributes in process `syz.7.1513'.
[  628.467536][T12195] netlink: 84 bytes leftover after parsing attributes in process `syz.7.1513'.
[  628.699092][ T5897] usb 5-1: USB disconnect, device number 17
[  628.923123][T12199] Bluetooth: hci0: unsupported parameter 255
[  628.929233][T12199] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  630.045519][T12218] netlink: 204 bytes leftover after parsing attributes in process `syz.9.1522'.
[  630.118954][T12218] netlink: 84 bytes leftover after parsing attributes in process `syz.9.1522'.
[  631.071031][T12233] Bluetooth: hci0: unsupported parameter 255
[  631.087588][T12233] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  631.177967][    T9] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  631.423548][    T9] usb 9-1: config 0 has no interfaces?
[  631.486693][    T9] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  631.533317][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.544193][    T9] usb 9-1: config 0 descriptor??
[  634.238285][T12272] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  635.455134][T11709] usb 9-1: USB disconnect, device number 14
[  637.135937][T12303] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  637.602834][  T788] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  638.575617][  T788] usb 10-1: config 0 has no interfaces?
[  638.591530][  T788] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  638.619143][  T788] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.663582][  T788] usb 10-1: config 0 descriptor??
[  640.689844][ T5897] IPVS: starting estimator thread 0...
[  640.816945][T12328] IPVS: using max 20 ests per chain, 48000 per kthread
[  641.875947][T12336] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  642.539473][  T789] usb 10-1: USB disconnect, device number 16
[  646.309227][T12365] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  651.785813][T12404] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  660.297294][T12471] 8021q: VLANs not supported on ip_vti0
[  664.240524][T12509] loop4: detected capacity change from 0 to 1024
[  665.314590][T12509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  665.328180][T12509] ext4 filesystem being mounted at /404/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  669.947467][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  676.732763][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  680.515336][ T5776] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  680.527772][ T5776] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  680.537397][ T5776] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  680.581111][ T5776] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  680.603046][ T5776] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  680.611248][ T5776] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  682.062053][T12573] chnl_net:caif_netlink_parms(): no params data found
[  682.699266][ T5776] Bluetooth: hci4: command tx timeout
[  683.432531][   T59] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  683.612773][T12608] loop7: detected capacity change from 0 to 1024
[  683.686959][T12608] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  683.699882][T12608] ext4 filesystem being mounted at /284/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  685.043241][ T5776] Bluetooth: hci4: command tx timeout
[  685.122572][   T59] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.278180][T12612] EXT4-fs error (device loop7): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  685.318364][T12573] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.373171][T12573] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.419729][T12573] bridge_slave_0: entered allmulticast mode
[  685.450645][T12573] bridge_slave_0: entered promiscuous mode
[  685.533671][T12623] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  685.620067][   T59] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.685711][T12573] bridge0: port 2(bridge_slave_1) entered blocking state
[  685.712989][T12573] bridge0: port 2(bridge_slave_1) entered disabled state
[  685.720727][T12573] bridge_slave_1: entered allmulticast mode
[  685.770284][T12573] bridge_slave_1: entered promiscuous mode
[  685.856280][   T59] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.143287][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  686.149819][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  686.191687][T12573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  686.205526][T12573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  686.899060][T12573] team0: Port device team_slave_0 added
[  687.038813][T12573] team0: Port device team_slave_1 added
[  687.073011][ T5083] Bluetooth: hci4: command tx timeout
[  688.177591][T12573] batman_adv: batadv0: Adding interface: batadv_slave_0
[  688.219831][T12573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  688.312117][T12573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  688.376587][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  688.451944][T12573] batman_adv: batadv0: Adding interface: batadv_slave_1
[  688.467942][T12573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  688.602704][T12573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  689.153006][ T5083] Bluetooth: hci4: command tx timeout
[  693.404623][T12573] hsr_slave_0: entered promiscuous mode
[  693.428332][T12573] hsr_slave_1: entered promiscuous mode
[  693.499197][T12573] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  693.514218][T12573] Cannot create hsr debugfs directory
[  696.363850][T12707] loop9: detected capacity change from 0 to 1024
[  696.490578][T12707] EXT4-fs (loop9): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  696.503687][T12707] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  696.968918][ T8098] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  697.496120][T12714] Device name cannot be null; rc = [-22]
[  703.278653][   T59] bond0: (slave wlan1): Releasing backup interface
[  705.316779][T12749] loop7: detected capacity change from 0 to 1024
[  705.925149][T12749] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  706.038664][T12749] ext4 filesystem being mounted at /289/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  706.142894][T12761] EXT4-fs error (device loop7): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  707.098207][   T59] hsr_slave_0: left promiscuous mode
[  707.319517][   T59] hsr_slave_1: left promiscuous mode
[  707.358556][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.394353][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  707.469391][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  707.477101][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  707.513121][   T59] bridge_slave_1: left allmulticast mode
[  707.518855][   T59] bridge_slave_1: left promiscuous mode
[  707.599578][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.670882][   T59] bridge_slave_0: left allmulticast mode
[  707.677014][   T59] bridge_slave_0: left promiscuous mode
[  707.690813][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.841576][   T59] veth1_macvtap: left promiscuous mode
[  707.871120][   T59] veth0_macvtap: left promiscuous mode
[  707.889427][   T59] veth1_vlan: left promiscuous mode
[  707.902289][   T59] veth0_vlan: left promiscuous mode
[  710.101634][T12794] 9pnet_virtio: no channels available for device syz
[  710.202746][T12794] futex_wake_op: syz.9.1678 tries to shift op by 36; fix this program
[  711.472830][ T5083] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  712.626999][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  715.193072][T11709] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  715.392939][T11709] usb 5-1: Using ep0 maxpacket: 32
[  715.413592][T11709] usb 5-1: config 0 has no interfaces?
[  715.512690][T11709] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  715.522003][T11709] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.530702][T11709] usb 5-1: Product: syz
[  715.567478][T11709] usb 5-1: Manufacturer: syz
[  715.573211][T11709] usb 5-1: SerialNumber: syz
[  715.624569][T11709] usb 5-1: config 0 descriptor??
[  715.970142][ T9139] usb 5-1: USB disconnect, device number 18
[  716.360414][   T59] team0 (unregistering): Port device team_slave_1 removed
[  716.444040][   T59] team0 (unregistering): Port device team_slave_0 removed
[  716.565487][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  716.673372][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  717.539015][T12950] loop4: detected capacity change from 0 to 1024
[  718.014031][T12950] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  718.476764][T12950] ext4 filesystem being mounted at /431/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  718.743401][   T59] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  719.000828][T12956] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  719.061234][   T59] bond0 (unregistering): Released all slaves
[  720.610777][ T6242] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  720.648960][T12573] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  720.767494][T12573] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  720.822504][T12573] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  720.854793][T12983] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1697'.
[  720.882985][T12573] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  721.055807][   T59] IPVS: stop unused estimator thread 0...
[  721.288871][T12573] 8021q: adding VLAN 0 to HW filter on device bond0
[  721.366801][T12573] 8021q: adding VLAN 0 to HW filter on device team0
[  721.554944][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.562175][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  721.619784][ T2922] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.627044][ T2922] bridge0: port 2(bridge_slave_1) entered forwarding state
[  723.930334][T12573] 8021q: adding VLAN 0 to HW filter on device batadv0
[  723.955377][T13058] IPVS: set_ctl: invalid protocol: 59 224.0.0.2:20004
[  724.198525][T12573] veth0_vlan: entered promiscuous mode
[  724.213456][T13061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1706'.
[  724.239681][T12573] veth1_vlan: entered promiscuous mode
[  724.292157][T12573] veth0_macvtap: entered promiscuous mode
[  724.303749][T12573] veth1_macvtap: entered promiscuous mode
[  724.324608][T12573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  724.372878][T12573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.438316][T12573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  724.480972][T12573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.511430][T12573] batman_adv: batadv0: Interface activated: batadv_slave_0
[  724.585325][T12573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  724.646606][T12573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.658659][T12573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  724.671976][T12573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.713570][T12573] batman_adv: batadv0: Interface activated: batadv_slave_1
[  724.800767][T12573] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  724.819049][T12573] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  724.828519][T12573] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  724.840844][T12573] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  726.670758][ T5812] Process accounting resumed
[  726.829355][T13116] Process accounting resumed
[  727.237180][  T788] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  727.432778][  T788] usb 8-1: Using ep0 maxpacket: 32
[  727.441804][  T788] usb 8-1: config 0 has no interfaces?
[  727.458745][  T788] usb 8-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  727.470598][  T788] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.488509][  T788] usb 8-1: Product: syz
[  727.492953][  T788] usb 8-1: Manufacturer: syz
[  727.497835][  T788] usb 8-1: SerialNumber: syz
[  727.505923][  T788] usb 8-1: config 0 descriptor??
[  727.738778][T11712] usb 8-1: USB disconnect, device number 7
[  730.191295][T12844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  730.252761][T12844] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  730.309616][ T6728] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  730.363961][ T6728] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  730.976115][T13148] IPVS: set_ctl: invalid protocol: 60 224.0.0.2:20003
[  731.412880][  T788] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  731.721626][  T788] usb 8-1: Using ep0 maxpacket: 32
[  731.736411][  T788] usb 8-1: config 0 has no interfaces?
[  731.770302][  T788] usb 8-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  731.808494][  T788] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  731.838706][  T788] usb 8-1: Product: syz
[  731.848897][  T788] usb 8-1: Manufacturer: syz
[  731.862214][  T788] usb 8-1: SerialNumber: syz
[  731.878160][  T788] usb 8-1: config 0 descriptor??
[  732.123440][T11709] usb 8-1: USB disconnect, device number 8
[  736.892879][ T5813] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  737.202879][ T5813] usb 10-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  737.246682][ T5813] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  738.013507][ T5813] usb 10-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  738.027840][ T5813] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  738.045890][ T5813] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.088146][ T5813] usb 10-1: Quirk or no altest; falling back to MIDI 1.0
[  738.107396][ T5813] usb 10-1: invalid MIDI out EP 0
[  738.108058][T11709] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  738.254230][T11172] udevd[11172]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  738.305899][ T5813] snd-usb-audio: probe of 10-1:27.0 failed with error -22
[  738.325368][T11709] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  738.352933][T11709] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.371583][T11709] usb 5-1: Product: syz
[  738.378881][T11709] usb 5-1: Manufacturer: syz
[  738.387917][ T5813] usb 10-1: USB disconnect, device number 17
[  738.404290][T11709] usb 5-1: SerialNumber: syz
[  738.807141][T11708] Process accounting resumed
[  739.407796][T13244] Process accounting resumed
[  739.635003][T11709] rtl8150 5-1:1.0: couldn't reset the device
[  739.641333][T11709] rtl8150: probe of 5-1:1.0 failed with error -5
[  739.694333][T11709] usb 5-1: USB disconnect, device number 19
[  742.208923][ T5813] Process accounting resumed
[  742.784978][T13288] 9pnet_virtio: no channels available for device syz
[  742.817411][T13288] futex_wake_op: syz.3.1756 tries to shift op by 36; fix this program
[  743.870810][T13281] Process accounting resumed
[  745.703007][T13331] syz.4.1764 uses obsolete (PF_INET,SOCK_PACKET)
[  747.572436][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  747.578922][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  749.639883][T11709] Process accounting resumed
[  749.714740][T13348] Process accounting resumed
[  750.645960][T13365] 9pnet_virtio: no channels available for device syz
[  752.613334][T13390] 9pnet_virtio: no channels available for device syz
[  752.648771][T13390] futex_wake_op: syz.9.1778 tries to shift op by 36; fix this program
[  753.727783][T13386] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  755.884722][T13426] 9pnet_virtio: no channels available for device syz
[  755.919546][T13426] futex_wake_op: syz.3.1788 tries to shift op by 36; fix this program
[  757.037467][ T5813] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  757.078775][T13429] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  757.232809][ T5813] usb 5-1: Using ep0 maxpacket: 16
[  757.250128][ T5813] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  757.273915][ T5813] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  757.314486][ T5813] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  757.335080][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.359097][ T5813] usb 5-1: Product: syz
[  757.376024][ T5813] usb 5-1: Manufacturer: syz
[  757.383901][ T5813] usb 5-1: SerialNumber: syz
[  757.630745][ T5813] usb 5-1: 0:2 : does not exist
[  757.666393][ T5813] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  757.738900][ T5813] usb 5-1: USB disconnect, device number 20
[  757.867215][T11172] udevd[11172]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  759.160265][T13470] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  759.715707][T13477] 9pnet_virtio: no channels available for device syz
[  759.745481][T13477] futex_wake_op: syz.7.1798 tries to shift op by 36; fix this program
[  762.889896][T13523] 9pnet_virtio: no channels available for device syz
[  762.912955][T13523] futex_wake_op: syz.3.1809 tries to shift op by 36; fix this program
[  764.913910][T13544] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  766.195121][ T5083] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  766.204133][ T5083] Bluetooth: hci4: Injecting HCI hardware error event
[  766.214181][ T5083] Bluetooth: hci4: hardware error 0x00
[  767.950451][T13590] 9pnet_virtio: no channels available for device syz
[  767.973362][T13590] futex_wake_op: syz.7.1818 tries to shift op by 36; fix this program
[  768.968921][ T5083] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  773.003012][T13665] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  773.241899][ T5813] usb 10-1: new full-speed USB device number 18 using dummy_hcd
[  773.837035][ T5813] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  773.846669][ T5813] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.858084][ T5813] usb 10-1: Product: syz
[  773.863370][ T5813] usb 10-1: Manufacturer: syz
[  773.869461][ T5813] usb 10-1: SerialNumber: syz
[  773.896629][ T5813] usb 10-1: config 0 descriptor??
[  774.130017][ T5813] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  774.556696][T13692] autofs4:pid:13692:autofs_fill_super: called with bogus options
[  777.371595][ T5813] dvb_usb_rtl28xxu: probe of 10-1:0.0 failed with error -110
[  777.583192][T11706] usb 10-1: USB disconnect, device number 18
[  777.922496][T13716] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1844'.
[  780.172703][ T5776] Bluetooth: hci2: command 0x0406 tx timeout
[  780.636991][T11172] udevd[11172]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  780.701611][T11172] udevd[11172]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  780.823005][T11710] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  780.935068][T13734] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  781.002777][T11710] usb 10-1: Using ep0 maxpacket: 16
[  781.039345][T11710] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  781.072831][T11710] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  781.095800][T11710] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  781.107907][T11710] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  781.117396][T11710] usb 10-1: Product: syz
[  781.121928][T11710] usb 10-1: Manufacturer: syz
[  781.127485][T11710] usb 10-1: SerialNumber: syz
[  781.371928][T11710] usb 10-1: 0:2 : does not exist
[  781.388784][T11710] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[  781.453950][T11710] usb 10-1: USB disconnect, device number 19
[  783.803191][T13771] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  785.963373][T11710] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[  786.163652][T11710] usb 10-1: Using ep0 maxpacket: 16
[  786.172074][T11710] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  786.182905][  T788] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  786.204658][T11710] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  786.226983][T11710] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  786.243946][T11710] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.261701][T11710] usb 10-1: Product: syz
[  786.270475][T11710] usb 10-1: Manufacturer: syz
[  786.286477][T11710] usb 10-1: SerialNumber: syz
[  786.413628][  T788] usb 8-1: config 0 interface 0 has no altsetting 0
[  786.420726][  T788] usb 8-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  786.452946][  T788] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.477197][  T788] usb 8-1: config 0 descriptor??
[  786.523520][T11710] usb 10-1: 0:2 : does not exist
[  786.540560][T11710] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[  786.625002][T11710] usb 10-1: USB disconnect, device number 20
[  786.751683][T11172] udevd[11172]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  787.664774][  T788] video4linux radio48: keene_cmd_main failed (-110)
[  787.718087][  T788] radio-keene 8-1:0.0: V4L2 device registered as radio48
[  787.963262][T13826] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  789.538353][T11712] usb 8-1: USB disconnect, device number 9
[  790.257048][T13851] Bluetooth: hci0: unsupported parameter 39401
[  790.288307][T13851] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  790.932904][ T5813] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  791.952745][ T5813] usb 5-1: Using ep0 maxpacket: 16
[  791.960798][ T5813] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  791.972852][ T5813] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  791.992327][ T5813] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  792.012352][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  792.033556][ T5813] usb 5-1: Product: syz
[  792.061975][ T5813] usb 5-1: Manufacturer: syz
[  792.082321][ T5813] usb 5-1: SerialNumber: syz
[  792.472917][ T5813] usb 5-1: 0:2 : does not exist
[  792.494755][ T5813] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  793.300828][ T5813] usb 5-1: USB disconnect, device number 21
[  793.318069][T11712] usb 10-1: new full-speed USB device number 21 using dummy_hcd
[  793.439075][T11172] udevd[11172]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  793.495246][T13905] Bluetooth: hci0: unsupported parameter 39401
[  793.532164][T13905] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  793.651765][T11712] usb 10-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc
[  793.700555][T11712] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.749219][T11712] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280
[  793.974312][T11712] gspca_sn9c20x: Write register 1000 failed -71
[  793.981610][T11712] gspca_sn9c20x: Device initialization failed
[  794.007009][T11712] gspca_sn9c20x: probe of 10-1:252.0 failed with error -71
[  794.041961][T11712] usb 10-1: USB disconnect, device number 21
[  797.173114][T11708] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  797.392707][T11708] usb 10-1: Using ep0 maxpacket: 32
[  797.413404][T11708] usb 10-1: config 0 has no interfaces?
[  797.431085][T11708] usb 10-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  797.440572][T11708] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.449049][T11708] usb 10-1: Product: syz
[  797.454082][T11708] usb 10-1: Manufacturer: syz
[  797.458953][T11708] usb 10-1: SerialNumber: syz
[  797.515210][T11708] usb 10-1: config 0 descriptor??
[  797.763303][T13945] Bluetooth: hci0: unsupported parameter 39401
[  797.903775][T13945] Bluetooth: hci0: invalid len left 4, exp >= 132
[  797.928768][T11712] usb 10-1: USB disconnect, device number 22
[  804.175104][T13990] netlink: 'syz.4.1904': attribute type 1 has an invalid length.
[  804.469551][T13990] 8021q: adding VLAN 0 to HW filter on device bond1
[  807.859705][T14012] futex_wake_op: syz.7.1903 tries to shift op by 36; fix this program
[  809.073610][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  809.080007][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  809.894121][T14035] Bluetooth: hci0: unsupported parameter 39401
[  809.950432][T14035] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  810.022968][T14038] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  812.938414][T14063] netlink: 'syz.3.1913': attribute type 1 has an invalid length.
[  813.321018][T14063] 8021q: adding VLAN 0 to HW filter on device bond1
[  814.587358][T14080] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  814.657889][T14082] Bluetooth: hci0: unsupported parameter 39401
[  814.678990][T14082] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  818.366535][ T5776] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  820.678907][T14116] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  822.634261][T14144] Bluetooth: hci0: unsupported parameter 39401
[  822.640477][T14144] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  827.088167][T14175] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  827.682647][ T9139] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  828.029288][ T9139] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  828.382673][ T9139] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  828.394491][ T9139] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  828.426350][ T9139] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  828.453020][ T9139] usb 4-1: SerialNumber: syz
[  828.719560][ T9139] usb 4-1: 0:2 : does not exist
[  829.004773][ T9139] usb 4-1: USB disconnect, device number 3
[  830.021065][T11172] udevd[11172]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  830.312706][ T5812] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  830.472967][ T9139] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  830.580352][ T5812] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  830.701037][ T5812] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  830.812840][ T9139] usb 4-1: device descriptor read/64, error -71
[  830.854134][ T5812] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  830.966895][ T5812] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.143417][ T9139] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  831.192419][ T5812] usb 5-1: config 0 descriptor??
[  831.266739][ T5812] hub 5-1:0.0: USB hub found
[  831.281471][T14208] netlink: 'syz.7.1938': attribute type 1 has an invalid length.
[  831.341863][T14208] 8021q: adding VLAN 0 to HW filter on device bond1
[  831.382880][ T9139] usb 4-1: device descriptor read/64, error -71
[  831.496167][ T5812] hub 5-1:0.0: 1 port detected
[  831.523132][ T9139] usb usb4-port1: attempt power cycle
[  831.731895][ T5812] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  831.764186][ T5812] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  831.787859][ T5812] usbhid 5-1:0.0: can't add hid device: -71
[  832.739413][ T5812] usbhid: probe of 5-1:0.0 failed with error -71
[  832.776612][ T5812] usb 5-1: USB disconnect, device number 22
[  832.812666][ T9139] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  832.847483][ T9139] usb 4-1: device descriptor read/8, error -71
[  834.474651][T14230] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1947'.
[  834.571850][ T9139] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  836.754255][ T9139] usb 4-1: device not accepting address 7, error -71
[  836.818354][ T9139] usb usb4-port1: unable to enumerate USB device
[  840.932635][T11712] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  841.092976][T11712] usb 4-1: device descriptor read/64, error -71
[  841.621012][T11712] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  842.123181][T11712] usb 4-1: device descriptor read/64, error -71
[  842.242910][T11712] usb usb4-port1: attempt power cycle
[  843.482604][T11712] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  843.573863][T11712] usb 4-1: device descriptor read/8, error -71
[  843.883990][T11712] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  844.146590][T11712] usb 4-1: device descriptor read/8, error -71
[  844.333584][T11712] usb usb4-port1: unable to enumerate USB device
[  845.735548][T14326] futex_wake_op: syz.3.1961 tries to shift op by 36; fix this program
[  847.184228][ T5813] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  847.723061][ T5813] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  847.835297][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.922728][ T5813] usb 5-1: Product: syz
[  847.942761][ T5813] usb 5-1: Manufacturer: syz
[  847.962181][ T5813] usb 5-1: SerialNumber: syz
[  848.645962][ T5813] (unnamed net_device) (uninitialized): Assigned a random MAC address: 9e:6f:2b:54:6f:87
[  848.715642][T14093] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  848.728068][T14093] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  848.739906][T14093] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  848.741595][T14093] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  848.761273][T14093] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  848.761767][T14093] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  848.787061][ T5813] rtl8150 5-1:1.0: eth1: rtl8150 is detected
[  848.962393][T11706] usb 5-1: USB disconnect, device number 23
[  849.398535][T14361] chnl_net:caif_netlink_parms(): no params data found
[  851.353406][ T5776] Bluetooth: hci3: command tx timeout
[  851.842215][T14361] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.857557][T14361] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.865347][T14361] bridge_slave_0: entered allmulticast mode
[  852.686312][T14361] bridge_slave_0: entered promiscuous mode
[  852.886699][T14361] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.917074][T14361] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.945101][T14361] bridge_slave_1: entered allmulticast mode
[  852.981035][T14361] bridge_slave_1: entered promiscuous mode
[  853.553501][T14396] 9pnet_virtio: no channels available for device syz
[  853.653014][T14396] futex_wake_op: syz.3.1971 tries to shift op by 36; fix this program
[  854.038654][ T5776] Bluetooth: hci3: command tx timeout
[  854.113612][T14361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  854.127592][T14361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  854.911938][T14361] team0: Port device team_slave_0 added
[  855.080146][T14361] team0: Port device team_slave_1 added
[  855.303342][T14361] batman_adv: batadv0: Adding interface: batadv_slave_0
[  855.331963][T14361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.364325][T14424] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  855.399798][T14361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  855.455242][T14361] batman_adv: batadv0: Adding interface: batadv_slave_1
[  855.462291][T14361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.601778][T14361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  856.112800][ T5776] Bluetooth: hci3: command tx timeout
[  856.706943][T14361] hsr_slave_0: entered promiscuous mode
[  856.713836][T14361] hsr_slave_1: entered promiscuous mode
[  856.720385][T14361] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  856.728625][T14361] Cannot create hsr debugfs directory
[  858.194049][ T5776] Bluetooth: hci3: command tx timeout
[  861.854827][T14471] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  869.238773][T14520] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  870.441012][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  870.447488][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  870.672453][T14361] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  870.728954][T14361] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  871.303069][T14536] 9pnet_virtio: no channels available for device syz
[  871.402982][T14536] futex_wake_op: syz.3.1998 tries to shift op by 36; fix this program
[  871.857364][T14361] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  871.882998][T14361] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  872.686014][T14361] 8021q: adding VLAN 0 to HW filter on device bond0
[  872.756631][T14361] 8021q: adding VLAN 0 to HW filter on device team0
[  872.804774][T12839] bridge0: port 1(bridge_slave_0) entered blocking state
[  872.812122][T12839] bridge0: port 1(bridge_slave_0) entered forwarding state
[  872.865959][T12839] bridge0: port 2(bridge_slave_1) entered blocking state
[  872.873221][T12839] bridge0: port 2(bridge_slave_1) entered forwarding state
[  873.166218][T14361] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  873.844096][T14361] 8021q: adding VLAN 0 to HW filter on device batadv0
[  874.026669][T14361] veth0_vlan: entered promiscuous mode
[  874.061838][T14361] veth1_vlan: entered promiscuous mode
[  874.195674][T14361] veth0_macvtap: entered promiscuous mode
[  874.232069][T14361] veth1_macvtap: entered promiscuous mode
[  874.379304][T14361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.401746][T14361] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.552408][T14361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.613388][T14361] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.648885][T14361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.694099][T14361] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.134023][T14361] batman_adv: batadv0: Interface activated: batadv_slave_0
[  876.182130][T14361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.202630][T14361] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.228812][T14361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.278905][T14361] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.299938][T14361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  876.329755][T14361] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  876.750103][T14361] batman_adv: batadv0: Interface activated: batadv_slave_1
[  877.437245][T14361] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  877.489859][T14361] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  877.524141][T14361] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  877.544179][T14596] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  877.572760][T14361] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  878.906821][T12839] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  878.966240][T14607] 9pnet_virtio: no channels available for device syz
[  878.974445][T14607] futex_wake_op: syz.4.2006 tries to shift op by 36; fix this program
[  878.984101][T12839] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  881.103859][T12828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  881.111785][T12828] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  883.081945][T14647] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  889.690429][T14686] Bluetooth: hci0: invalid length 0, exp 2 for type 18
[  899.395068][T14768] loop7: detected capacity change from 0 to 1024
[  899.738001][T14768] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  899.751357][T14768] ext4 filesystem being mounted at /397/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  900.193717][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  905.767242][T14813] binder: BINDER_SET_CONTEXT_MGR already set
[  905.812611][T14813] binder: 14811:14813 ioctl 4018620d 200000004a80 returned -16
[  908.726684][ T5776] Bluetooth: hci1: command 0x0406 tx timeout
[  908.738161][T14825] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2050'.
[  915.392826][T14093] Bluetooth: hci3: command tx timeout
[  920.019849][T11710] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  920.273664][T11710] usb 2-1: Using ep0 maxpacket: 32
[  920.300240][T11710] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  920.332368][T11710] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  920.369472][T11710] usb 2-1: config 0 has no interface number 0
[  920.404253][T11710] usb 2-1: config 0 interface 188 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  920.455060][T11710] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  920.481070][T11710] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  920.519163][T11710] usb 2-1: Product: syz
[  920.525477][T11710] usb 2-1: Manufacturer: syz
[  920.533887][T12836] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.554808][T11710] usb 2-1: SerialNumber: syz
[  920.579719][T11710] usb 2-1: config 0 descriptor??
[  920.611619][T11710] asix: probe of 2-1:0.188 failed with error -22
[  920.852173][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  920.887279][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  920.897650][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  920.908966][ T5776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  920.929383][ T5776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  920.937214][ T5776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  920.950099][T12836] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.260743][T12836] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.461415][T12836] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.938847][T11712] usb 2-1: USB disconnect, device number 3
[  922.246592][T14093] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  922.256941][T14093] CPU: 1 PID: 14093 Comm: kworker/u5:0 Not tainted syzkaller #0
[  922.264915][T14093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  922.275108][T14093] Workqueue: hci3 hci_rx_work
[  922.279858][T14093] Call Trace:
[  922.283181][T14093]  <TASK>
[  922.286157][T14093]  dump_stack_lvl+0x18c/0x250
[  922.290948][T14093]  ? show_regs_print_info+0x20/0x20
[  922.296213][T14093]  ? load_image+0x400/0x400
[  922.300789][T14093]  sysfs_create_dir_ns+0x26e/0x2a0
[  922.305953][T14093]  ? sysfs_warn_dup+0xa0/0xa0
[  922.310678][T14093]  ? do_raw_spin_unlock+0x121/0x230
[  922.315938][T14093]  kobject_add_internal+0x61c/0xcc0
[  922.321204][T14093]  kobject_add+0x164/0x240
[  922.325682][T14093]  ? kobject_init+0x1e0/0x1e0
[  922.330427][T14093]  ? _raw_spin_unlock+0x3a/0x40
[  922.335352][T14093]  ? get_device_parent+0x366/0x390
[  922.340537][T14093]  device_add+0x408/0xc20
[  922.344939][T14093]  hci_conn_add_sysfs+0xd5/0x1e0
[  922.349946][T14093]  le_conn_complete_evt+0xf5d/0x1540
[  922.355280][T14093]  ? hci_event_packet+0x4cb/0x1270
[  922.360461][T14093]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  922.366754][T14093]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  922.372443][T14093]  ? skb_pull_data+0xfb/0x200
[  922.377180][T14093]  hci_le_conn_complete_evt+0x187/0x440
[  922.382892][T14093]  ? hci_remote_host_features_evt+0x150/0x150
[  922.389016][T14093]  hci_event_packet+0x7ba/0x1270
[  922.394020][T14093]  ? bis_list+0x290/0x290
[  922.398413][T14093]  ? kcov_remote_start+0x2b/0x7e0
[  922.403499][T14093]  ? hci_send_to_monitor+0xd7/0x4f0
[  922.408750][T14093]  hci_rx_work+0x43a/0xd60
[  922.413376][T14093]  ? process_scheduled_works+0x96f/0x15d0
[  922.419237][T14093]  process_scheduled_works+0xa5d/0x15d0
[  922.424876][T14093]  ? worker_attach_to_pool+0x380/0x380
[  922.430396][T14093]  ? assign_work+0x3d2/0x5d0
[  922.435052][T14093]  worker_thread+0xa55/0xfc0
[  922.439698][T14093]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  922.445658][T14093]  ? _raw_spin_unlock+0x40/0x40
[  922.450594][T14093]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  922.456660][T14093]  kthread+0x2fa/0x390
[  922.460782][T14093]  ? pr_cont_work+0x560/0x560
[  922.465699][T14093]  ? kthread_blkcg+0xd0/0xd0
[  922.470430][T14093]  ret_from_fork+0x48/0x80
[  922.474907][T14093]  ? kthread_blkcg+0xd0/0xd0
[  922.479557][T14093]  ret_from_fork_asm+0x11/0x20
[  922.484399][T14093]  </TASK>
[  922.525785][T14093] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  922.550877][T14093] Bluetooth: hci3: failed to register connection device
[  922.831929][T12836] tipc: Left network mode
[  923.072943][T14093] Bluetooth: hci2: command tx timeout
[  924.592737][T14093] Bluetooth: hci3: command tx timeout
[  925.163099][T14093] Bluetooth: hci2: command tx timeout
[  925.677896][T14901] chnl_net:caif_netlink_parms(): no params data found
[  926.972625][T11712] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  927.232616][T14093] Bluetooth: hci2: command tx timeout
[  927.902651][T11712] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  927.910886][T11712] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  927.961269][T11712] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  927.985443][T11712] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  928.000122][T11712] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  928.029222][T11712] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.058739][T11712] usb 4-1: config 0 descriptor??
[  928.202938][T11710] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  928.303290][T14901] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.331012][T14901] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.347686][T14901] bridge_slave_0: entered allmulticast mode
[  928.370808][T14901] bridge_slave_0: entered promiscuous mode
[  928.404916][T11710] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  928.474682][T11710] usb 2-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08
[  928.492586][T11710] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.503061][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.518691][T11710] usb 2-1: Product: syz
[  928.523707][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.531354][T11710] usb 2-1: Manufacturer: syz
[  928.538465][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.546054][T11710] usb 2-1: SerialNumber: syz
[  928.556019][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.564811][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.572429][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.581361][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.589365][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.597916][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.607921][T11710] usb 2-1: config 0 descriptor??
[  928.636009][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.637021][T14901] bridge0: port 2(bridge_slave_1) entered blocking state
[  928.637175][T14901] bridge0: port 2(bridge_slave_1) entered disabled state
[  928.637404][T14901] bridge_slave_1: entered allmulticast mode
[  928.641296][T14901] bridge_slave_1: entered promiscuous mode
[  928.680046][T11710] gm12u320 2-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -8
[  928.705624][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.729154][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.741549][T11710] gm12u320: probe of 2-1:0.0 failed with error -5
[  928.759036][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.781770][T11710] usb-storage 2-1:0.0: USB Mass Storage device detected
[  928.791467][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.830259][T11712] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  928.853593][T11712] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  928.896904][T11710] usb-storage 2-1:0.0: device ignored
[  928.935576][T11712] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  929.063053][T11712] usb 4-1: USB disconnect, device number 12
[  929.071946][T11710] usb 2-1: USB disconnect, device number 4
[  929.294794][T14979] fido_id[14979]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  929.313860][T14093] Bluetooth: hci2: command tx timeout
[  929.353935][T14901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  929.387715][T14901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  930.065712][T14901] team0: Port device team_slave_0 added
[  931.115873][T14901] team0: Port device team_slave_1 added
[  931.410941][T12836] hsr_slave_0: left promiscuous mode
[  931.906981][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  931.916552][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  932.011175][T12836] hsr_slave_1: left promiscuous mode
[  932.018021][T12836] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  932.025611][T12836] batman_adv: batadv0: Removing interface: batadv_slave_0
[  932.034105][T12836] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  932.041562][T12836] batman_adv: batadv0: Removing interface: batadv_slave_1
[  932.053664][T12836] bridge0: port 3(team0) entered disabled state
[  932.064672][T12836] bridge_slave_1: left allmulticast mode
[  932.070388][T12836] bridge_slave_1: left promiscuous mode
[  932.094360][T12836] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.118832][T12836] bridge_slave_0: left allmulticast mode
[  932.139612][T12836] bridge_slave_0: left promiscuous mode
[  932.153970][T12836] bridge0: port 1(bridge_slave_0) entered disabled state
[  932.226585][T12836] veth1_macvtap: left promiscuous mode
[  932.232264][T12836] veth0_macvtap: left promiscuous mode
[  932.246087][T12836] veth1_vlan: left promiscuous mode
[  932.251508][T12836] veth0_vlan: left promiscuous mode
[  934.418044][T12836] bond1 (unregistering): Released all slaves
[  934.475483][T14093] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  934.487386][T14093] CPU: 0 PID: 14093 Comm: kworker/u5:0 Not tainted syzkaller #0
[  934.495102][T14093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  934.505212][T14093] Workqueue: hci1 hci_rx_work
[  934.509978][T14093] Call Trace:
[  934.513296][T14093]  <TASK>
[  934.516275][T14093]  dump_stack_lvl+0x18c/0x250
[  934.521038][T14093]  ? show_regs_print_info+0x20/0x20
[  934.526328][T14093]  ? load_image+0x400/0x400
[  934.530905][T14093]  sysfs_create_dir_ns+0x26e/0x2a0
[  934.536075][T14093]  ? sysfs_warn_dup+0xa0/0xa0
[  934.540827][T14093]  ? do_raw_spin_unlock+0x121/0x230
[  934.546119][T14093]  kobject_add_internal+0x61c/0xcc0
[  934.551417][T14093]  kobject_add+0x164/0x240
[  934.555907][T14093]  ? kobject_init+0x1e0/0x1e0
[  934.560656][T14093]  ? _raw_spin_unlock+0x3a/0x40
[  934.565567][T14093]  ? get_device_parent+0x366/0x390
[  934.570740][T14093]  device_add+0x408/0xc20
[  934.575155][T14093]  hci_conn_add_sysfs+0xd5/0x1e0
[  934.580185][T14093]  le_conn_complete_evt+0xf5d/0x1540
[  934.585529][T14093]  ? hci_event_packet+0x4cb/0x1270
[  934.590810][T14093]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  934.597123][T14093]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  934.602814][T14093]  ? skb_pull_data+0xfb/0x200
[  934.607559][T14093]  hci_le_conn_complete_evt+0x187/0x440
[  934.613176][T14093]  ? hci_remote_host_features_evt+0x150/0x150
[  934.619312][T14093]  hci_event_packet+0x7ba/0x1270
[  934.624496][T14093]  ? bis_list+0x290/0x290
[  934.628898][T14093]  ? lockdep_hardirqs_on+0x98/0x150
[  934.634256][T14093]  ? hci_send_to_monitor+0xd7/0x4f0
[  934.639518][T14093]  hci_rx_work+0x43a/0xd60
[  934.644014][T14093]  ? process_scheduled_works+0x96f/0x15d0
[  934.649789][T14093]  process_scheduled_works+0xa5d/0x15d0
[  934.655453][T14093]  ? worker_attach_to_pool+0x380/0x380
[  934.661014][T14093]  ? assign_work+0x3d2/0x5d0
[  934.665678][T14093]  worker_thread+0xa55/0xfc0
[  934.670339][T14093]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  934.676300][T14093]  ? _raw_spin_unlock+0x40/0x40
[  934.681205][T14093]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  934.687178][T14093]  kthread+0x2fa/0x390
[  934.691295][T14093]  ? pr_cont_work+0x560/0x560
[  934.696038][T14093]  ? kthread_blkcg+0xd0/0xd0
[  934.700682][T14093]  ret_from_fork+0x48/0x80
[  934.705155][T14093]  ? kthread_blkcg+0xd0/0xd0
[  934.709806][T14093]  ret_from_fork_asm+0x11/0x20
[  934.714645][T14093]  </TASK>
[  934.717723][    C0] vkms_vblank_simulate: vblank timer overrun
[  934.772522][T14093] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  934.790964][T14093] Bluetooth: hci1: failed to register connection device
[  935.134756][T15033] program syz.1.2089 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  936.832676][T14093] Bluetooth: hci1: command 0x0406 tx timeout
[  938.115386][T12836] team_slave_1 (unregistering): left promiscuous mode
[  938.139286][T12836] team_slave_1 (unregistering): left allmulticast mode
[  938.191309][T12836] team0 (unregistering): Port device team_slave_1 removed
[  938.601743][T12836] team_slave_0 (unregistering): left promiscuous mode
[  938.609384][T12836] team_slave_0 (unregistering): left allmulticast mode
[  938.625307][T12836] team0 (unregistering): Port device team_slave_0 removed
[  938.903538][T15080] loop1: detected capacity change from 0 to 1024
[  939.133398][T15080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  939.146092][T15080] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  939.374507][T12836] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  939.469734][T12836] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  940.039075][T12836] bond0 (unregistering): Released all slaves
[  940.187187][T14901] batman_adv: batadv0: Adding interface: batadv_slave_0
[  940.195670][T14901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  940.228948][T14901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  940.249955][T14901] batman_adv: batadv0: Adding interface: batadv_slave_1
[  940.260804][T14901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  940.301698][T14901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  940.511571][T14361] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  940.579926][T14901] hsr_slave_0: entered promiscuous mode
[  940.649588][T14901] hsr_slave_1: entered promiscuous mode
[  940.669855][T14901] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  940.691166][T14901] Cannot create hsr debugfs directory
[  943.227279][T15121] loop7: detected capacity change from 0 to 1024
[  943.267803][T15121] EXT4-fs (loop7): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  943.281929][T15121] ext4 filesystem being mounted at /423/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  943.355979][T12836] IPVS: stop unused estimator thread 0...
[  943.810936][ T7641] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  946.448534][T14901] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  946.576517][T15160] 9pnet_virtio: no channels available for device syz
[  946.593638][T15160] futex_wake_op: syz.7.2115 tries to shift op by 36; fix this program
[  947.385343][T14901] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  948.013919][T14901] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  948.140899][T14901] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  948.894246][T14901] 8021q: adding VLAN 0 to HW filter on device bond0
[  949.009393][T14901] 8021q: adding VLAN 0 to HW filter on device team0
[  949.120298][T12828] bridge0: port 1(bridge_slave_0) entered blocking state
[  949.127715][T12828] bridge0: port 1(bridge_slave_0) entered forwarding state
[  949.328643][T12828] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.336134][T12828] bridge0: port 2(bridge_slave_1) entered forwarding state
[  950.146168][T14901] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  950.653619][  T788] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  951.393892][T15224] 9pnet_virtio: no channels available for device syz
[  951.502685][T15224] futex_wake_op: syz.1.2126 tries to shift op by 36; fix this program
[  952.323642][  T788] usb 4-1: Using ep0 maxpacket: 32
[  952.332219][  T788] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[  952.341149][  T788] usb 4-1: config 0 has no interface number 0
[  952.349701][  T788] usb 4-1: config 0 interface 188 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  952.461936][  T788] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  952.664339][  T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  952.673375][  T788] usb 4-1: Product: syz
[  952.677702][  T788] usb 4-1: Manufacturer: syz
[  952.682920][  T788] usb 4-1: SerialNumber: syz
[  952.693365][  T788] usb 4-1: config 0 descriptor??
[  952.787257][  T788] asix: probe of 4-1:0.188 failed with error -22
[  954.273423][T14901] 8021q: adding VLAN 0 to HW filter on device batadv0
[  954.409480][T15250] 9pnet_virtio: no channels available for device syz
[  954.419202][T15250] futex_wake_op: syz.7.2128 tries to shift op by 36; fix this program
[  954.478132][  T788] usb 4-1: USB disconnect, device number 13
[  954.578929][T14901] veth0_vlan: entered promiscuous mode
[  954.747602][T14901] veth1_vlan: entered promiscuous mode
[  955.053474][T14901] veth0_macvtap: entered promiscuous mode
[  955.149706][T14901] veth1_macvtap: entered promiscuous mode
[  955.268793][T14901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.302515][T14901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.323036][T14901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.368112][T14901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.412283][T14901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.452669][T14901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.511192][T14901] batman_adv: batadv0: Interface activated: batadv_slave_0
[  955.582845][T14901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  956.802562][T14901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  956.832846][T14901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  956.871340][T14901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  956.892542][T14901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  956.922669][T14901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  956.954656][T14901] batman_adv: batadv0: Interface activated: batadv_slave_1
[  957.007632][T14901] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  957.032631][T14901] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  957.041463][T14901] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  957.073337][T14901] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  957.404600][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  957.424037][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  957.485818][T12836] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  957.525743][T12836] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  962.384684][T15307] 9pnet_virtio: no channels available for device syz
[  962.391888][T15307] futex_wake_op: syz.3.2138 tries to shift op by 36; fix this program
[  962.402783][T11707] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  962.682575][T11707] usb 2-1: Using ep0 maxpacket: 32
[  962.723985][T11707] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  962.732398][T11707] usb 2-1: config 0 has no interface number 0
[  962.820643][T11707] usb 2-1: config 0 interface 188 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  962.909964][T11707] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  962.972532][T11707] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  963.022996][T11707] usb 2-1: Product: syz
[  963.027361][T11707] usb 2-1: Manufacturer: syz
[  963.083582][T11707] usb 2-1: SerialNumber: syz
[  963.101197][T11707] usb 2-1: config 0 descriptor??
[  963.115439][T11707] asix: probe of 2-1:0.188 failed with error -22
[  964.967282][T11712] usb 2-1: USB disconnect, device number 5
[  968.665292][ T5812] libceph: connect (1)[c::]:6789 error -101
[  968.793359][ T5812] libceph: mon0 (1)[c::]:6789 connect error
[  968.905036][T15369] ceph: No mds server is up or the cluster is laggy
[  969.055481][ T5812] libceph: connect (1)[c::]:6789 error -101
[  969.061699][ T5812] libceph: mon0 (1)[c::]:6789 connect error
[  969.912980][T11707] usb 2-1: new low-speed USB device number 6 using dummy_hcd
[  971.022587][T11707] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  971.123253][T11707] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  971.244204][T11707] usb 2-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  971.403944][T11707] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.425958][T11707] usb 2-1: config 0 descriptor??
[  971.447695][T11707] qmi_wwan: probe of 2-1:0.0 failed with error -22
[  972.332406][    T8] usb 2-1: USB disconnect, device number 6
[  973.870788][T15411] 9pnet_virtio: no channels available for device syz
[  973.878009][T15411] futex_wake_op: syz.2.2149 tries to shift op by 36; fix this program
[  974.918037][ T5776] Bluetooth: hci3: command 0x0406 tx timeout
[  976.913269][T15464] syzkaller0: entered promiscuous mode
[  976.939081][T15464] syzkaller0: entered allmulticast mode
[  977.142590][T14230] unregister_netdevice: waiting for vcan0 to become free. Usage count = 2