last executing test programs:

2m22.938178817s ago: executing program 32 (id=1480):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0x310, 0x5002004a, 0xb, 0x0, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x0, 0x0, 0x36}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x61, 0x0, 0x0, 0x2900}, {0x16}, {}, {}, {}, {0x7, 0x10}, {}, {0x0, 0x0, 0x0, 0x10000000}, {}, {0x0, 0x0, 0x0, 0x10000}, {}, {}, {}, {0x0, 0x0, 0x2}, {0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0xfffe}, {0x0, 0x0, 0xfd}, {0x0, 0x0, 0x0, 0x2da9}, {}, {}, {}, {0x1005}, {}, {0x0, 0x80}, {0x0, 0x0, 0x80}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0x2}, {0x5}, {0x0, 0xd}, {0x0, 0x9}, {}, {0x0, 0x0, 0xc}, {}, {0x0, 0x0, 0x0, 0x8000}, {}, {0x0, 0x0, 0x80}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8)

1m29.650926409s ago: executing program 33 (id=2665):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x3e, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e1b, 0x80000003, @loopback}, 0x1c)

1m25.842747232s ago: executing program 34 (id=2763):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x18a3c85)

1m24.332976944s ago: executing program 35 (id=2792):
r0 = syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008085}, 0x0)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x8, 0x0)
ptrace$setsig(0x4203, r0, 0x1, &(0x7f0000000140)={0x1b, 0x7, 0x7})

1m19.569723644s ago: executing program 1 (id=2906):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)

1m19.522247678s ago: executing program 1 (id=2908):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r2=>0x0, <r3=>0x0})
close(r2)
recvmsg$unix(r3, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000001600)=""/18, 0x12}], 0x1, &(0x7f0000001880)}, 0x40)

1m19.458689104s ago: executing program 1 (id=2909):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x88842, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="d8df0f23b3b9ce000000b807000000ba000000000f30658154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba000000000f300fc79d53bf0000c4e16dd3010f2202", 0x4f}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000140)={0x2, 0x0, [{0x80000000, 0xfffffff4, 0x7, 0x9, 0x5}, {0x7, 0x7fff, 0x4d47, 0x869, 0x6}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m19.364281604s ago: executing program 1 (id=2912):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x810c90, &(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYRESHEX=0x0, @ANYBLOB=',utf8,iocharset=mk=00000000000000000000000,iocharset=iso8859-3,errors=continue,\x00'/92], 0x1, 0x1520, &(0x7f0000001980)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm9yWSZJIklySZIkSXJLSJrkSEJiyC1pSJLkMiSXISSXaUwa9/tdEpKkSZKQ3JL1/wh/p1Pndzq/0zl+nzPP9/PZn1nPu/ez9trv8+733Xu9M/Ntl6E1G9eq1pCI4F+C538kA0AsAAwEgKsAIACA8vHl48+tzy0x+V/bCftzPZh2uUfALieuf87G9c/ZuP45G9c/Z+P652xc/5yN65+zcf0Zy8k2Tit0NS85d+H5/5yMP///i2SXGfPl6jLXdgWI+aMpXP+cjev/Xyv4Ixtx/XM2rn9OFXu5B8D+D+DzPyfI9XfXcP1zNq4/YznZv3+OWbnLPcf9Py0QydnfgVzu1x9jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsZzhpL9EAcDF9uUeF2OMMcYYY4wxxv48PtflHgFjjDHGGGOMMcb+/RAESFAQQAzkgljIDXEgAOBKyAtXQQSuhni4BvLBtZAfCkBBKAQJUBiKgAYDFghCKArFIArXQXG4HkpASSgFpcFBGUiEG6As3Ajl4CYoDzdDBbgFKkIluBUqw21QBW6HqnAHVIM7oTrUgJpQC+6C2nA31IF7oC7cC/XgPqgP90MDeAAawoPQCB6CxvAwNIFHoCk0g+bQAlr+r/Kfhx7wAvSEXpAMvaEPvAh9oR/0hwEwEF6CQfAyDIZXIAWGwFB4FYbBazAcXocR8AaMhDdhFLwFo2EMjIVxkArjYQK8DRPhHZgEk2EKTIU0mAbT4V2YATNhFrwHs+F9mANzYR7Mh3T4ADJgAWTCh7AQPoIsWASLYQkshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFj2EbfALb4VPYATthF3wGu+HzfzL/xN/kd0VAQIECFSqMwRiMxViMwzjMg3kwL+bFCEYwHuMxH+bD/JgfC2JBTMAELIJF0KBByk1YFItiFKNYHItjCSyBpbAUOnSYiIlYFm/EclgOy2N5rIAVsCJWwkpYGStjFayCVbEqVsNqWB2rY02siXfhXdgb62AdrIt1sR7Wuzg9hQ2xITbCRtgYG2MTbIJNsSk2x+bYEltiK2yFrbE1tsW22A7bYXtsj0mYhB2wA3bEjtgJO2Fn7IxdsAt2xW7YLfv5XIAv4AvYC6uL3tgH+2BfTMnVHwfgAHwJB+HL+DK+gik4BIfiq/gqvobD8TiOwDdwJI7EKuItHI1jkMQ4TMVUnIATcCJOxEk4GSfjVEzDaTgdp+MMnIkz8T2cje/j+zgX5+J8TMd0zMAFmImZuBBPYBYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFL56sCgA/xZ24E1NwN+7GPbgH9+Je3If7MBuzcT/uxwMW8CAexEN4CA/jETyKR/AYHsPjeAJPYr8LXT2b8HWjT0quSgFxjhJKxIgYEStiRZyIE3lEHpFX5BURERHxIl7kE/lEfpFfFBQFRYJIEEVEEWGEESTCGAAQUREVxUVxUUKUEKVEKeGEE4kiUZQVZUU5UU6UFzeLCuIWUVFUEm1cZVFZVBFtXVVxh6gmqonqooaoKWqJWqK2qC3qiDqirqgr6ol6or64XzQQvbE/PijOVaaxGIJNxFBsKpoJeeFIWonh2Fq0EW3F4+INHIHtRSuXJJ4SHcRo7Cj+IsbgM6KzGIddxHOiq+gmuovnRQ/R2vUUvcQk7C36iKnYV/QT/cUAMQNriPdwdu6a4hWRIoaIoeJVMR9fE8PF62JEbxAjxZtilHhLjBZjxFgxTqSK8WKCeFtMFO+ISWKymCKmijQxTUwX74oZYqaYJd4Ts8X7Yo6YK+aJ+SJdfCAyxAKRKT4UC8VHIkssEovFErFULBPLxQqRG1aJ1WKNWCvWifVig9goNonNYovYKj4W28QnYrv4VOwQO8Uu8ZnYLT4Xe8QXYq/4UuwTX4ls8bXYL74RB8S34qD4ThwS34vD4og4Kn4Qx8SP4rg4IU6KU+K0+EmcET+Ls8ILkCiFlFLJQMbIXDJW5pZx8gqZRwYXnt2rZby8RuaT18r8soAsKAvJBFlYFpFaGmklyVAWlcVkVF4ni8vrZQlZUpaSpaWTZWSivEGWlTfKcvImWV7eLCvIW2RFWUneKivL22QVebuEyPl9VJc1ZE1ZS94lk+FuWUfeI+vKe2U9eZ+sL++XDeQDsqF8UDaSD8nG8mHZRD4im8pmsrlsIVvKR2Ur+ZhsLdvItvJx2U4+IdvLJ2WSfEp2kP7CS+QZ2Vk+K7vI52RX2U12lz/Ls9LLnrKXhN4g+8gXZV/ZT/aXA+RA+ZIcJF+Wg+UrMkUOkUPlq3KYfE0Ol6/LEfINOVK+KUfJt+RoOUaOleNkqhwvJ8i35UT5jpwkJ8spcqpMk9Nk/ws9zZLyH+a//Tv5g3/Z+wa5UW6Sm+UWuVV+LLfJT+R2uV3ukDvkLrlL7pa75R65R+6Ve+U+uU9myzvkfrlfHpAH5EF5UB6Sh+RheUSekj/IY/JHeVyekCfkKXlanpZnLjwHoFAJJZVSgYpRuVSsyq3i1BUqj7pS5VVXqYi6WsWra1Q+da3KrwqogqqQSlCFVRGllVFWkQpVUVVMRdV1F9+jVClVWjlVRiWqG/6ZfFVcXa9KqJK/yr84vuS/M76WqqVqpVqp1qq1aqvaqnaqnWqv2qsklaQ6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKlklqz7qRdVX9VP91QA1UL2kBqlBarAarFJUihqqhqphapgaroarEWqEGqlGqlFqlBqtRquxaqxKValqgpqgJqqJapKapKaoKSpNpanparqaoWaoWWqWmq1mqzlqjpqn5ql0la4yVIbKVJlqoVqostQitUgtUUvUMrVMrVAr1Cq1Sq1Ra9Q6tU5lqY1qo9qsNqutaqvaprap7Wq72qF2qF1ql9qtdqs9ao/aq/aqfWqfylbZar/arw6oA+qgOqgOqUPqsDqsjqqj6pg6po6r4+qkOqlOq9PqjDqjzqqz5y77AhGIQAUqiAligtggNogL4oI8QZ4gb5A3iASRID6ID/IF1wb5gwJBwaBQkBAUDooEOjCBDcSFokeD64LiwfVBiaBkUCooHbigTJAY3BCUDW4MygU3BeWDm4MKwS1BxaBScGtQObgtqBLcHlQN7giqBXcG1YMaQc2gVnBXUDu4O6gT3BPUDe4N6gX3BfWD+4MGwQNBw+DBoFHwUNA4eDhoEjwSNA2aBc2DFkHLP7V/748XeMz11L10su6t++gXdV/dT/fXA/RA/ZIepF/Wg/UrOkUP0UP1q3qYfk0P16/rEfoNPVK/qUfpt/RoPUaP1eN0qh6vJ+i39UT9jp6kJ+speqpO09P0dP2unqFn6ln6PT1bv6/n6Ll6np6v0/UHOkMv0Jn6Q71Qf6Sz9CK9WC/RS/UyvVyv0Cv1Kr1ar9Fr9Tq9Xm/QG/UmvVlv0Vv1x3qb/kRv15/qHXqn3qU/07v153qP/kLv1V/qfforna2/1vv1N/qA/lYf1N/pQ/p7fVgf0Uf1D/qY/lEf1yf0SX1Kn9Y/6TP6Z31W+3MX9+c+3o0yysSYGBNrYk2ciTN5TB6T1+Q1ERMx8Sbe5DP5TH6T3xQ0BU2CSTBFTBFzDhkyRU1REzVRU9wUNyVMCVPKlDLOOJNoEk1ZU9aUM+VMeVPeVDAVTEVT0dxqbjW3mdvM7eZ2c4e5w9xp7jQ1TA1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDFNTVPT3DQ3LU1L08q0Mq1Na9PWtDXtTDvT3rQ3SSbJdDAdTEfT0XQynUxn09l0MV1MV9PVdDfdTQ/Tw/Q0PU2ySTZ9TB/T1/Q1/U1/M9AMNIPMIDPYDDYpJsUMNUPNMDPMDDfDzQjzhhl57kLVvGVGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbDJNhMk2mWWgWmiyTZRabxWapWWqWm+VmpVlpVpvVZi2sNevNerPRbDSbzWaz1Ww128w2s91sNzvMDrPL7DK7zW6zx+wxe81es8/sM9km2+w3+80Bc8AcNAfNIXPIHDaHzVFz1Bwzx8xxc9ycNCfNaVPgwuelN7E2t42zV9g89kqb115l/zYuaAvZBFvYFrHa5rcFfhUba20JW9KWsqWts2Vsor3hN3FFW8neaivb22wVe7ut+pu4tr3b1rH32Lr2XlvL3vWruJ69z9a3D9sGiAC2mW1kW9jG9mHbxD5im9pmtrltYdvZJ2x7+6RNsk/ZDvbp38QZdoFdaVfZ1XaN3WF32pP2lD1gv7Wn7U+2p+1lB9qX7CD7sh1sX7Epdshv4pH2TTvKvmVH2zF2rB33m3iKnWrT7DQ73b5rZ9iZv4nT7Qd2ts20c+xcO8/O/yXOsGgz7Yd2of3IZtkAFtsldqldZpfbFf9/rEvsOrvebrDb7ad2s91it9qP7baLF8J2p91lP7O77ed2v/3G7rVf2n32oM22X/8Snzu+g/Y7e8h+bw/bI/ao/cEesz+qi9nnjv0H+7M9a70FQgKSpCigGMpFsZSb4ugKykNXUl66iiJ0NcXTNZSPrqX8VIAKUiFKoMJUhDQZskQUUlEqRlG6ji4OrxSVJkdlKJFuoLJ0I5Wjm6g83UwV6BaqSJVyX9iMbqeqdAdVozupOtWgmlSL7qLadDfVoXuoLt1L9eg+qk/3UwN6gBrSg9SIHqLG9DA1oUeoKTWj5tSCWtKj1Ioeo9bUhtrS49SOnqD29CQl0VPUgZ6mjvQX6kTPUGd6lrrQc9SVulF3ep560AvUk3pRMvWmPvQi9aV+1J8G0EB6iQbRyzSYXqEUGkJD6VUaRq/RcHqdRtAbNJLepFH0Fo2mMTSWxlEqjacJ9DZNpHdoEk2mKTSV0mgaTad3aQbNpFn0Hs2m92kOzaV5NJ/S6QPKoAWUSR/SQvqIsmgRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6mbfQJbadPaQftpF30Ge2mz2kPfUF76UvaR19RNn1N++kbOkDf0kH6zvei7+kwHaGj9AMdox/pOJ2gk3SKTtNPdIZ+prPkCUIMRShDFQZhTJgrjA1zh3HhFWGe8Mowb3hVGAmvDuPDa8J84bVh/rBAWDAsFCaEhcMioQ5NaEMKw7BoWCyMhteFxcPrwxJhybBUWDp0YZkwMbwhLBveGJYLbwrLhzeHFcJbwophpfDheyuHt4VVwtvDquEdYbXwzrB6WCOsGdYK7wprh3eHdcJ7wrrhvWG58L6wfnh/2CB8IGwYPhg2Ch8KG4cPh03CR8KmYbOwedgibBk+GrYKHwtbh23CtuHjYbvwibB9+GSYFD4Vdgif/mX9fQv+/vrksHfYJ3wxfDH0/h45Lzo/mh79IJoRXRDNjH4YXRj9KJoVXRRdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q9b5WLnDohJNOucDFuFwu1uV2ce4Kl8dd6fK6q1zEXe3i3TUun7vW5XcFXEFXyCW4wq6I084468iFrqgr5qLuOlfcXe9KuJKulCvtnCvjEl0L19K1dK3cY661a+Pausfd4+4J94R70j3pnnId3NOuo/uL6+SecZ3ds+5Z95zr6rq57u5518ONz3v+ZEt2fVwf19f1df1dfzfQDXSD3CA32A12KS7FDXVD3TA3zA13w90IN8KNdCPd3QpgtBvtxrqxLtWluglugpvoJrpJbpKb4qa4NJfmprvpboab4arMPL+XOW6Om+fmuXSX7jLcuWvGTLfQLXRZLsstdovdUrfULXfL3Uq30q12q91at9atd+vdRrfRbXab3Va31W1z29x2t93t8Fed79TtdnvcHrfX7XX73Fcu233t9rtv3AH3rTvovnOH3PfusDvijrof3DH3ozvuTriT7pQ77X5yZ9zP7qzzLjUyPjIh8nZkYuSdyKTI5MiUyNRIWmRaZHrk3ciMyMzIrMh7kdmR9yNzInMj8yLzI+mRDyIZkQWRzMiHkYWRjyJZkUWRxZElkaWRZRHvC28OfVFfzEf9db64v96X8CV9KV/aO1/GJ/obfFl/oy/nb/Ll/c2+gr/FV/SV/K3+Ed/UN/PNfQvf0j/qW/nHfGvfxrf1j/t2/gnf3j/pk/xTvoN/2nf0f/Gd/DO+s3/Wd/HP+a6+m+/un/c9/Au+p+/lk31v38e/6Pv6fr6/H+AH+pf8IP+yH+xf8Sl+iB/qX/XD/Gt+uH/dj/Bv+JExb/pRF2+RYZxP9eP9BP+2n+jf8ZP8ZD/FT/Vpfpqf7t/1M/xMP8u/52f79/0cP9fP8/N9uv/AZ/gFPtN/6Bf6j3yWX3RxUtkv9yv8Sr/Kr/Zr/Fq/zq/3G/xGv8lv9lv8Vv+x3+Y/8dv9p36H3+l3+c/8bv+53+O/8Hv9l36f/8pn+6/9fv+NP+C/9Qf9d/6Q/94f9kf8Uf+DP+Z/9Mf9CX/Sn/Kn/U/+jP/Zn+W/WWOMMcYY+0PGX2qKX685P53f+3dyxF9t3AcArtxSKPuv15+7olyb/3y7n0hoFwGAp3p1efDiUr16cnLyhW2zJATF5gJc/CbonBi4FC+CtvAEJEEbKPu74+8nup2mf9B/9GaAuL/KiYVL8aX+vwDA5N/p/9HHR2ZUCE/G/w/9zwUoUexSTm64FC+Ctr/Mr7SBcn9n/AVa/YPx5/4yFaD1X+XkgUvxpfEnwmPwNCT9akvGGGOMMcYYY+y8fuLWThfvPy/+xufv3Z8nqEs5ueBS/I/uzxljjDHGGGOMMXb5PdOt+5OPJiW16fTPN6r+r7L+cKMJ/Lt65sbvNrwHuPiIAoB/sUOAcw35nzyKTf+RfaVcOHX+dtXSUz6A/xul/DMal/mNiTHGGGOMMfanu3TR/+vH1eUaEGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlgP9J/6d2OU+RsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY+xy+38BAAD//3lG9tE=")
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='./bus\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x40, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3813009, 0x0, 0x1, 0x0, 0x0)

1m19.284616592s ago: executing program 1 (id=2916):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x18)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m19.20272841s ago: executing program 1 (id=2918):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000140)=0x8000, 0x4)

1m19.20264946s ago: executing program 36 (id=2918):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000140)=0x8000, 0x4)

1m18.954833115s ago: executing program 6 (id=2924):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x88842, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="d8df0f23b3b9ce000000b807000000ba000000000f30658154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba000000000f300fc79d53bf0000c4e16dd3010f2202", 0x4f}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000140)={0x2, 0x0, [{0x80000000, 0xfffffff4, 0x7, 0x9, 0x5}, {0x7, 0x7fff, 0x4d47, 0x869, 0x6}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m18.787122992s ago: executing program 6 (id=2925):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
poll(0x0, 0x0, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)

1m18.585939842s ago: executing program 6 (id=2926):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1, 0x0, 0x0, 0x20000880}, 0x0)
recvmsg(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x10)
close(r0)

1m18.585688332s ago: executing program 6 (id=2927):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x810c90, &(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYRESHEX=0x0, @ANYBLOB=',utf8,iocharset=mk=00000000000000000000000,iocharset=iso8859-3,errors=continue,\x00'/92], 0x1, 0x1520, &(0x7f0000001980)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm9yWSZJIklySZIkSXJLSJrkSEJiyC1pSJLkMiSXISSXaUwa9/tdEpKkSZKQ3JL1/wh/p1Pndzq/0zl+nzPP9/PZn1nPu/ez9trv8+733Xu9M/Ntl6E1G9eq1pCI4F+C538kA0AsAAwEgKsAIACA8vHl48+tzy0x+V/bCftzPZh2uUfALieuf87G9c/ZuP45G9c/Z+P652xc/5yN65+zcf0Zy8k2Tit0NS85d+H5/5yMP///i2SXGfPl6jLXdgWI+aMpXP+cjev/Xyv4Ixtx/XM2rn9OFXu5B8D+D+DzPyfI9XfXcP1zNq4/YznZv3+OWbnLPcf9Py0QydnfgVzu1x9jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsZzhpL9EAcDF9uUeF2OMMcYYY4wxxv48PtflHgFjjDHGGGOMMcb+/RAESFAQQAzkgljIDXEgAOBKyAtXQQSuhni4BvLBtZAfCkBBKAQJUBiKgAYDFghCKArFIArXQXG4HkpASSgFpcFBGUiEG6As3Ajl4CYoDzdDBbgFKkIluBUqw21QBW6HqnAHVIM7oTrUgJpQC+6C2nA31IF7oC7cC/XgPqgP90MDeAAawoPQCB6CxvAwNIFHoCk0g+bQAlr+r/Kfhx7wAvSEXpAMvaEPvAh9oR/0hwEwEF6CQfAyDIZXIAWGwFB4FYbBazAcXocR8AaMhDdhFLwFo2EMjIVxkArjYQK8DRPhHZgEk2EKTIU0mAbT4V2YATNhFrwHs+F9mANzYR7Mh3T4ADJgAWTCh7AQPoIsWASLYQkshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFj2EbfALb4VPYATthF3wGu+HzfzL/xN/kd0VAQIECFSqMwRiMxViMwzjMg3kwL+bFCEYwHuMxH+bD/JgfC2JBTMAELIJF0KBByk1YFItiFKNYHItjCSyBpbAUOnSYiIlYFm/EclgOy2N5rIAVsCJWwkpYGStjFayCVbEqVsNqWB2rY02siXfhXdgb62AdrIt1sR7Wuzg9hQ2xITbCRtgYG2MTbIJNsSk2x+bYEltiK2yFrbE1tsW22A7bYXtsj0mYhB2wA3bEjtgJO2Fn7IxdsAt2xW7YLfv5XIAv4AvYC6uL3tgH+2BfTMnVHwfgAHwJB+HL+DK+gik4BIfiq/gqvobD8TiOwDdwJI7EKuItHI1jkMQ4TMVUnIATcCJOxEk4GSfjVEzDaTgdp+MMnIkz8T2cje/j+zgX5+J8TMd0zMAFmImZuBBPYBYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFL56sCgA/xZ24E1NwN+7GPbgH9+Je3If7MBuzcT/uxwMW8CAexEN4CA/jETyKR/AYHsPjeAJPYr8LXT2b8HWjT0quSgFxjhJKxIgYEStiRZyIE3lEHpFX5BURERHxIl7kE/lEfpFfFBQFRYJIEEVEEWGEESTCGAAQUREVxUVxUUKUEKVEKeGEE4kiUZQVZUU5UU6UFzeLCuIWUVFUEm1cZVFZVBFtXVVxh6gmqonqooaoKWqJWqK2qC3qiDqirqgr6ol6or64XzQQvbE/PijOVaaxGIJNxFBsKpoJeeFIWonh2Fq0EW3F4+INHIHtRSuXJJ4SHcRo7Cj+IsbgM6KzGIddxHOiq+gmuovnRQ/R2vUUvcQk7C36iKnYV/QT/cUAMQNriPdwdu6a4hWRIoaIoeJVMR9fE8PF62JEbxAjxZtilHhLjBZjxFgxTqSK8WKCeFtMFO+ISWKymCKmijQxTUwX74oZYqaYJd4Ts8X7Yo6YK+aJ+SJdfCAyxAKRKT4UC8VHIkssEovFErFULBPLxQqRG1aJ1WKNWCvWifVig9goNonNYovYKj4W28QnYrv4VOwQO8Uu8ZnYLT4Xe8QXYq/4UuwTX4ls8bXYL74RB8S34qD4ThwS34vD4og4Kn4Qx8SP4rg4IU6KU+K0+EmcET+Ls8ILkCiFlFLJQMbIXDJW5pZx8gqZRwYXnt2rZby8RuaT18r8soAsKAvJBFlYFpFaGmklyVAWlcVkVF4ni8vrZQlZUpaSpaWTZWSivEGWlTfKcvImWV7eLCvIW2RFWUneKivL22QVebuEyPl9VJc1ZE1ZS94lk+FuWUfeI+vKe2U9eZ+sL++XDeQDsqF8UDaSD8nG8mHZRD4im8pmsrlsIVvKR2Ur+ZhsLdvItvJx2U4+IdvLJ2WSfEp2kP7CS+QZ2Vk+K7vI52RX2U12lz/Ls9LLnrKXhN4g+8gXZV/ZT/aXA+RA+ZIcJF+Wg+UrMkUOkUPlq3KYfE0Ol6/LEfINOVK+KUfJt+RoOUaOleNkqhwvJ8i35UT5jpwkJ8spcqpMk9Nk/ws9zZLyH+a//Tv5g3/Z+wa5UW6Sm+UWuVV+LLfJT+R2uV3ukDvkLrlL7pa75R65R+6Ve+U+uU9myzvkfrlfHpAH5EF5UB6Sh+RheUSekj/IY/JHeVyekCfkKXlanpZnLjwHoFAJJZVSgYpRuVSsyq3i1BUqj7pS5VVXqYi6WsWra1Q+da3KrwqogqqQSlCFVRGllVFWkQpVUVVMRdV1F9+jVClVWjlVRiWqG/6ZfFVcXa9KqJK/yr84vuS/M76WqqVqpVqp1qq1aqvaqnaqnWqv2qsklaQ6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKlklqz7qRdVX9VP91QA1UL2kBqlBarAarFJUihqqhqphapgaroarEWqEGqlGqlFqlBqtRquxaqxKValqgpqgJqqJapKapKaoKSpNpanparqaoWaoWWqWmq1mqzlqjpqn5ql0la4yVIbKVJlqoVqostQitUgtUUvUMrVMrVAr1Cq1Sq1Ra9Q6tU5lqY1qo9qsNqutaqvaprap7Wq72qF2qF1ql9qtdqs9ao/aq/aqfWqfylbZar/arw6oA+qgOqgOqUPqsDqsjqqj6pg6po6r4+qkOqlOq9PqjDqjzqqz5y77AhGIQAUqiAligtggNogL4oI8QZ4gb5A3iASRID6ID/IF1wb5gwJBwaBQkBAUDooEOjCBDcSFokeD64LiwfVBiaBkUCooHbigTJAY3BCUDW4MygU3BeWDm4MKwS1BxaBScGtQObgtqBLcHlQN7giqBXcG1YMaQc2gVnBXUDu4O6gT3BPUDe4N6gX3BfWD+4MGwQNBw+DBoFHwUNA4eDhoEjwSNA2aBc2DFkHLP7V/748XeMz11L10su6t++gXdV/dT/fXA/RA/ZIepF/Wg/UrOkUP0UP1q3qYfk0P16/rEfoNPVK/qUfpt/RoPUaP1eN0qh6vJ+i39UT9jp6kJ+speqpO09P0dP2unqFn6ln6PT1bv6/n6Ll6np6v0/UHOkMv0Jn6Q71Qf6Sz9CK9WC/RS/UyvVyv0Cv1Kr1ar9Fr9Tq9Xm/QG/UmvVlv0Vv1x3qb/kRv15/qHXqn3qU/07v153qP/kLv1V/qfforna2/1vv1N/qA/lYf1N/pQ/p7fVgf0Uf1D/qY/lEf1yf0SX1Kn9Y/6TP6Z31W+3MX9+c+3o0yysSYGBNrYk2ciTN5TB6T1+Q1ERMx8Sbe5DP5TH6T3xQ0BU2CSTBFTBFzDhkyRU1REzVRU9wUNyVMCVPKlDLOOJNoEk1ZU9aUM+VMeVPeVDAVTEVT0dxqbjW3mdvM7eZ2c4e5w9xp7jQ1TA1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDFNTVPT3DQ3LU1L08q0Mq1Na9PWtDXtTDvT3rQ3SSbJdDAdTEfT0XQynUxn09l0MV1MV9PVdDfdTQ/Tw/Q0PU2ySTZ9TB/T1/Q1/U1/M9AMNIPMIDPYDDYpJsUMNUPNMDPMDDfDzQjzhhl57kLVvGVGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbDJNhMk2mWWgWmiyTZRabxWapWWqWm+VmpVlpVpvVZi2sNevNerPRbDSbzWaz1Ww128w2s91sNzvMDrPL7DK7zW6zx+wxe81es8/sM9km2+w3+80Bc8AcNAfNIXPIHDaHzVFz1Bwzx8xxc9ycNCfNaVPgwuelN7E2t42zV9g89kqb115l/zYuaAvZBFvYFrHa5rcFfhUba20JW9KWsqWts2Vsor3hN3FFW8neaivb22wVe7ut+pu4tr3b1rH32Lr2XlvL3vWruJ69z9a3D9sGiAC2mW1kW9jG9mHbxD5im9pmtrltYdvZJ2x7+6RNsk/ZDvbp38QZdoFdaVfZ1XaN3WF32pP2lD1gv7Wn7U+2p+1lB9qX7CD7sh1sX7Epdshv4pH2TTvKvmVH2zF2rB33m3iKnWrT7DQ73b5rZ9iZv4nT7Qd2ts20c+xcO8/O/yXOsGgz7Yd2of3IZtkAFtsldqldZpfbFf9/rEvsOrvebrDb7ad2s91it9qP7baLF8J2p91lP7O77ed2v/3G7rVf2n32oM22X/8Snzu+g/Y7e8h+bw/bI/ao/cEesz+qi9nnjv0H+7M9a70FQgKSpCigGMpFsZSb4ugKykNXUl66iiJ0NcXTNZSPrqX8VIAKUiFKoMJUhDQZskQUUlEqRlG6ji4OrxSVJkdlKJFuoLJ0I5Wjm6g83UwV6BaqSJVyX9iMbqeqdAdVozupOtWgmlSL7qLadDfVoXuoLt1L9eg+qk/3UwN6gBrSg9SIHqLG9DA1oUeoKTWj5tSCWtKj1Ioeo9bUhtrS49SOnqD29CQl0VPUgZ6mjvQX6kTPUGd6lrrQc9SVulF3ep560AvUk3pRMvWmPvQi9aV+1J8G0EB6iQbRyzSYXqEUGkJD6VUaRq/RcHqdRtAbNJLepFH0Fo2mMTSWxlEqjacJ9DZNpHdoEk2mKTSV0mgaTad3aQbNpFn0Hs2m92kOzaV5NJ/S6QPKoAWUSR/SQvqIsmgRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6mbfQJbadPaQftpF30Ge2mz2kPfUF76UvaR19RNn1N++kbOkDf0kH6zvei7+kwHaGj9AMdox/pOJ2gk3SKTtNPdIZ+prPkCUIMRShDFQZhTJgrjA1zh3HhFWGe8Mowb3hVGAmvDuPDa8J84bVh/rBAWDAsFCaEhcMioQ5NaEMKw7BoWCyMhteFxcPrwxJhybBUWDp0YZkwMbwhLBveGJYLbwrLhzeHFcJbwophpfDheyuHt4VVwtvDquEdYbXwzrB6WCOsGdYK7wprh3eHdcJ7wrrhvWG58L6wfnh/2CB8IGwYPhg2Ch8KG4cPh03CR8KmYbOwedgibBk+GrYKHwtbh23CtuHjYbvwibB9+GSYFD4Vdgif/mX9fQv+/vrksHfYJ3wxfDH0/h45Lzo/mh79IJoRXRDNjH4YXRj9KJoVXRRdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH90Q9b5WLnDohJNOucDFuFwu1uV2ce4Kl8dd6fK6q1zEXe3i3TUun7vW5XcFXEFXyCW4wq6I084468iFrqgr5qLuOlfcXe9KuJKulCvtnCvjEl0L19K1dK3cY661a+Pausfd4+4J94R70j3pnnId3NOuo/uL6+SecZ3ds+5Z95zr6rq57u5518ONz3v+ZEt2fVwf19f1df1dfzfQDXSD3CA32A12KS7FDXVD3TA3zA13w90IN8KNdCPd3QpgtBvtxrqxLtWluglugpvoJrpJbpKb4qa4NJfmprvpboab4arMPL+XOW6Om+fmuXSX7jLcuWvGTLfQLXRZLsstdovdUrfULXfL3Uq30q12q91at9atd+vdRrfRbXab3Va31W1z29x2t93t8Fed79TtdnvcHrfX7XX73Fcu233t9rtv3AH3rTvovnOH3PfusDvijrof3DH3ozvuTriT7pQ77X5yZ9zP7qzzLjUyPjIh8nZkYuSdyKTI5MiUyNRIWmRaZHrk3ciMyMzIrMh7kdmR9yNzInMj8yLzI+mRDyIZkQWRzMiHkYWRjyJZkUWRxZElkaWRZRHvC28OfVFfzEf9db64v96X8CV9KV/aO1/GJ/obfFl/oy/nb/Ll/c2+gr/FV/SV/K3+Ed/UN/PNfQvf0j/qW/nHfGvfxrf1j/t2/gnf3j/pk/xTvoN/2nf0f/Gd/DO+s3/Wd/HP+a6+m+/un/c9/Au+p+/lk31v38e/6Pv6fr6/H+AH+pf8IP+yH+xf8Sl+iB/qX/XD/Gt+uH/dj/Bv+JExb/pRF2+RYZxP9eP9BP+2n+jf8ZP8ZD/FT/Vpfpqf7t/1M/xMP8u/52f79/0cP9fP8/N9uv/AZ/gFPtN/6Bf6j3yWX3RxUtkv9yv8Sr/Kr/Zr/Fq/zq/3G/xGv8lv9lv8Vv+x3+Y/8dv9p36H3+l3+c/8bv+53+O/8Hv9l36f/8pn+6/9fv+NP+C/9Qf9d/6Q/94f9kf8Uf+DP+Z/9Mf9CX/Sn/Kn/U/+jP/Zn+W/WWOMMcYY+0PGX2qKX685P53f+3dyxF9t3AcArtxSKPuv15+7olyb/3y7n0hoFwGAp3p1efDiUr16cnLyhW2zJATF5gJc/CbonBi4FC+CtvAEJEEbKPu74+8nup2mf9B/9GaAuL/KiYVL8aX+vwDA5N/p/9HHR2ZUCE/G/w/9zwUoUexSTm64FC+Ctr/Mr7SBcn9n/AVa/YPx5/4yFaD1X+XkgUvxpfEnwmPwNCT9akvGGGOMMcYYY+y8fuLWThfvPy/+xufv3Z8nqEs5ueBS/I/uzxljjDHGGGOMMXb5PdOt+5OPJiW16fTPN6r+r7L+cKMJ/Lt65sbvNrwHuPiIAoB/sUOAcw35nzyKTf+RfaVcOHX+dtXSUz6A/xul/DMal/mNiTHGGGOMMfanu3TR/+vH1eUaEGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlgP9J/6d2OU+RsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY+xy+38BAAD//3lG9tE=")
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='./bus\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x40, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3813009, 0x0, 0x1, 0x0, 0x0)

1m18.433356478s ago: executing program 6 (id=2928):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)

1m18.11037915s ago: executing program 6 (id=2931):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
open_tree(0xffffffffffffffff, &(0x7f0000000680)='./bus\x00', 0x1)

1m18.075997744s ago: executing program 37 (id=2931):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
open_tree(0xffffffffffffffff, &(0x7f0000000680)='./bus\x00', 0x1)

1m12.130336432s ago: executing program 9 (id=3078):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000300)='tlb_flush\x00', r0}, 0x18)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0x14)

1m12.054573379s ago: executing program 9 (id=3079):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x1}]})
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x154, 0x10, 0x1, 0x80, 0x0, {{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in=@dev, 0x0, 0x32}, @in6=@loopback, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x0, 0xefffffff, 0x0, 0x70bd2a, 0x180}}]}, 0x154}}, 0x0)

1m11.24954533s ago: executing program 9 (id=3093):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

1m10.973134298s ago: executing program 9 (id=3097):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='ramfs\x00', 0x2014050, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00')

1m10.972533398s ago: executing program 9 (id=3098):
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000340), 0x2000011a)
sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@ipv6_getanyicast={0x14, 0x3e, 0x8, 0x70bd26, 0x25dfdbfd}, 0x14}}, 0x10)
splice(r1, 0x0, r0, 0x0, 0x4ff9c, 0x0)

1m10.878548428s ago: executing program 9 (id=3101):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000a80)="790a09002f0cd2ff03580bdc86dd", 0x0, 0xd5b6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m10.85445248s ago: executing program 38 (id=3101):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000a80)="790a09002f0cd2ff03580bdc86dd", 0x0, 0xd5b6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

49.553156704s ago: executing program 3 (id=3520):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000080)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
close(0x3)

49.541575535s ago: executing program 3 (id=3521):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010020000000000000000100000004000180100002800c0001800800010003"], 0x28}}, 0x0)

49.529374066s ago: executing program 3 (id=3522):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
creat(&(0x7f0000000000)='./file0\x00', 0x60)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(&(0x7f0000000040)='./file0\x00', 0xb)

49.513559258s ago: executing program 3 (id=3523):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0)

49.502355339s ago: executing program 3 (id=3524):
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x14)
close(r0)
r1 = getpid()
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = syz_pidfd_open(r1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x1004001, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

49.428413306s ago: executing program 3 (id=3528):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt(r0, 0x1, 0x8, &(0x7f0000000e80)="b6d38a68", 0x4)
sendto$inet6(r0, &(0x7f0000000240)="3afd", 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c)
shutdown(r0, 0x1)

49.428246056s ago: executing program 39 (id=3528):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt(r0, 0x1, 0x8, &(0x7f0000000e80)="b6d38a68", 0x4)
sendto$inet6(r0, &(0x7f0000000240)="3afd", 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty, 0x10}, 0x1c)
shutdown(r0, 0x1)

23.518534363s ago: executing program 4 (id=4236):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

23.440046471s ago: executing program 4 (id=4237):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x2)
readv(r1, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

23.339502931s ago: executing program 4 (id=4239):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000003c0)='./file1\x00', 0x1c, &(0x7f0000000080)={[{@nombcache}, {@dioread_lock}, {@nodiscard}, {@nomblk_io_submit}, {@noblock_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x44f, &(0x7f00000010c0)="$eJzs3M1vFGUYAPBnZtsiX7YifvChVtHY+NHSgsrBgxpNPGhiogc81rYQZKGG1kQI0WoMHg2Jd+PRxL/Ak16MejLxqndDQgwX0NOa2Z1pt8t2ocu2g+zvlwy873z0fZ6deXffmbfbAPrWaPZPErEjIv6IiOFGdfUOo43/rl05P/PPlfMzSdRqb/+d1Pe7euX8TLFrcdz2vDKWRqSfJ7GvTbsLZ8+dnK5W587k9YnFUx9MLJw99+yJU9PH547PnZ46cuTwockXnp96rid5ZjFd3fvx/P49r7978c2Zoxff++W7pMi/JY9VlrpucrTTxidqta5/8O1oZ1M5GSgxENalEhHZ6Rqs9//hqMTKyRuO1z4rNThgQ9Vqtdr2tTcv1YA7WBJlRwCUo/igz+5/i2WThh63hcsvN26Asryv5Utjy0Ck+T6DLfe3vTQaEUeX/v06W6LTcwgAgB75IRv/PNNu/JfG/U373Z3PDY1ExD0RsSsi7o2I3RFxX0R93wci4sF1tt86SXL9+Ce91FViNykb/72Yz22tHv8Vo78YqeS1nfX8B5NjJ6pzB/PXZCwGt2T1yQ5t/Pjq71+uta15/JctWfvFWDCP49LAltXHzE4vTt9Kzs0ufxqxd6Bd/snyTEASEXsiYm+XbZx46tv9a227cf4d9GCeqfZNxJON878ULfkXks7zkxN3RXXu4ERxVVzv198uvLVW+7eUfw9k539b2+t/Of+RpHm+dmH9bVz484s172m6vf6Hknfq5aF83UfTi4tnJiOGkjcaQTevn1o5tqgX+2f5jx1o3/93xcorsS8isov4oYh4OCIeyWN/NCIei4gDHfL/+ZXH3+8+/42V5T+7rvO/UhiK1jXtC5WTP32/qtGR9eSfnf/D9dJYvuZm3v9uJq7urmYAAAD4/0kjYkck6fhyOU3Hxxu/L787tqXV+YXFp4/Nf3h6tvEdgZEYTIsnXcNNz0Mn89v6oj7VUj+UPzf+qrK1Xh+fma/Olp089Lnta/T/zF+VsqMDNpzva0H/0v+hf+n/0L/0f+hfbfr/1jLiADZfu8//T0qIA9h8Lf1/edrvpRJiATaX+3/oX/o/9C/9H/rSwta48ZfkFTagUPx9hXLDqES3h0da/mt4xxQG84vhdonn5HS1xDclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHvovAAD//+qG390=")
truncate(&(0x7f0000000040)='./file1\x00', 0x1001bfc)

23.203096795s ago: executing program 4 (id=4242):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file2\x00', 0x10, &(0x7f000000df00)={[{@nodiscard}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@fault_type={'fault_type', 0x3d, 0x7fff}}, {@grpjquota}, {@noflush_merge}, {@nocheckpoint_merge}, {@acl}, {@gc_merge}, {@compress_cache}, {@alloc_mode_def}, {@noinline_xattr}, {@background_gc_off}, {@checkpoint_diasble}]}, 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x14a)
fallocate(r0, 0x10, 0x800, 0x870)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000809, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

22.811704835s ago: executing program 4 (id=4260):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000009"], 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000006000000040000000100000000000000", @ANYRES32=r0], 0x50)
close(r0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)

22.215829374s ago: executing program 4 (id=4263):
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014000380100001800800010000000000040003"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

22.180100418s ago: executing program 40 (id=4263):
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014000380100001800800010000000000040003"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

5.75824805s ago: executing program 7 (id=4760):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0xffff, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x7, 0x2}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000400)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xc}, 0xe)

5.710515015s ago: executing program 7 (id=4761):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.56052472s ago: executing program 7 (id=4768):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000280)='tlb_flush\x00', r0}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

5.532172683s ago: executing program 7 (id=4769):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0)

3.588968038s ago: executing program 7 (id=4809):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120100009e173610ef171e7206de010203030902"], 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000680)=ANY=[@ANYBLOB="000a04"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.209524227s ago: executing program 5 (id=4814):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
pivot_root(&(0x7f0000000000)='.\x00', &(0x7f00000004c0)='./file1\x00')

3.197925098s ago: executing program 5 (id=4815):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
unshare(0x62000000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = getpgid(0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000030429bd7000fedbdf2500007400", @ANYRES32=r1, @ANYBLOB="00080000009000001800128008000100736974000c00028008000100", @ANYRES32=r1, @ANYBLOB="08001300", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3.163849241s ago: executing program 5 (id=4816):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103050000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad00090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x80, 0x1c, {0xfe, 0x80, 0x2, 0x9, 0x4, 0x8000, 0x80, 0xec, 0x100, 0xfffc, 0x23, 0xfb}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000900)={0x14, 0x0, &(0x7f00000008c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

2.265108312s ago: executing program 0 (id=4837):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f00000000c0)=0x6568, 0x4)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1)
recvmmsg(r0, &(0x7f0000002280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/25, 0x19}, 0x3}], 0x1, 0x0, 0x0)

2.264868942s ago: executing program 0 (id=4838):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$incfs(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='./bus\x00', &(0x7f0000000640), 0x0, 0x0)
mount$cgroup2(0x0, &(0x7f0000000100)='./bus\x00', 0x0, 0x20, &(0x7f0000000400)={[], [{@defcontext={'defcontext', 0x3d, 'system_u'}}]})

2.258985592s ago: executing program 0 (id=4839):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x39, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x8, 0xb, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)={0x40, 0xf, 0x5, {0x5, 0x5, "a7fecf"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

1.904819058s ago: executing program 2 (id=4845):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000000040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r1}, 0x10)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.890723199s ago: executing program 2 (id=4846):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000240)={&(0x7f000046a000/0x2000)=nil, &(0x7f000012a000/0x3000)=nil, 0x2000, 0x3})

1.877801361s ago: executing program 2 (id=4847):
syz_mount_image$f2fs(&(0x7f0000010580), &(0x7f00000105c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='active_logs=4,jqfmt=vfsv0,prjjquota=f2fs\x00,mode=adaptive,heap,norecovery,fsync_mode=posix,user_xattr,disable_roll_forward,\x00\x00\x00'], 0x1, 0x105c9, &(0x7f0000020bc0)="$eJzs3M1uG1UUAODjpClNKCVCLNh1JISUSLUVJ2kFuwCpAIlUET8LVuDYjuXWP1HsJKYIEVgjln0RWLFnz0uwQyyQ2BWBPDOGphQRqHGS5vuk8Zl7PXN8rlWpOnMjB3BuzSe//FyIKzEbEdMRcTkiPS/kR2otCy9ExNWImHrgKOTzf0xcjIi5iLgyTJ7lLORvfXrvcOP+YGMuz3rtZFYMnAYvRUR7Jzs/aGex28ji7Xy+st9MY3t1P4/ZG+07+bibxYP6VprhoDK6rpLGlUZ2fXdnrzeM261KdRgbze10fqeTfWBvvzHKk95wu7Kbjmv1rVG5h+l9d7PBII93e/0sTy3P93GaPvr9Uczm64N6tp6dO2msdvr5fDerr1YfDON+HnvZdFS7rVpax9Z//JLPgLebnb1Bsl/f7TW7neR6qfxyqXyjWN7t1ur9+mqx0q7dWE0WGq3hZcV+vdJea3S7jVa9VO22F5OFRrVaLJeThfX6VrPSScrl0kppqXh9MT+7lrxx6/2kVUsWhvG1Zmev32z1ku3ubpLdsZgsl1ZeWUxeLCfvbmwmm+/cvLmx+d6H6x/cenXjrdfzi/5SVrKwvLS8XCwvFZfLi/9ywb+eyvUP/4uezPofcunxbue8K5x0AQBnT9r/z8Yk+/9Pvr330/oXle/1/3COnaX+v5k35Pr/8Tsl/e/k+v9jrP/zc7R+/T+PRf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBu/TDz9ZvpyXw2fjqffyafei4fFyJiKiJ+e4TpuHgk53SeZ+Zvrp95qIbvCpFmGH7GU/kxFxFr+XH/2UfXfmGs3wQAAAA8mb45vPpV1q1nL/MnXRCTlD20mbr80ZjyFSJiZv7HMWWbGr48P6Zk6b/vCzEYU7b0AdalMSXLH4p9NqZ0xzJ9JFx6IBSyMDXJagAAgMk42gnYUQcAAHhyfXnSBTB+x9m/K8RoK3O0F5z+5f2fG4KzR0YAAADAGVQ46QIAAACA/13a/5/l3/8DAAAA/ln2+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRHMCfDW7pl4qqLiv1Kt3BMXqELrtEHKCX4Aj0CrkAZyC7HCHCER6j4IhIURgbBf1+kj/Ggj/PiM2bQQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgT7fVev5/8fPfuTm7+jx57gYAAAA4ZVut583JNI0/tde/tJe+teMiIsqIONW7j+JdJ3PU5lTPvL56UsNNRJOw/4z37fYxIn612/3Xvr8FAAAAuF6b5WqWuvW0m166IIaUJm3Kz78z5RURUU3vMqWV+933TGHN73scfzOlNRNYk0xhacptnCvtRUadw+ToUKRDOWg5AADAILqdwLBdCAAAAEP6c3S+uGAdDKyIw1LmYS24+ef944Lgh84IAAAAeIOKSxcAAAAA9K7p/z3/DwAAAK5bev4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfdpW6/lmuZqdm7OrX+HHJL25rusMtwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MD+vKNACIRBGOxd35nM/Q8rDRobmlSB8PE3BgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw4nd/+T8xNc4kc6+NpeeRZO3U2Do19s6Noz+Mr18DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzR7375PzE1ziRzp42l45Fk7aqxddXYe9A4ejDe/g0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv37xpJFQcA/M3uzt4PkFujLJyNJ56cKF6y5y8EmyuEYCFYieWS2z1W91TuUnhHCtNYCP4HNtpeIwQEOQv/giusvDI2EWSLCBZWyvyKk2zQiZrZ3dznA2/eN5OXed83gZDvvEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMLkarhQxM3k0MniRn7ux92NtaR/cKBP7PTvnk9aEkf1pr1wWsk96s46CwAAAE66ZlHfhxC2463VpG900vr/mWJMUvNvPJLFRT1/sO4v+qL2T9q97756e2+iTjZPHEL4pjMerNS2wvl2seK4cxXGpM8Ssic0zfTb1nhz87FJnN716PP7999op+Gp/5YxAPB/uFz0eTCMPkl/PxqOxoPeLBMDYHG1/vnTxZCi/m92asgLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMYmm+H5Io5CCE+0/ooTD3Y31g7rd/p3zxft3LuPf1q+ZnKJOIQwHI0Hp2tcyzy7WHHcrdt33u+Px4ObRwqe/FdfJRAIFiU45h9QAACcKHHekrp+O95aTc5FSyH88eX++v9SKQ4V6//vR/culecq1/+92lY436rW/8vrNz5avnX7zgujG/3rg+uDD670Xuq9uvLay71XlpP7uZIdjzlbAAAAFlU7b+X6v7E0vf9/thSHivX/Dz+/80t5rqb6f8rR9/+POSEAAICH2KMXfvs1OuR81G6Hj/vr6zd72XHv4yvZcQap/r0z06dO5a1c/zeXZpAbAAAAULvJZrRv//9aKQ4V9/+/fe73L8rXbOaPIIaj8eDy2ofja/UtZ25N7/93Dh1Xx58T17BcAAAAZuRM3sr7/3H6/n/jqWJMI4Tw7NNZnP8bwEr1/+utz66W5yq///9ifUucS41udj+qvP+fju2G0OrWkBgAAAAn0um8JfX/T/HW6ntfn32r7f1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5kf+5tEwbCOA6/viRK3CYjpLf4mIGGCsEKgIRkyTMwAAvRUNFaLAIrgATnms5QPE/z/xVX3AsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvL3r0xcfEVFE6jJFmm7/zp8R8RVp17aT73sW+8up+Xnk4nCc5fyN+X8ZEWUUfZwDANC7qtsc6029GuQd5h3lHeetyqZevvLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGCgAA//9fbFmx")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x183341, 0x141)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x82)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000040)={0x8, 0x40000cca8, 0x4010})
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0)

1.569676612s ago: executing program 7 (id=4848):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x2179, 0x53, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xa16, 0x8, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x9, 0x0, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0xa, "c5df3855"}]}}, 0x0}, 0x0)

1.366815432s ago: executing program 2 (id=4852):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0xff, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x1, 0x1000, 0xc, 0x9, 0x4, 0xc4, 0x0, 0x5, 0x6a, 0x3, 0x0, 0xfb}, {0x1, 0xd000, 0x6, 0x0, 0x1, 0x0, 0x9, 0x0, 0x8, 0x4, 0x4}, {0x6000, 0x100000, 0xf, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x3e}, {0xeefe0000, 0x0, 0x0, 0x78, 0x8, 0x0, 0x2, 0x0, 0x40, 0xfe, 0x5}, {0x0, 0xeeee8000, 0xe, 0x4, 0x4, 0x2, 0xa1, 0x20}, {0xf000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x8}, {0x80a0000, 0x3}, {0xdddd1000}, 0xddf8ffcf, 0x0, 0x0, 0x122, 0x3, 0x800, 0x2000, [0x80000001, 0x3, 0x1]})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x14, 0x0, 0x0)

1.311046248s ago: executing program 8 (id=4853):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)

1.279904891s ago: executing program 8 (id=4854):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
writev(r0, &(0x7f00000006c0)=[{&(0x7f00000001c0)="2e8b3d0007e03dd65140dfffffffff3f86ddf0f70aa167ec119ce2b26712e900052f8db0049d90491ceafa8533f858dbb8a1000000000000", 0x38}, {&(0x7f0000000100)="e0ccc2f7018a1e2e353c", 0xa}], 0x2)

1.231155626s ago: executing program 8 (id=4855):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000300)=r1}, 0x20)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="02139c090a0000002abd7000fcdbdf25080012"], 0x50}}, 0x80)

1.214222018s ago: executing program 8 (id=4856):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
syz_emit_ethernet(0x7a, &(0x7f00000001c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x16, 0x2, 0xffff, 0x0, 0x0, {[@generic={0x13, 0xc, "cc3438886c3354a45e5e"}, @mss={0x2, 0x4, 0xfffe}, @window={0x3, 0x3, 0x8}, @sack={0x5, 0x12, [0x4, 0x5, 0x2a, 0xa9c]}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x16, [0x10000, 0xa123, 0x3, 0x1, 0x4]}]}}}}}}}, 0x0)

1.180959611s ago: executing program 8 (id=4857):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x8084)

1.164551433s ago: executing program 8 (id=4858):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000740)={0x24, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x880)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, 0x0, 0x0}, 0x20)
ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f0000000300)={0x3, 0xffffffff, 0x7})

1.062816792s ago: executing program 2 (id=4859):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'erspan0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080065584803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

1.049958564s ago: executing program 2 (id=4860):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
fchdir(0xffffffffffffffff)
mkdir(0x0, 0x61)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f00000000c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f00000006c0)=""/101, 0x65, 0x0, 0x0, 0x4, 0x3, 0x10000001}}, 0x120)
writev(r0, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e000000", 0x4}, {&(0x7f00000006c0), 0x1000000}], 0x2)

438.989956ms ago: executing program 5 (id=4861):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000840)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$selinux_access(r2, &(0x7f00000003c0)={'system_u:object_r:systemd_logind_exec_t:s0', 0x20, '/usr/lib/telepathy/mission-control-5', 0x20, 0x6}, 0x65)

372.417812ms ago: executing program 0 (id=4862):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x25c, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xbdde6a4deb8c9c02, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00', r0}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000"], 0x48)
r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[], 0xfe44, 0x0)

302.534539ms ago: executing program 5 (id=4863):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2, &(0x7f0000000340)={[{@jqfmt_vfsold}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@noblock_validity}, {@noload}, {@delalloc}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@discard}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@nomblk_io_submit}, {@init_itable_val={'init_itable', 0x3d, 0xfff}}]}, 0xfa, 0x477, &(0x7f0000001380)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9)
symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x2, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x1, 0x0, &(0x7f0000000000))
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa1)

302.200929ms ago: executing program 0 (id=4864):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x2000004c, &(0x7f00000003c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,iocharset=iso8859-1,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646973636172642c00214b3cf244ea5fb7437f2c69f67a093e240a6e978fa4cd2d"], 0x1, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==")
timer_settime(0x0, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

300.987409ms ago: executing program 0 (id=4865):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x1, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x3}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
sendto$inet(r0, &(0x7f00000001c0)="c2", 0x1, 0x4000041, 0x0, 0x0)

0s ago: executing program 5 (id=4866):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000000)=0xf41, 0x4)
sendto$packet(r1, &(0x7f0000000240)='\x00', 0x1, 0x800, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfc}}, 0x14)

kernel console output (not intermixed with test programs):

s timestamps until 2038-01-19 (0x7fffffff)
[  180.671509][   T30] audit: type=1400 audit(2000000585.492:3207): avc:  denied  { map } for  pid=9103 comm="syz.5.3569" path="/454/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  180.683952][ T9102] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  180.701966][ T9102] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  180.735415][ T9104] EXT4-fs error (device loop5): ext4_free_blocks:6218: comm syz.5.3569: Freeing blocks not in datazone - block = 0, count = 16
[  180.757654][ T7730] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  180.773546][ T7730] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28
[  180.786046][ T7730] EXT4-fs (loop5): This should not happen!! Data will be lost
[  180.786046][ T7730] 
[  180.795924][ T7730] EXT4-fs (loop5): Total free blocks count 0
[  180.802383][ T7730] EXT4-fs (loop5): Free/Dirty block details
[  180.808341][ T7730] EXT4-fs (loop5): free_blocks=4293918736
[  180.814993][ T7730] EXT4-fs (loop5): dirty_blocks=16
[  180.820277][ T7730] EXT4-fs (loop5): Block reservation details
[  180.826458][ T7730] EXT4-fs (loop5): i_reserved_data_blocks=1
[  180.943586][   T30] audit: type=1400 audit(2000000585.772:3208): avc:  denied  { bind } for  pid=9118 comm="syz.0.3574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  180.990287][ T9002] attempt to access beyond end of device
[  180.990287][ T9002] loop4: rw=2049, want=45104, limit=40427
[  181.072735][ T9129] loop5: detected capacity change from 0 to 512
[  181.086937][   T30] audit: type=1400 audit(2000000585.912:3209): avc:  denied  { bind } for  pid=9132 comm="syz.0.3581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  181.113887][ T9129] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  181.126454][   T30] audit: type=1400 audit(2000000585.912:3210): avc:  denied  { name_bind } for  pid=9132 comm="syz.0.3581" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  181.149610][ T9129] EXT4-fs (loop5): 1 truncate cleaned up
[  181.155327][ T9129] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none.
[  181.175408][   T30] audit: type=1400 audit(2000000585.912:3211): avc:  denied  { node_bind } for  pid=9132 comm="syz.0.3581" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  181.251384][   T30] audit: type=1400 audit(2000000585.992:3212): avc:  denied  { mounton } for  pid=9134 comm="syz.2.3583" path="/79/file0" dev="tmpfs" ino=445 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  181.274512][   T30] audit: type=1400 audit(2000000586.032:3213): avc:  denied  { mounton } for  pid=9128 comm="syz.5.3580" path="/457/bus/bus" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  181.297883][   T30] audit: type=1400 audit(2000000586.062:3214): avc:  denied  { mounton } for  pid=9128 comm="syz.5.3580" path="/457/bus/file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  181.300876][ T3918] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2942: inode #18: comm syz-executor: corrupted xattr block 35
[  181.333633][ T3918] EXT4-fs warning (device loop5): ext4_evict_inode:303: xattr delete (err -117)
[  181.352597][   T30] audit: type=1400 audit(2000000586.182:3215): avc:  denied  { rmdir } for  pid=3918 comm="syz-executor" name="lost+found" dev="loop5" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  181.573961][ T9175] tmpfs: Unknown parameter 'nolazytime�'
[  181.593805][ T9177] loop4: detected capacity change from 0 to 128
[  181.653255][ T9177] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  181.664077][ T9177] ext4 filesystem being mounted at /31/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  181.685688][ T9177] syz.4.3601 (pid 9177) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  181.697866][ T9177] fscrypt: key with description 'fscrypt:e355a76a11a1be18' is too short (got 19 bytes, need 32+ bytes)
[  181.709343][ T9177] fscrypt: key with description 'fscrypt:e355a76a11a1be18' is too short (got 19 bytes, need 32+ bytes)
[  181.751911][ T1694] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  181.801856][  T561] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  182.001853][ T1694] usb 6-1: Using ep0 maxpacket: 32
[  182.018776][  T941] kernel write not supported for file /uhid (pid: 941 comm: kworker/1:5)
[  182.057814][ T9215] loop4: detected capacity change from 0 to 512
[  182.103101][ T9215] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  182.114852][ T9215] EXT4-fs (loop4): 1 truncate cleaned up
[  182.120567][ T9215] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,errors=continue,sb=0x000000000000ffff,debug_want_extra_isize=0x0000000000000080,block_validity,bsddf,,errors=continue. Quota mode: none.
[  182.140899][ T1694] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  182.149087][ T1694] usb 6-1: config 0 has no interface number 0
[  182.189706][ T9002] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2942: inode #18: comm syz-executor: corrupted xattr block 35
[  182.202209][  T561] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  182.202410][ T9002] EXT4-fs warning (device loop4): ext4_evict_inode:303: xattr delete (err -117)
[  182.341910][ T1694] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  182.351470][ T1694] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.359612][ T1694] usb 6-1: Product: syz
[  182.370035][ T1694] usb 6-1: Manufacturer: syz
[  182.378130][ T1694] usb 6-1: SerialNumber: syz
[  182.381949][  T561] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  182.392147][  T561] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.394337][ T1694] usb 6-1: config 0 descriptor??
[  182.402019][  T561] usb 3-1: Product: syz
[  182.417611][  T561] usb 3-1: Manufacturer: syz
[  182.422675][  T561] usb 3-1: SerialNumber: syz
[  182.452425][ T1694] smsc95xx v2.0.0
[  182.673291][ T9169] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  182.892027][ T1694] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  182.907818][ T1694] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  182.942154][ T9243] syz.4.3629[9243] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  182.942219][ T9243] syz.4.3629[9243] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  182.950549][ T9245] overlayfs: failed to clone upperpath
[  183.116320][ T9258] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.123760][ T9258] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.131136][ T9258] device bridge_slave_0 entered promiscuous mode
[  183.138174][ T9258] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.145363][ T9258] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.152860][ T9258] device bridge_slave_1 entered promiscuous mode
[  183.206045][ T9258] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.213222][ T9258] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.220574][ T9258] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.227617][ T9258] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.249569][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  183.257258][ T7729] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.264596][ T7729] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.274015][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  183.282217][ T7729] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.289254][ T7729] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.299745][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  183.308112][ T7729] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.315155][ T7729] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.328236][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  183.337772][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  183.352202][  T561] cdc_ncm 3-1:1.0: SET_CRC_MODE failed
[  183.354500][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  183.369221][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  183.377650][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  183.385502][  T561] cdc_ncm 3-1:1.0: bind() failure
[  183.385507][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  183.399658][  T561] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  183.406531][  T561] cdc_ncm 3-1:1.1: bind() failure
[  183.412472][ T9258] device veth0_vlan entered promiscuous mode
[  183.416899][  T561] usb 3-1: USB disconnect, device number 13
[  183.426531][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  183.443673][ T9258] device veth1_macvtap entered promiscuous mode
[  183.453522][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  183.465273][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  183.492639][ T7666] device bridge_slave_1 left promiscuous mode
[  183.499092][ T7666] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.511304][ T7666] device bridge_slave_0 left promiscuous mode
[  183.517502][ T7666] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.525946][ T7666] device veth1_macvtap left promiscuous mode
[  183.532229][ T7666] device veth0_vlan left promiscuous mode
[  183.591930][ T1694] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -71
[  183.602757][ T1694] smsc95xx: probe of 6-1:0.67 failed with error -71
[  183.610727][ T1694] usb 6-1: USB disconnect, device number 14
[  183.857276][ T9274] incfs: Options parsing error. -22
[  183.863082][ T9274] incfs: mount failed -22
[  183.943152][ T9287] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3646'.
[  183.953465][ T9287] netem: change failed
[  184.048340][ T9297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3651'.
[  184.122951][ T9315] netlink: 'syz.8.3659': attribute type 5 has an invalid length.
[  184.131023][ T9315] netlink: 'syz.8.3659': attribute type 11 has an invalid length.
[  184.291494][ T9337] syz.8.3671[9337] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.291585][ T9337] syz.8.3671[9337] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.301020][  T941] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[  184.334103][  T941] hid-generic 0000:0000:0000.002F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  184.613119][ T9369] loop5: detected capacity change from 0 to 4096
[  184.629479][ T9376] IPv6: NLM_F_REPLACE set, but no existing node found!
[  184.694720][ T9369] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  184.742861][ T9390] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  184.790465][ T9393] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3693'.
[  184.904426][ T9405] netlink: 'syz.0.3699': attribute type 3 has an invalid length.
[  185.004069][ T9415] loop5: detected capacity change from 0 to 256
[  185.042999][ T9415] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  185.053856][ T9415] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  185.065093][ T9415] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  185.236626][ T9417] loop5: detected capacity change from 0 to 2048
[  185.262314][ T9417]  loop5: p1 p3 < > p4 < p5 >
[  185.267043][ T9417] loop5: partition table partially beyond EOD, truncated
[  185.283126][ T9417] loop5: p3 start 4284289 is beyond EOD, truncated
[  185.358050][ T2527] udevd[2527]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  185.361585][ T2529] udevd[2529]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  185.369629][ T2323] udevd[2323]: inotify_add_watch(7, /dev/loop5p5, 10) failed: No such file or directory
[  185.428649][   T30] kauditd_printk_skb: 158 callbacks suppressed
[  185.428665][   T30] audit: type=1400 audit(2000000590.252:3374): avc:  denied  { execute_no_trans } for  pid=9426 comm="syz.5.3709" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=261 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  185.494578][ T9430] loop8: detected capacity change from 0 to 1024
[  185.502327][   T30] audit: type=1400 audit(2000000590.322:3375): avc:  denied  { write } for  pid=9429 comm="syz.5.3710" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  185.532588][ T9430] EXT4-fs (loop8): Ignoring removed orlov option
[  185.551150][ T9430] EXT4-fs (loop8): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  185.551521][   T30] audit: type=1400 audit(2000000590.362:3376): avc:  denied  { connect } for  pid=9432 comm="syz.4.3712" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  185.602177][   T30] audit: type=1326 audit(2000000590.422:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.628032][ T9430] SELinux: security_context_str_to_sid(u) failed for (dev ?, type ?) errno=-22
[  185.631851][   T30] audit: type=1326 audit(2000000590.422:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.640489][ T9430] SELinux: security_context_str_to_sid(u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  185.672720][   T30] audit: type=1326 audit(2000000590.422:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.696204][   T30] audit: type=1326 audit(2000000590.422:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.719675][   T30] audit: type=1326 audit(2000000590.422:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.744033][   T30] audit: type=1326 audit(2000000590.422:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.767968][   T30] audit: type=1326 audit(2000000590.422:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9435 comm="syz.4.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  185.797652][  T625] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  185.814572][ T9440] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3716'.
[  186.035005][ T9463] input: syz0 as /devices/virtual/input/input40
[  186.062021][  T625] usb 6-1: Using ep0 maxpacket: 16
[  186.122963][ T9467] 9pnet: p9_errstr2errno: server reported unknown error 184467
[  186.181911][  T625] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.211833][  T625] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  186.236522][  T625] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  186.265392][  T625] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  186.283760][  T625] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.302659][  T625] usb 6-1: config 0 descriptor??
[  186.353531][ T9481] SELinux: failed to load policy
[  186.377667][ T9465] loop8: detected capacity change from 0 to 40427
[  186.397046][ T9465] F2FS-fs (loop8): Small segment_count (9 < 1 * 24)
[  186.421003][ T9465] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  186.430807][ T9488] netlink: 'syz.4.3736': attribute type 12 has an invalid length.
[  186.448877][ T9488] netlink: 'syz.4.3736': attribute type 1 has an invalid length.
[  186.457089][ T9488] netlink: 'syz.4.3736': attribute type 2 has an invalid length.
[  186.469355][ T9465] F2FS-fs (loop8): Found nat_bits in checkpoint
[  186.488320][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  186.502246][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  186.520638][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  186.539059][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  186.557467][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  186.557850][ T9465] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  186.572373][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  186.590974][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  186.599001][ T9465] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  186.607840][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  186.664213][ T9500] bridge: RTM_NEWNEIGH with invalid ether address
[  186.763066][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.770300][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.805875][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.821945][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.839590][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.871389][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.880383][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.891907][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  186.910279][  T625] microsoft 0003:045E:07DA.0030: unknown main item tag 0x0
[  186.934015][  T625] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0030/input/input42
[  187.033524][  T625] microsoft 0003:045E:07DA.0030: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  187.052373][ T7087] attempt to access beyond end of device
[  187.052373][ T7087] loop8: rw=2049, want=45104, limit=40427
[  187.053306][  T625] usb 6-1: USB disconnect, device number 15
[  187.147912][ T9523] fido_id[9523]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  187.200200][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  187.216549][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  187.233858][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  187.262844][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  187.271080][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.286453][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.296002][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  187.311115][ T7729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.520321][ T9569] loop5: detected capacity change from 0 to 2048
[  187.612258][ T9581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3779'.
[  187.621306][ T9581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3779'.
[  187.642349][    T6] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  187.660116][ T9569] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable,acl,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  187.696238][ T9569] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  187.727039][ T9569] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 65537 with max blocks 1 with error 28
[  187.739833][ T9569] EXT4-fs (loop5): This should not happen!! Data will be lost
[  187.739833][ T9569] 
[  187.749955][ T9569] EXT4-fs (loop5): Total free blocks count 0
[  187.756156][ T9569] EXT4-fs (loop5): Free/Dirty block details
[  187.762128][ T9569] EXT4-fs (loop5): free_blocks=2415919104
[  187.767988][ T9569] EXT4-fs (loop5): dirty_blocks=16
[  187.773880][ T9569] EXT4-fs (loop5): Block reservation details
[  187.779876][ T9569] EXT4-fs (loop5): i_reserved_data_blocks=1
[  188.002691][ T9621] loop5: detected capacity change from 0 to 2048
[  188.012008][    T6] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  188.034200][ T9629] kvm: apic: phys broadcast and lowest prio
[  188.052240][ T9632] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3801'.
[  188.070950][ T9621] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  188.096605][ T9621] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  188.151900][  T625] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  188.175446][ T9644] loop5: detected capacity change from 0 to 512
[  188.181951][    T6] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  188.192116][    T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.200283][    T6] usb 1-1: Product: syz
[  188.204892][    T6] usb 1-1: Manufacturer: syz
[  188.208465][ T9644] EXT4-fs (loop5): Ignoring removed bh option
[  188.209551][ T9646] bridge0: port 3(syz_tun) entered blocking state
[  188.222320][ T9646] bridge0: port 3(syz_tun) entered disabled state
[  188.222672][    T6] usb 1-1: SerialNumber: syz
[  188.229344][ T9646] device syz_tun entered promiscuous mode
[  188.240298][ T9646] bridge0: port 3(syz_tun) entered blocking state
[  188.246771][ T9646] bridge0: port 3(syz_tun) entered forwarding state
[  188.263786][ T9644] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  188.278095][ T9644] ext4 filesystem being mounted at /481/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  188.303815][ T9652] loop8: detected capacity change from 0 to 256
[  188.312553][ T9652] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  188.324774][ T9652] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  188.335585][ T9652] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  188.411985][ T1694] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  188.419341][ T9660] syzkaller1: tun_chr_ioctl cmd 1074025677
[  188.425477][ T9660] syzkaller1: Refused to change device type
[  188.472815][ T9549] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  188.505276][ T9662] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  188.531925][  T625] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  188.548373][  T625] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.558407][  T625] usb 5-1: config 0 interface 0 has no altsetting 0
[  188.581352][  T625] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  188.592088][  T625] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.605456][  T625] usb 5-1: config 0 descriptor??
[  188.661869][ T1694] usb 3-1: Using ep0 maxpacket: 32
[  188.667281][ T9683] loop5: detected capacity change from 0 to 512
[  188.693593][ T9683] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  188.705176][ T9683] ext4 filesystem being mounted at /491/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  188.733156][ T9683] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  188.746524][ T9683] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.3824: corrupted inode contents
[  188.758786][ T9683] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #2: comm syz.5.3824: mark_inode_dirty error
[  188.770566][ T9683] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.3824: corrupted inode contents
[  188.783105][ T1694] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.798700][ T9695] loop8: detected capacity change from 0 to 512
[  188.805188][ T1694] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.817502][ T1694] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  188.826634][ T1694] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.836277][ T1694] usb 3-1: config 0 descriptor??
[  188.853276][ T9695] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  188.864449][ T9695] ext4 filesystem being mounted at /201/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.872478][ T1694] hub 3-1:0.0: USB hub found
[  189.082964][  T625] hid-steam 0003:28DE:1102.0031: unknown main item tag 0x0
[  189.090602][  T625] hid-steam 0003:28DE:1102.0031: unknown main item tag 0x0
[  189.098179][  T625] hid-steam 0003:28DE:1102.0031: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  189.110118][  T625] hid-steam 0003:28DE:1102.0032: unknown main item tag 0x0
[  189.117404][  T625] hid-steam 0003:28DE:1102.0032: unknown main item tag 0x0
[  189.125268][  T625] hid-steam 0003:28DE:1102.0032: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  189.141954][    T6] cdc_ncm 1-1:1.0: SET_CRC_MODE failed
[  189.171889][ T1694] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  189.182167][    T6] cdc_ncm 1-1:1.0: bind() failure
[  189.187922][    T6] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  189.194815][    T6] cdc_ncm 1-1:1.1: bind() failure
[  189.200882][    T6] usb 1-1: USB disconnect, device number 12
[  189.207597][  T625] hid-steam 0003:28DE:1102.0031: Steam Controller 'XXXXXXXXXX' connected
[  189.216724][  T625] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0031/input/input43
[  189.271877][ T1694] usbhid 3-1:0.0: can't add hid device: -71
[  189.277832][ T1694] usbhid: probe of 3-1:0.0 failed with error -71
[  189.287243][  T941] usb 5-1: USB disconnect, device number 12
[  189.298152][  T941] hid-steam 0003:28DE:1102.0031: Steam Controller 'XXXXXXXXXX' disconnected
[  189.312807][ T1694] usb 3-1: USB disconnect, device number 14
[  189.670768][ T9729] /dev/loop0: Can't open blockdev
[  189.705334][ T9735] sch_fq: defrate 0 ignored.
[  189.926092][ T7729] Bluetooth: hci0: Frame reassembly failed (-84)
[  190.071843][   T39] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  190.101866][ T1694] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  190.143552][ T9772] loop5: detected capacity change from 0 to 40427
[  190.185905][ T9772] F2FS-fs (loop5): fault_injection options not supported
[  190.193203][ T9772] F2FS-fs (loop5): fault_type options not supported
[  190.200974][ T9772] F2FS-fs (loop5): invalid crc value
[  190.207622][ T9772] F2FS-fs (loop5): Found nat_bits in checkpoint
[  190.234778][ T9772] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  190.361854][ T1694] usb 1-1: Using ep0 maxpacket: 16
[  190.432004][   T39] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  190.472400][   T30] kauditd_printk_skb: 242 callbacks suppressed
[  190.472416][   T30] audit: type=1400 audit(2000000595.302:3626): avc:  denied  { setopt } for  pid=9790 comm="syz.5.3872" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  190.499316][ T1694] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  190.508154][ T1694] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  190.518748][ T1694] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  190.574511][   T30] audit: type=1400 audit(2000000595.402:3627): avc:  denied  { mounton } for  pid=9798 comm="syz.2.3876" path="/proc/273/task" dev="proc" ino=57394 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  190.602221][   T30] audit: type=1400 audit(2000000595.402:3628): avc:  denied  { mount } for  pid=9798 comm="syz.2.3876" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  190.624191][   T39] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  190.634249][   T30] audit: type=1400 audit(2000000595.422:3629): avc:  denied  { associate } for  pid=9800 comm="syz.2.3876" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  190.639349][ T9803] loop2: detected capacity change from 0 to 512
[  190.655471][   T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.676878][ T9803] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  190.684480][   T39] usb 5-1: Product: syz
[  190.693138][ T9803] ext4 filesystem being mounted at /128/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  190.710090][   T30] audit: type=1326 audit(2000000595.542:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.5.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  190.713999][   T39] usb 5-1: Manufacturer: syz
[  190.734273][ T1694] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  190.756139][ T1694] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.758260][   T39] usb 5-1: SerialNumber: syz
[  190.768148][ T1694] usb 1-1: Product: syz
[  190.775769][ T9809] syz.5.3879[9809] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  190.775839][ T9809] syz.5.3879[9809] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  190.787430][   T30] audit: type=1326 audit(2000000595.572:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.5.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  190.822593][ T1694] usb 1-1: Manufacturer: syz
[  190.827216][ T1694] usb 1-1: SerialNumber: syz
[  190.832569][   T30] audit: type=1326 audit(2000000595.572:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.5.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  190.856039][   T30] audit: type=1326 audit(2000000595.572:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.5.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  190.879738][   T30] audit: type=1326 audit(2000000595.582:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.5.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  190.903242][   T30] audit: type=1326 audit(2000000595.582:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.5.3878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  190.961567][ T9816] xt_bpf: check failed: parse error
[  191.032945][ T9748] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  191.138442][ T9831] SELinux:  unknown common 
[  191.145284][ T9831] SELinux: failed to load policy
[  191.195149][ T9837] loop5: detected capacity change from 0 to 16
[  191.206813][ T9837] erofs: (device loop5): mounted with root inode @ nid 36.
[  191.351991][ T1694] usb 1-1: 0:2 : does not exist
[  191.691857][   T39] cdc_ncm 5-1:1.0: SET_CRC_MODE failed
[  191.731906][   T39] cdc_ncm 5-1:1.0: bind() failure
[  191.738081][   T39] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  191.751824][   T39] cdc_ncm 5-1:1.1: bind() failure
[  191.780327][   T39] usb 5-1: USB disconnect, device number 13
[  191.932215][ T1694] Bluetooth: hci0: command 0x1003 tx timeout
[  191.939143][ T3766] Bluetooth: hci0: sending frame failed (-49)
[  191.983281][ T9855] loop2: detected capacity change from 0 to 40427
[  191.987492][ T9853] loop5: detected capacity change from 0 to 131072
[  191.997784][ T9855] F2FS-fs (loop2): invalid crc value
[  192.004238][ T9855] F2FS-fs (loop2): Found nat_bits in checkpoint
[  192.030019][   T39] usb 1-1: USB disconnect, device number 13
[  192.033838][ T9853] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0)
[  192.049308][ T9853] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  192.058530][ T9855] F2FS-fs (loop2): Start checkpoint disabled!
[  192.064392][ T9853] F2FS-fs (loop5): invalid crc value
[  192.071419][ T9855] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  192.079749][ T9853] F2FS-fs (loop5): Found nat_bits in checkpoint
[  192.113429][ T9855] attempt to access beyond end of device
[  192.113429][ T9855] loop2: rw=2049, want=77960, limit=40427
[  192.115945][ T9853] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  192.131981][ T9853] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  192.155084][ T7666] attempt to access beyond end of device
[  192.155084][ T7666] loop2: rw=1, want=45104, limit=40427
[  192.166480][ T7666] attempt to access beyond end of device
[  192.166480][ T7666] loop2: rw=2049, want=40976, limit=40427
[  192.474251][ T9885] loop2: detected capacity change from 0 to 128
[  192.555191][ T9891] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9891 comm=syz.4.3915
[  192.673438][ T9909] x_tables: duplicate underflow at hook 4
[  192.941843][   T39] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  193.201849][   T39] usb 3-1: Using ep0 maxpacket: 32
[  193.322123][   T39] usb 3-1: config 4 has an invalid interface number: 128 but max is 0
[  193.330501][   T39] usb 3-1: config 4 has no interface number 0
[  193.337094][   T39] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.355999][   T39] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.376829][   T39] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  193.396827][   T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.442408][   T39] hub 3-1:4.128: USB hub found
[  193.503242][ T9934] SELinux: ebitmap start bit (12) is not a multiple of the map unit size (64)
[  193.514069][ T9934] SELinux: failed to load policy
[  193.581905][ T9946] loop5: detected capacity change from 0 to 256
[  193.661984][   T39] hub 3-1:4.128: 2 ports detected
[  193.667031][   T39] hub 3-1:4.128: Using single TT (err -22)
[  193.694471][ T9946] FAT-fs (loop5): error, corrupted file size (i_pos 196, 2097152)
[  193.702634][ T9946] FAT-fs (loop5): Filesystem has been set read-only
[  193.715750][ T9946] FAT-fs (loop5): error, corrupted file size (i_pos 196, 2097152)
[  193.719725][ T9957] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3945'.
[  193.991870][   T39] hub 3-1:4.128: hub_hub_status failed (err = -71)
[  193.992208][ T9959] loop4: detected capacity change from 0 to 40427
[  193.998420][   T39] hub 3-1:4.128: config failed, can't get hub status (err -71)
[  194.013186][  T625] Bluetooth: hci0: command 0x1001 tx timeout
[  194.019226][ T3766] Bluetooth: hci0: sending frame failed (-49)
[  194.030700][ T9959] F2FS-fs (loop4): fault_injection options not supported
[  194.038710][   T39] usb 3-1: USB disconnect, device number 15
[  194.044734][ T9959] F2FS-fs (loop4): fault_type options not supported
[  194.061069][ T9959] F2FS-fs (loop4): invalid crc value
[  194.075200][ T9959] F2FS-fs (loop4): Found nat_bits in checkpoint
[  194.122815][ T9959] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  194.261586][ T9994] loop4: detected capacity change from 0 to 1024
[  194.302519][ T9994] EXT4-fs (loop4): Ignoring removed bh option
[  194.313536][ T9994] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,abort,user_xattr,bh,errors=remount-ro,. Quota mode: writeback.
[  194.531860][   T39] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  194.551772][T10014] loop2: detected capacity change from 0 to 128
[  194.568187][T10014] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  194.579497][T10014] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.652953][ T7729] tipc: Subscription rejected, illegal request
[  194.727075][T10040] loop5: detected capacity change from 0 to 256
[  194.739369][T10042] IPv6: NLM_F_REPLACE set, but no existing node found!
[  194.746850][T10040] FAT-fs (loop5): Unrecognized mount option "nnonumtail=1" or missing value
[  194.781843][   T39] usb 1-1: Using ep0 maxpacket: 32
[  194.877458][T10059] loop2: detected capacity change from 0 to 256
[  194.911911][   T39] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  194.920250][   T39] usb 1-1: config 0 has no interface number 0
[  195.081890][   T39] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  195.094222][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.111357][   T39] usb 1-1: Product: syz
[  195.119954][   T39] usb 1-1: Manufacturer: syz
[  195.128949][   T39] usb 1-1: SerialNumber: syz
[  195.139762][   T39] usb 1-1: config 0 descriptor??
[  195.202263][   T39] smsc95xx v2.0.0
[  195.357941][T10072] loop5: detected capacity change from 0 to 512
[  195.406489][T10072] EXT4-fs (loop5): 1 truncate cleaned up
[  195.412273][T10072] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,noauto_da_alloc,discard,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback.
[  195.432106][T10064] loop2: detected capacity change from 0 to 131072
[  195.513261][T10064] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name
[  195.534798][T10064] F2FS-fs (loop2): invalid crc value
[  195.557369][T10064] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  195.572614][   T30] kauditd_printk_skb: 143 callbacks suppressed
[  195.572628][   T30] audit: type=1326 audit(2000000600.402:3779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.4.4002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.635002][   T30] audit: type=1326 audit(2000000600.442:3780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.4.4002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.660769][   T39] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  195.683442][   T39] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  195.701138][T10064] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[  195.709210][   T30] audit: type=1326 audit(2000000600.442:3781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.4.4002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.734634][   T30] audit: type=1400 audit(2000000600.532:3782): avc:  denied  { create } for  pid=10100 comm="syz.4.4005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  195.777282][   T30] audit: type=1400 audit(2000000600.532:3783): avc:  denied  { getopt } for  pid=10100 comm="syz.4.4005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  195.813062][   T30] audit: type=1326 audit(2000000600.592:3784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10102 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.841723][   T30] audit: type=1326 audit(2000000600.592:3785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10102 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.891919][   T30] audit: type=1326 audit(2000000600.592:3786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10102 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.918198][   T30] audit: type=1326 audit(2000000600.592:3787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10102 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  195.942767][   T30] audit: type=1326 audit(2000000600.592:3788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10102 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b311666c9 code=0x7ffc0000
[  196.017678][T10119] syz.5.4016[10119] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  196.017770][T10119] syz.5.4016[10119] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  196.101944][    T6] Bluetooth: hci0: command 0x1009 tx timeout
[  196.140851][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.148448][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.156109][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.163553][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.170929][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.178777][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.186453][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.193989][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.201386][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.208907][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.216397][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.228905][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.236939][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.244718][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.261028][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.268993][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.276710][  T286] hid-generic 0002:0004:0009.0033: unknown main item tag 0x0
[  196.281422][T10139] loop4: detected capacity change from 0 to 256
[  196.284968][T10137] loop5: detected capacity change from 0 to 128
[  196.297759][  T286] hid-generic 0002:0004:0009.0033: hidraw0: <UNKNOWN> HID v0.04 Device [syz1] on syz0
[  196.314346][T10137] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  196.325156][T10137] ext4 filesystem being mounted at /569/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.371113][T10139] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152)
[  196.379548][T10139] FAT-fs (loop4): Filesystem has been set read-only
[  196.386682][T10144] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  196.398928][T10144] FAT-fs (loop5): unable to read boot sector
[  196.405230][T10139] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152)
[  196.421903][   T39] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -71
[  196.443968][   T39] smsc95xx: probe of 1-1:0.67 failed with error -71
[  196.454754][T10147] fido_id[10147]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  196.468971][   T39] usb 1-1: USB disconnect, device number 14
[  196.542906][T10155] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4031'.
[  196.901853][  T286] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  196.911455][T10191] SELinux: failed to load policy
[  196.944690][T10195] Disabled LAPIC found during irq injection
[  196.984968][ T7730] Bluetooth: hci1: Frame reassembly failed (-84)
[  197.151858][  T286] usb 3-1: Using ep0 maxpacket: 32
[  197.271882][  T286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.282777][  T286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.292604][  T286] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  197.301623][  T286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.310523][  T286] usb 3-1: config 0 descriptor??
[  197.352576][  T286] hub 3-1:0.0: USB hub found
[  197.571895][  T286] hub 3-1:0.0: 1 port detected
[  198.211903][  T286] hub 3-1:0.0: activate --> -90
[  198.622660][  T625] usb 3-1: USB disconnect, device number 16
[  198.882101][  T286] usb 3-1-port1: config error
[  199.052276][  T286] Bluetooth: hci1: command 0x1003 tx timeout
[  199.058330][ T1996] Bluetooth: hci1: sending frame failed (-49)
[  199.140713][T10209] loop2: detected capacity change from 0 to 256
[  199.141408][T10210] loop5: detected capacity change from 0 to 512
[  199.187728][T10210] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  199.207633][T10210] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  199.213966][T10209] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097152)
[  199.231279][T10210] System zones: 0-1, 15-15, 18-18, 34-34
[  199.238562][T10210] EXT4-fs (loop5): orphan cleanup on readonly fs
[  199.245285][T10210] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  199.245517][T10209] FAT-fs (loop2): Filesystem has been set read-only
[  199.270024][T10210] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  199.275322][T10209] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2097152)
[  199.284782][T10210] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.4063: bg 0: block 40: padding at end of block bitmap is not set
[  199.304536][T10210] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6178: Corrupt filesystem
[  199.313549][T10210] EXT4-fs (loop5): 1 truncate cleaned up
[  199.319206][T10210] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  199.340257][T10210] fscrypt (loop5, inode 16): Error -61 getting encryption context
[  199.422491][T10225] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  199.433005][T10227] loop2: detected capacity change from 0 to 512
[  199.458720][T10227] 9pnet: p9_errstr2errno: server reported unknown error 01777777777777777777777e_ro,
[  199.513815][T10233] loop4: detected capacity change from 0 to 512
[  199.562124][T10245] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4070'.
[  199.587686][T10243] loop2: detected capacity change from 0 to 1024
[  199.594793][T10233] EXT4-fs (loop4): 1 truncate cleaned up
[  199.600455][T10233] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,noauto_da_alloc,discard,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback.
[  199.665348][T10243] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  199.681592][T10255] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4074'.
[  199.696342][T10255] netem: unknown loss type 13
[  199.702006][T10255] netem: change failed
[  199.829258][T10267] SELinux: ebitmap: truncated map
[  199.854279][T10267] SELinux: failed to load policy
[  199.864757][T10281] netlink: 'syz.2.4086': attribute type 2 has an invalid length.
[  199.873500][T10281] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4086'.
[  199.928162][T10288] loop2: detected capacity change from 0 to 1024
[  199.953123][T10288] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  199.964295][T10288] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.981210][T10288] EXT4-fs error (device loop2): ext4_map_blocks:740: inode #15: block 3: comm syz.2.4089: lblock 3 mapped to illegal pblock 3 (length 3)
[  199.995577][T10288] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  200.007854][T10288] EXT4-fs (loop2): This should not happen!! Data will be lost
[  200.007854][T10288] 
[  200.020368][T10293] netlink: 'syz.5.4090': attribute type 17 has an invalid length.
[  200.035008][ T7730] EXT4-fs error (device loop2): ext4_map_blocks:740: inode #15: block 8: comm kworker/u4:129: lblock 8 mapped to illegal pblock 8 (length 8)
[  200.049603][ T7730] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  200.062158][ T7730] EXT4-fs (loop2): This should not happen!! Data will be lost
[  200.062158][ T7730] 
[  200.089836][T10295] loop5: detected capacity change from 0 to 2048
[  200.132784][T10295] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  200.368667][T10303] loop2: detected capacity change from 0 to 40427
[  200.377774][T10322] netlink: 'syz.8.4103': attribute type 4 has an invalid length.
[  200.381455][T10318] SELinux: ebitmap: truncated map
[  200.390014][T10303] F2FS-fs (loop2): invalid crc value
[  200.395886][T10318] SELinux: failed to load policy
[  200.418610][T10303] F2FS-fs (loop2): Found nat_bits in checkpoint
[  200.478002][T10303] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  200.558792][ T7969] attempt to access beyond end of device
[  200.558792][ T7969] loop2: rw=2049, want=45104, limit=40427
[  200.697886][T10349] loop8: detected capacity change from 0 to 32768
[  200.752233][   T30] kauditd_printk_skb: 66 callbacks suppressed
[  200.752250][   T30] audit: type=1400 audit(2000000605.596:3854): avc:  denied  { setattr } for  pid=10358 comm="syz.2.4114" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  200.782611][T10349]  loop8: p1 p3 < >
[  200.800897][   T30] audit: type=1400 audit(2000000605.626:3855): avc:  denied  { audit_write } for  pid=10360 comm="syz.5.4118" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  200.823249][   T30] audit: type=1107 audit(2000000605.626:3856): pid=10360 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='�'
[  200.856648][  T101]  loop8: p1 p3 < >
[  200.874227][   T30] audit: type=1400 audit(2000000605.716:3857): avc:  denied  { lock } for  pid=10371 comm="syz.5.4124" path="socket:[59756]" dev="sockfs" ino=59756 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  200.967367][T10383] loop4: detected capacity change from 0 to 1024
[  200.973968][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  200.986007][   T30] audit: type=1326 audit(2000000605.826:3858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10384 comm="syz.2.4131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effa5b936c9 code=0x7ffc0000
[  201.009858][   T30] audit: type=1326 audit(2000000605.826:3859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10384 comm="syz.2.4131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effa5b936c9 code=0x7ffc0000
[  201.034176][   T30] audit: type=1326 audit(2000000605.826:3860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10384 comm="syz.2.4131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effa5b936c9 code=0x7ffc0000
[  201.067557][ T2529] udevd[2529]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[  201.078912][ T2323] udevd[2323]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  201.090927][T10383] Quota error (device loop4): find_tree_dqentry: Getting block too big (64 >= 6)
[  201.120779][T10383] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  201.131141][ T2527] udevd[2527]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  201.131864][  T286] Bluetooth: hci1: command 0x1001 tx timeout
[  201.142242][ T2529] udevd[2529]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[  201.157117][T10383] EXT4-fs error (device loop4): ext4_acquire_dquot:6200: comm syz.4.4130: Failed to acquire dquot type 0
[  201.159570][   T30] audit: type=1326 audit(2000000605.826:3861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10384 comm="syz.2.4131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effa5b936c9 code=0x7ffc0000
[  201.196102][T10383] EXT4-fs error (device loop4): mb_free_blocks:1860: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  201.210572][   T47] Bluetooth: hci1: sending frame failed (-49)
[  201.222984][T10383] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #13: comm syz.4.4130: corrupted inode contents
[  201.239487][T10383] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #13: comm syz.4.4130: mark_inode_dirty error
[  201.251293][T10383] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #13: comm syz.4.4130: corrupted inode contents
[  201.271823][T10383] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #13: comm syz.4.4130: mark_inode_dirty error
[  201.290952][T10383] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #13: comm syz.4.4130: corrupted inode contents
[  201.305949][T10397] device syz_tun left promiscuous mode
[  201.311601][T10397] bridge0: port 3(syz_tun) entered disabled state
[  201.311956][T10383] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[  201.329563][T10397] device bridge_slave_0 left promiscuous mode
[  201.336079][T10397] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.336389][T10383] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #13: comm syz.4.4130: corrupted inode contents
[  201.355782][T10397] device bridge_slave_1 left promiscuous mode
[  201.361976][T10383] EXT4-fs error (device loop4): ext4_truncate:4310: inode #13: comm syz.4.4130: mark_inode_dirty error
[  201.365616][T10397] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.373566][T10383] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[  201.397334][T10383] EXT4-fs (loop4): 1 truncate cleaned up
[  201.403071][T10383] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  201.861874][  T286] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  202.101857][  T286] usb 5-1: Using ep0 maxpacket: 32
[  202.221881][  T286] usb 5-1: config 0 has no interfaces?
[  202.227513][  T286] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  202.236684][  T286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.245605][  T286] usb 5-1: config 0 descriptor??
[  202.491470][ T1694] usb 5-1: USB disconnect, device number 14
[  202.574121][T10463] loop2: detected capacity change from 0 to 32768
[  202.597686][T10463]  loop2: p1 p3 < >
[  202.676536][ T2529] udevd[2529]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  202.676550][ T2527] udevd[2527]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  203.077247][T10512] binder: 10511:10512 ioctl c0306201 2000000001c0 returned -14
[  203.111089][T10517] loop4: detected capacity change from 0 to 512
[  203.119945][T10521] loop8: detected capacity change from 0 to 128
[  203.133370][T10517] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  203.153403][T10517] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  203.173532][T10521] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  203.184754][T10521] ext4 filesystem being mounted at /238/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  203.216086][T10530] loop2: detected capacity change from 0 to 128
[  203.252422][T10530] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  203.286167][T10530] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  203.301969][ T1694] Bluetooth: hci1: command 0x1009 tx timeout
[  203.405946][T10545] device syzkaller1 entered promiscuous mode
[  203.646167][T10565] tmpfs: Unknown parameter 'i'
[  203.811586][T10569] loop4: detected capacity change from 0 to 40427
[  203.821351][T10576] SELinux:  Context  is not valid (left unmapped).
[  203.842954][T10579] xt_bpf: check failed: parse error
[  203.859091][T10569] F2FS-fs (loop4): fault_injection options not supported
[  203.866395][T10569] F2FS-fs (loop4): fault_type options not supported
[  203.874675][T10569] F2FS-fs (loop4): invalid crc value
[  203.890937][T10569] F2FS-fs (loop4): Found nat_bits in checkpoint
[  203.934864][T10569] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  203.974673][T10569] attempt to access beyond end of device
[  203.974673][T10569] loop4: rw=2049, want=45104, limit=40427
[  204.132002][T10599] loop2: detected capacity change from 0 to 40427
[  204.141774][T10599] F2FS-fs (loop2): fault_injection options not supported
[  204.149834][T10599] F2FS-fs (loop2): fault_type options not supported
[  204.168450][T10599] F2FS-fs (loop2): invalid crc value
[  204.175897][T10599] F2FS-fs (loop2): Found nat_bits in checkpoint
[  204.214387][T10599] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  204.254059][ T7969] attempt to access beyond end of device
[  204.254059][ T7969] loop2: rw=2049, want=45112, limit=40427
[  204.583110][T10627] syz.2.4235[10627] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  204.583178][T10627] syz.2.4235[10627] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  204.644567][T10634] serio: Serial port ttyS3
[  204.712997][T10637] loop4: detected capacity change from 0 to 512
[  204.737051][T10641] bridge0: port 3(syz_tun) entered blocking state
[  204.745398][T10637] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  204.752765][T10641] bridge0: port 3(syz_tun) entered disabled state
[  204.753283][T10641] device syz_tun entered promiscuous mode
[  204.765553][T10641] bridge0: port 3(syz_tun) entered blocking state
[  204.768104][T10637] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  204.772023][T10641] bridge0: port 3(syz_tun) entered forwarding state
[  204.789700][T10637] EXT4-fs (loop4): 1 truncate cleaned up
[  204.795851][T10641] device syz_tun left promiscuous mode
[  204.796100][T10637] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,dioread_lock,nodiscard,nomblk_io_submit,noblock_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  204.801465][T10641] bridge0: port 3(syz_tun) entered disabled state
[  204.830464][T10641] device bridge_slave_0 left promiscuous mode
[  204.841502][T10641] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.851199][T10641] device bridge_slave_1 left promiscuous mode
[  204.858500][T10641] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.099821][T10648] loop4: detected capacity change from 0 to 40427
[  205.123375][T10648] F2FS-fs (loop4): fault_injection options not supported
[  205.136613][T10648] F2FS-fs (loop4): fault_type options not supported
[  205.144455][T10648] F2FS-fs (loop4): invalid crc value
[  205.150905][T10648] F2FS-fs (loop4): Found nat_bits in checkpoint
[  205.212369][T10648] F2FS-fs (loop4): Start checkpoint disabled!
[  205.219212][T10648] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  205.258994][ T9258] F2FS-fs (loop4): access invalid blkaddr:4043309056
[  205.265775][ T9258] CPU: 0 PID: 9258 Comm: syz-executor Not tainted syzkaller #0
[  205.273318][ T9258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  205.283379][ T9258] Call Trace:
[  205.286663][ T9258]  <TASK>
[  205.289608][ T9258]  __dump_stack+0x21/0x30
[  205.293972][ T9258]  dump_stack_lvl+0xee/0x150
[  205.298578][ T9258]  ? show_regs_print_info+0x20/0x20
[  205.303816][ T9258]  dump_stack+0x15/0x20
[  205.307986][ T9258]  f2fs_is_valid_blkaddr+0xca0/0x12a0
[  205.311993][T10688] loop8: detected capacity change from 0 to 512
[  205.313367][ T9258]  f2fs_map_blocks+0xd71/0x38a0
[  205.313416][ T9258]  ? f2fs_do_map_lock+0x80/0x80
[  205.329370][ T9258]  f2fs_mpage_readpages+0xae4/0x1de0
[  205.334679][ T9258]  ? dquot_release_reservation_block+0xa0/0xa0
[  205.340832][ T9258]  ? __this_cpu_preempt_check+0x13/0x20
[  205.346379][ T9258]  ? cgroup_rstat_updated+0xf5/0x370
[  205.351673][ T9258]  ? xas_nomem+0x6b/0x1d0
[  205.356007][ T9258]  f2fs_readahead+0xfc/0x240
[  205.360592][ T9258]  ? f2fs_set_data_page_dirty+0x520/0x520
[  205.366311][ T9258]  read_pages+0x16e/0xb00
[  205.370636][ T9258]  ? __lru_cache_activate_page+0x210/0x210
[  205.376433][ T9258]  ? page_cache_ra_unbounded+0x980/0x980
[  205.382061][ T9258]  page_cache_ra_unbounded+0x782/0x980
[  205.387517][ T9258]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  205.394007][ T9258]  ? handle_pte_fault+0x73c/0x2680
[  205.399115][ T9258]  ondemand_readahead+0x8d3/0xe30
[  205.404138][ T9258]  ? page_cache_sync_ra+0x420/0x420
[  205.409330][ T9258]  ? do_handle_mm_fault+0xf39/0x1d50
[  205.414615][ T9258]  page_cache_sync_ra+0x2c4/0x420
[  205.419638][ T9258]  ? force_page_cache_ra+0x460/0x460
[  205.424925][ T9258]  f2fs_readdir+0x468/0x990
[  205.429430][ T9258]  ? f2fs_fill_dentries+0xce0/0xce0
[  205.434637][ T9258]  ? down_read_killable+0xbb/0x110
[  205.439766][ T9258]  ? security_file_permission+0x83/0xa0
[  205.445312][ T9258]  iterate_dir+0x260/0x600
[  205.449739][ T9258]  ? f2fs_fill_dentries+0xce0/0xce0
[  205.454949][ T9258]  __se_sys_getdents64+0xe5/0x240
[  205.459967][ T9258]  ? __x64_sys_getdents64+0x90/0x90
[  205.465160][ T9258]  ? filldir+0x690/0x690
[  205.469403][ T9258]  ? debug_smp_processor_id+0x17/0x20
[  205.474777][ T9258]  __x64_sys_getdents64+0x7b/0x90
[  205.479809][ T9258]  x64_sys_call+0x592/0x9a0
[  205.484319][ T9258]  do_syscall_64+0x4c/0xa0
[  205.488730][ T9258]  ? clear_bhb_loop+0x50/0xa0
[  205.493404][ T9258]  ? clear_bhb_loop+0x50/0xa0
[  205.498078][ T9258]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  205.503972][ T9258] RIP: 0033:0x7f2b31199033
[  205.508380][ T9258] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 3d f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  205.527982][ T9258] RSP: 002b:00007fff4c3fce38 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  205.536395][ T9258] RAX: ffffffffffffffda RBX: 000055556638a4e0 RCX: 00007f2b31199033
[  205.544359][ T9258] RDX: 0000000000008000 RSI: 000055556638a4e0 RDI: 0000000000000005
[  205.552325][ T9258] RBP: 000055556638a4b4 R08: 0000000000000000 R09: 0000000000000000
[  205.560297][ T9258] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  205.568268][ T9258] R13: 0000000000000010 R14: 000055556638a4b0 R15: 00007fff4c3ff0f0
[  205.576243][ T9258]  </TASK>
[  205.583934][ T9258] attempt to access beyond end of device
[  205.583934][ T9258] loop4: rw=524288, want=45072, limit=40427
[  205.595499][ T9258] attempt to access beyond end of device
[  205.595499][ T9258] loop4: rw=0, want=45072, limit=40427
[  205.614284][T10688] EXT4-fs (loop8): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,minixdf,barrier=0x0000000000000005,,errors=continue. Quota mode: writeback.
[  205.626407][ T7734] attempt to access beyond end of device
[  205.626407][ T7734] loop4: rw=1, want=45112, limit=40427
[  205.630624][T10688] ext4 filesystem being mounted at /246/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  205.642699][ T7734] attempt to access beyond end of device
[  205.642699][ T7734] loop4: rw=2049, want=40992, limit=40427
[  205.864503][   T30] kauditd_printk_skb: 178 callbacks suppressed
[  205.864522][   T30] audit: type=1400 audit(2000000002.480:4040): avc:  denied  { ioctl } for  pid=10694 comm="syz.8.4264" path="/dev/raw-gadget" dev="devtmpfs" ino=254 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  205.928168][   T30] audit: type=1400 audit(2000000002.540:4041): avc:  denied  { read } for  pid=10697 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  205.950026][   T30] audit: type=1400 audit(2000000002.540:4042): avc:  denied  { open } for  pid=10697 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  205.973640][   T30] audit: type=1400 audit(2000000002.540:4043): avc:  denied  { mounton } for  pid=10697 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  206.006284][T10697] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.013374][T10697] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.020781][T10697] device bridge_slave_0 entered promiscuous mode
[  206.027881][T10697] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.039929][T10697] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.052184][T10697] device bridge_slave_1 entered promiscuous mode
[  206.125245][T10697] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.132332][T10697] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.139600][T10697] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.141864][    T6] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  206.146644][T10697] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.181273][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  206.192860][ T7734] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.200514][ T7734] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.202321][T10719] syz.2.4270[10719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.207654][T10719] syz.2.4270[10719] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  206.224335][T10719] netlink: 92 bytes leftover after parsing attributes in process `syz.2.4270'.
[  206.244853][T10719] netem: unknown loss type 0
[  206.249733][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  206.260188][ T7734] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.267247][ T7734] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.279913][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.288334][ T7734] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.295397][ T7734] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.314822][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  206.327109][T10723] loop2: detected capacity change from 0 to 512
[  206.330861][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  206.349520][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  206.363386][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  206.371471][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  206.381710][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  206.391244][T10723] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  206.392636][T10697] device veth0_vlan entered promiscuous mode
[  206.404675][T10723] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  206.413972][T10697] device veth1_macvtap entered promiscuous mode
[  206.423944][   T30] audit: type=1400 audit(2000000003.040:4044): avc:  denied  { write } for  pid=10724 comm="syz.5.4273" path="socket:[61535]" dev="sockfs" ino=61535 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  206.447589][ T7666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  206.458146][T10723] EXT4-fs (loop2): 1 truncate cleaned up
[  206.464874][T10723] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,dioread_lock,nodiscard,nomblk_io_submit,noblock_validity,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  206.486744][   T30] audit: type=1400 audit(2000000003.100:4045): avc:  denied  { mount } for  pid=10727 comm="syz.5.4274" name="/" dev="configfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  206.510023][   T30] audit: type=1400 audit(2000000003.100:4046): avc:  denied  { search } for  pid=10727 comm="syz.5.4274" name="/" dev="configfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  206.533075][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  206.541592][ T7734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  206.541966][   T30] audit: type=1400 audit(2000000003.100:4047): avc:  denied  { read } for  pid=10727 comm="syz.5.4274" name="/" dev="configfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  206.571719][   T30] audit: type=1400 audit(2000000003.100:4048): avc:  denied  { open } for  pid=10727 comm="syz.5.4274" path="/" dev="configfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  206.571965][    T6] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  206.594149][   T30] audit: type=1400 audit(2000000003.100:4049): avc:  denied  { write } for  pid=10727 comm="syz.5.4274" name="/" dev="configfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  206.630194][T10730] loop5: detected capacity change from 0 to 2048
[  206.699403][T10730] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  206.716093][T10730] ext4 filesystem being mounted at /644/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  206.742450][T10730] EXT4-fs (loop5): shut down requested (2)
[  206.760561][T10730] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=12
[  206.769819][T10730] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=12
[  206.778950][T10730] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=13
[  206.789330][T10730] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=13
[  206.800452][T10730] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=12
[  206.809295][    T6] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  206.809326][    T6] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.809346][    T6] usb 9-1: Product: syz
[  206.809361][    T6] usb 9-1: Manufacturer: syz
[  206.809395][    T6] usb 9-1: SerialNumber: syz
[  207.003248][T10756] kvm [10753]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x120000009d00
[  207.013504][T10756] kvm [10753]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x120000009d00
[  207.084370][T10695] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  207.092752][T10760] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10760 comm=syz.5.4286
[  207.105651][T10760] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10760 comm=syz.5.4286
[  207.193415][ T7729] device bridge_slave_1 left promiscuous mode
[  207.199612][ T7729] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.212931][ T7729] device bridge_slave_0 left promiscuous mode
[  207.225337][ T7729] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.233818][ T7729] device veth1_macvtap left promiscuous mode
[  207.239855][ T7729] device veth0_vlan left promiscuous mode
[  207.336989][T10766] loop5: detected capacity change from 0 to 40427
[  207.357440][T10766] F2FS-fs (loop5): invalid crc value
[  207.392887][T10766] F2FS-fs (loop5): Found nat_bits in checkpoint
[  207.440094][T10789] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  207.476882][T10766] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  207.541367][T10778] attempt to access beyond end of device
[  207.541367][T10778] loop5: rw=2049, want=40976, limit=40427
[  207.772638][    T6] cdc_ncm 9-1:1.0: SET_CRC_MODE failed
[  207.812086][    T6] cdc_ncm 9-1:1.0: bind() failure
[  207.818234][    T6] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  207.835067][    T6] cdc_ncm 9-1:1.1: bind() failure
[  207.860685][    T6] usb 9-1: USB disconnect, device number 8
[  207.940871][T10811] loop2: detected capacity change from 0 to 1024
[  208.027097][T10811] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  208.297976][T10821] kvm: apic: phys broadcast and lowest prio
[  208.624850][T10847] loop2: detected capacity change from 0 to 1024
[  208.722329][T10837] loop7: detected capacity change from 0 to 40427
[  208.744837][T10837] F2FS-fs (loop7): fault_injection options not supported
[  208.756735][T10837] F2FS-fs (loop7): fault_type options not supported
[  208.781199][T10837] F2FS-fs (loop7): invalid crc value
[  208.790146][T10847] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  208.832123][T10837] F2FS-fs (loop7): Found nat_bits in checkpoint
[  208.911940][T10837] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  208.940299][T10860] device ip6gre1 entered promiscuous mode
[  208.955770][  T286] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  208.967910][  T286] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  208.976252][T10860] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  208.990619][  T286] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  209.009450][T10697] attempt to access beyond end of device
[  209.009450][T10697] loop7: rw=2049, want=45112, limit=40427
[  209.084283][T10864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4327'.
[  209.270884][T10880] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  209.281897][  T286] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  209.293020][T10878] netlink: 'syz.5.4333': attribute type 12 has an invalid length.
[  209.606221][T10918] kvm [10917]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x120000009d00
[  209.623144][T10918] kvm [10917]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x120000009d00
[  209.811843][    T6] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  209.862026][T10937] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4355'.
[  209.979993][T10926] loop8: detected capacity change from 0 to 40427
[  209.994971][T10926] F2FS-fs (loop8): invalid crc value
[  210.011088][T10949] loop7: detected capacity change from 0 to 512
[  210.017556][   T39] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  210.031176][T10926] F2FS-fs (loop8): Found nat_bits in checkpoint
[  210.061878][    T6] usb 3-1: Using ep0 maxpacket: 32
[  210.100032][T10926] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  210.129269][T10949] EXT4-fs error (device loop7): ext4_orphan_get:1401: inode #15: comm syz.7.4362: iget: bad extended attribute block 1
[  210.146708][T10949] EXT4-fs error (device loop7): ext4_orphan_get:1406: comm syz.7.4362: couldn't read orphan inode 15 (err -117)
[  210.161923][T10949] EXT4-fs (loop7): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue. Quota mode: none.
[  210.181890][    T6] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  210.190326][    T6] usb 3-1: config 0 has no interface number 0
[  210.213259][T10950] attempt to access beyond end of device
[  210.213259][T10950] loop8: rw=2049, want=40976, limit=40427
[  210.272827][T10949] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  210.361959][    T6] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  210.381581][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.417457][    T6] usb 3-1: Product: syz
[  210.421685][    T6] usb 3-1: Manufacturer: syz
[  210.439355][    T6] usb 3-1: SerialNumber: syz
[  210.459336][    T6] usb 3-1: config 0 descriptor??
[  210.502323][    T6] smsc95xx v2.0.0
[  210.521545][T10965] 9pnet: p9_errstr2errno: server reported unknown error �1 g;-�~	
[  210.532884][T10970] ip_tunnel: non-ECT from 10.1.1.1 with TOS=0x3
[  210.675702][T10992] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4380'.
[  210.690579][T10993] loop7: detected capacity change from 0 to 512
[  210.718099][T10993] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  210.750403][T10998] IPv6: ADDRCONF(NETDEV_CHANGE): ipip0: link becomes ready
[  210.758854][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  210.774008][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.792943][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  210.801136][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  210.809492][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  210.825203][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  210.833830][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.842323][ T7730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  210.942393][    T6] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  210.958274][   T30] kauditd_printk_skb: 71 callbacks suppressed
[  210.958289][   T30] audit: type=1400 audit(2000000007.570:4121): avc:  denied  { create } for  pid=11016 comm="syz.0.4390" dev="anon_inodefs" ino=63490 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  210.995599][    T6] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  211.000076][   T30] audit: type=1400 audit(2000000007.600:4122): avc:  denied  { ioctl } for  pid=11016 comm="syz.0.4390" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=63490 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  211.039391][   T30] audit: type=1400 audit(2000000007.650:4123): avc:  denied  { execute } for  pid=11020 comm="syz.7.4392" path="/32/cpuacct.usage_percpu" dev="tmpfs" ino=183 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  211.065206][   T30] audit: type=1400 audit(2000000007.650:4124): avc:  denied  { connect } for  pid=11014 comm="syz.5.4388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  211.136427][   T30] audit: type=1400 audit(2000000007.750:4125): avc:  denied  { read write } for  pid=11035 comm="syz.7.4398" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  211.138522][  T561] hid-generic 0000:0780:0007.0034: unknown main item tag 0x3
[  211.160812][T11034] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4397'.
[  211.169414][  T561] hid-generic 0000:0780:0007.0034: item fetching failed at offset 3/5
[  211.188971][   T30] audit: type=1400 audit(2000000007.750:4126): avc:  denied  { open } for  pid=11035 comm="syz.7.4398" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  211.194493][  T561] hid-generic: probe of 0000:0780:0007.0034 failed with error -22
[  211.227817][   T30] audit: type=1400 audit(2000000007.840:4127): avc:  denied  { mount } for  pid=11037 comm="syz.5.4399" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  211.364637][   T30] audit: type=1400 audit(2000000007.980:4128): avc:  denied  { read append } for  pid=11054 comm="syz.5.4407" name="ptp0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  211.388802][   T30] audit: type=1400 audit(2000000008.000:4129): avc:  denied  { open } for  pid=11054 comm="syz.5.4407" path="/dev/ptp0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  211.427585][ T1694] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  211.437299][T11057] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  211.478923][   T30] audit: type=1326 audit(2000000008.090:4130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11061 comm="syz.8.4410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92a3e076c9 code=0x7ffc0000
[  211.716939][    T6] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -71
[  211.732770][    T6] smsc95xx: probe of 3-1:0.67 failed with error -71
[  211.742950][    T6] usb 3-1: USB disconnect, device number 17
[  212.096485][T11097] blk_update_request: I/O error, dev loop15, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  212.107641][T11097] FAT-fs (loop15): unable to read boot sector
[  212.161892][  T561] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  212.271909][  T286] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  212.321086][T11127] loop5: detected capacity change from 0 to 256
[  212.343970][T11127] FAT-fs (loop5): Directory bread(block 64) failed
[  212.350668][T11127] FAT-fs (loop5): Directory bread(block 65) failed
[  212.357419][T11127] FAT-fs (loop5): Directory bread(block 66) failed
[  212.364005][T11127] FAT-fs (loop5): Directory bread(block 67) failed
[  212.370586][T11127] FAT-fs (loop5): Directory bread(block 68) failed
[  212.377538][T11127] FAT-fs (loop5): Directory bread(block 69) failed
[  212.384325][T11127] FAT-fs (loop5): Directory bread(block 70) failed
[  212.390906][T11127] FAT-fs (loop5): Directory bread(block 71) failed
[  212.397611][T11127] FAT-fs (loop5): Directory bread(block 72) failed
[  212.404226][T11127] FAT-fs (loop5): Directory bread(block 73) failed
[  212.501879][ T1694] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  212.531968][  T561] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.546368][  T561] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  212.632133][  T561] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.641339][  T286] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.661873][  T561] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.674980][  T286] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  212.684116][  T561] usb 9-1: SerialNumber: syz
[  212.761998][  T286] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.771222][  T286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.771843][ T1694] usb 8-1: Using ep0 maxpacket: 32
[  212.779595][  T286] usb 1-1: SerialNumber: syz
[  212.901933][ T1694] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.912932][ T1694] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.922710][ T1694] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  212.931741][ T1694] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.940462][ T1694] usb 8-1: config 0 descriptor??
[  212.972853][  T561] usb 9-1: 0:2 : does not exist
[  212.982617][ T1694] hub 8-1:0.0: USB hub found
[  213.014854][  T561] usb 9-1: USB disconnect, device number 9
[  213.072506][  T286] usb 1-1: 0:2 : does not exist
[  213.127051][  T286] usb 1-1: USB disconnect, device number 15
[  213.133163][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  213.201885][ T1694] hub 8-1:0.0: 1 port detected
[  213.342232][ T2323] udevd[2323]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  213.455468][T11144] loop5: detected capacity change from 0 to 512
[  213.465882][T11144] EXT4-fs (loop5): Ignoring removed oldalloc option
[  213.474488][T11144] EXT4-fs (loop5): 1 truncate cleaned up
[  213.480132][T11144] EXT4-fs (loop5): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback.
[  213.657151][T11171] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4459'.
[  213.696101][T11176] loop5: detected capacity change from 0 to 256
[  213.721886][  T286] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  213.736853][T11176] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xcab3d314, utbl_chksum : 0xe619d30d)
[  213.871970][ T1694] hub 8-1:0.0: activate --> -90
[  213.938035][T11205] syz.5.4474[11205] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  213.938089][T11205] syz.5.4474[11205] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  213.961936][  T286] usb 9-1: Using ep0 maxpacket: 32
[  214.091954][  T286] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  214.102263][  T286] usb 9-1: config 0 has no interface number 0
[  214.261954][  T286] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  214.272657][  T286] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.280728][  T286] usb 9-1: Product: syz
[  214.285826][  T286] usb 9-1: Manufacturer: syz
[  214.290762][  T286] usb 9-1: SerialNumber: syz
[  214.300046][  T286] usb 9-1: config 0 descriptor??
[  214.305409][   T39] usb 8-1: USB disconnect, device number 2
[  214.312077][ T1694] usb 8-1-port1: config error
[  214.352299][  T286] smsc95xx v2.0.0
[  214.484349][T11258] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11258 comm=syz.0.4499
[  214.497262][T11258] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11258 comm=syz.0.4499
[  214.771933][  T286] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  214.784094][  T286] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  214.862687][T11295] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  214.881053][T11295] overlayfs: failed to look up (bus) for ino (-40)
[  215.291885][    C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  215.376180][T11322] loop2: detected capacity change from 0 to 1024
[  215.423191][T11322] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,barrier,nogrpid,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,jqfmt=vfsold,bsdgroups,init_itable,,errors=continue. Quota mode: writeback.
[  215.481918][  T286] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -71
[  215.497403][  T286] smsc95xx: probe of 9-1:0.67 failed with error -71
[  215.516486][  T286] usb 9-1: USB disconnect, device number 10
[  215.555282][T11328] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4529'.
[  215.732587][T11344] SELinux:  Context system_u:object_r:traceroute_exec_t:s0 is not valid (left unmapped).
[  215.820362][T11358] loop7: detected capacity change from 0 to 512
[  215.847294][T11358] EXT4-fs (loop7): orphan cleanup on readonly fs
[  215.886483][T11358] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.4544: bg 0: block 248: padding at end of block bitmap is not set
[  215.901595][T11358] EXT4-fs error (device loop7): ext4_acquire_dquot:6200: comm syz.7.4544: Failed to acquire dquot type 1
[  215.927726][T11358] EXT4-fs (loop7): 1 truncate cleaned up
[  215.934762][T11358] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  215.966744][   T30] kauditd_printk_skb: 192 callbacks suppressed
[  215.966760][   T30] audit: type=1326 audit(2000000012.580:4321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.010470][   T30] audit: type=1326 audit(2000000012.580:4322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.036209][   T30] audit: type=1326 audit(2000000012.580:4323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.059863][   T30] audit: type=1326 audit(2000000012.580:4324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.094944][   T30] audit: type=1326 audit(2000000012.580:4325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.120305][   T30] audit: type=1326 audit(2000000012.590:4326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11354 comm="syz.7.4544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7fe78cbf56c9 code=0x7ffc0000
[  216.143997][   T30] audit: type=1326 audit(2000000012.590:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11354 comm="syz.7.4544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78cbf56c9 code=0x7ffc0000
[  216.171311][T11375] serio: Serial port ttyS3
[  216.188014][   T30] audit: type=1326 audit(2000000012.590:4328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11354 comm="syz.7.4544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78cbf56c9 code=0x7ffc0000
[  216.223984][   T30] audit: type=1326 audit(2000000012.590:4329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.247853][   T30] audit: type=1326 audit(215.944:4330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11366 comm="syz.5.4548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe696a596c9 code=0x7ffc0000
[  216.327077][T11396] device veth0 entered promiscuous mode
[  216.342337][T11396] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4561'.
[  216.674458][T11438] loop5: detected capacity change from 0 to 256
[  216.722834][T11438] FAT-fs (loop5): Unrecognized mount option "18446744073709551615�)��՝����"" or missing value
[  216.818379][T11443] overlayfs: statfs failed on './file0'
[  216.872978][T11452] incfs: Options parsing error. -22
[  216.888430][T11452] incfs: mount failed -22
[  216.967577][T11462] loop7: detected capacity change from 0 to 256
[  217.011972][T11462] FAT-fs (loop7): bogus number of FAT sectors
[  217.030233][T11462] FAT-fs (loop7): Can't find a valid FAT filesystem
[  217.107289][T11480] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4598'.
[  217.275125][T11494] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4606'.
[  217.409998][T11504] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  217.487745][T11514] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4615'.
[  217.599292][T11522] netlink: 100 bytes leftover after parsing attributes in process `syz.7.4619'.
[  218.069889][T11548] loop8: detected capacity change from 0 to 32768
[  218.101139][T11553] loop7: detected capacity change from 0 to 40427
[  218.122316][T11548]  loop8: p1 p3 < >
[  218.189888][T11553] F2FS-fs (loop7): Found nat_bits in checkpoint
[  218.211750][ T2323] udevd[2323]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  218.222890][ T2529] udevd[2529]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[  218.311511][T11553] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  218.348198][T11553] attempt to access beyond end of device
[  218.348198][T11553] loop7: rw=2049, want=45104, limit=40427
[  218.379322][T10697] attempt to access beyond end of device
[  218.379322][T10697] loop7: rw=2049, want=45112, limit=40427
[  218.499647][T11588] loop5: detected capacity change from 0 to 512
[  218.566907][T11588] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.4648: error while reading EA inode 32 err=-116
[  218.583676][T11588] EXT4-fs (loop5): Remounting filesystem read-only
[  218.590308][T11588] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.4648: error while reading EA inode 32 err=-116
[  218.603090][T11588] EXT4-fs (loop5): Remounting filesystem read-only
[  218.609876][T11588] EXT4-fs (loop5): 1 orphan inode deleted
[  218.616503][T11588] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,discard,debug_want_extra_isize=0x000000000000005e,noauto_da_alloc,bsdgroups,jqfmt=vfsv1,abort,data_err=ignore,. Quota mode: none.
[  218.923266][T11616] input: syz1 as /devices/virtual/input/input45
[  219.085994][T11638] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  219.168176][T11650] loop2: detected capacity change from 0 to 256
[  219.175516][T11647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4673'.
[  219.226112][T11659] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4679'.
[  219.383293][T11675] loop5: detected capacity change from 0 to 512
[  219.422436][T11675] EXT4-fs (loop5): Ignoring removed nobh option
[  219.444464][T11675] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #3: comm syz.5.4685: corrupted inode contents
[  219.456535][T11675] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #3: comm syz.5.4685: mark_inode_dirty error
[  219.472220][T11675] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #3: comm syz.5.4685: corrupted inode contents
[  219.491766][T11675] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.4685: mark_inode_dirty error
[  219.504595][T11675] EXT4-fs error (device loop5): ext4_acquire_dquot:6200: comm syz.5.4685: Failed to acquire dquot type 0
[  219.516904][T11675] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #16: comm syz.5.4685: corrupted inode contents
[  219.530002][T11675] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #16: comm syz.5.4685: mark_inode_dirty error
[  219.542884][T11675] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #16: comm syz.5.4685: corrupted inode contents
[  219.555170][T11675] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #16: comm syz.5.4685: mark_inode_dirty error
[  219.566974][T11675] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #16: comm syz.5.4685: corrupted inode contents
[  219.578950][  T941] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  219.579290][T11675] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem
[  219.595363][T11675] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #16: comm syz.5.4685: corrupted inode contents
[  219.607412][T11675] EXT4-fs error (device loop5): ext4_truncate:4310: inode #16: comm syz.5.4685: mark_inode_dirty error
[  219.618956][T11675] EXT4-fs error (device loop5) in ext4_process_orphan:343: Corrupt filesystem
[  219.628459][T11675] EXT4-fs (loop5): 1 truncate cleaned up
[  219.634228][T11675] EXT4-fs (loop5): mounted filesystem without journal. Opts: resuid=0x0000000000000000,nobh,,errors=continue. Quota mode: writeback.
[  219.734988][T11697] loop5: detected capacity change from 0 to 8192
[  219.789822][ T4300] kernel write not supported for file bpf-prog (pid: 4300 comm: kworker/0:5)
[  219.961935][  T941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.974627][  T941] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.984854][  T941] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  219.998193][  T941] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  220.007398][  T941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.038139][  T941] usb 3-1: config 0 descriptor??
[  220.070686][T11713] loop7: detected capacity change from 0 to 512
[  220.124193][T11713] EXT4-fs (loop7): Ignoring removed bh option
[  220.141933][T11713] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  220.178541][T11713] EXT4-fs (loop7): 1 truncate cleaned up
[  220.184490][T11713] EXT4-fs (loop7): mounted filesystem without journal. Opts: bh,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,nodelalloc,quota,,errors=continue. Quota mode: writeback.
[  220.219424][T11739] syz.0.4711[11739] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.219506][T11739] syz.0.4711[11739] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  220.274313][T11741] loop8: detected capacity change from 0 to 8192
[  220.373339][T11752] loop8: detected capacity change from 0 to 512
[  220.389148][T11747] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  220.407285][T11752] EXT4-fs (loop8): Ignoring removed oldalloc option
[  220.414653][T11752] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  220.435104][T11752] EXT4-fs (loop8): 1 truncate cleaned up
[  220.440846][T11752] EXT4-fs (loop8): mounted filesystem without journal. Opts: quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback.
[  220.512901][  T941] plantronics 0003:047F:FFFF.0035: unknown main item tag 0xd
[  220.522258][  T941] plantronics 0003:047F:FFFF.0035: No inputs registered, leaving
[  220.537963][  T941] plantronics 0003:047F:FFFF.0035: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  220.550572][   T39] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  220.631842][   T26] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  220.710285][T11784] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  220.801845][   T39] usb 8-1: Using ep0 maxpacket: 16
[  220.822227][T11786] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4733'.
[  220.857932][T11788] netlink: 28 bytes leftover after parsing attributes in process `syz.8.4734'.
[  220.991934][   T26] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  221.003505][   T26] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.013514][   T26] usb 6-1: config 0 interface 0 has no altsetting 0
[  221.020131][   T26] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  221.029214][   T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.037837][   T26] usb 6-1: config 0 descriptor??
[  221.241907][   T39] usb 8-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  221.250994][   T39] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.259056][   T39] usb 8-1: Product: syz
[  221.261863][    T6] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  221.263303][   T39] usb 8-1: Manufacturer: syz
[  221.275398][   T39] usb 8-1: SerialNumber: syz
[  221.511892][    T6] usb 9-1: Using ep0 maxpacket: 16
[  221.517931][T11743] syz.7.4713[11743] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  221.517986][T11743] syz.7.4713[11743] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  221.523710][   T26] hid-steam 0003:28DE:1102.0036: unknown main item tag 0x0
[  221.548538][   T26] hid-steam 0003:28DE:1102.0036: unknown main item tag 0x0
[  221.556297][   T26] hid-steam 0003:28DE:1102.0036: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[  221.568553][   T26] hid-steam 0003:28DE:1102.0037: unknown main item tag 0x0
[  221.575980][   T26] hid-steam 0003:28DE:1102.0037: unknown main item tag 0x0
[  221.584100][   T26] hid-steam 0003:28DE:1102.0037: hidraw1: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[  221.595603][   T39] r8152-cfgselector 8-1: Unknown version 0x7cf0
[  221.641924][    T6] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.653019][    T6] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.662848][    T6] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  221.675920][    T6] usb 9-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  221.681887][   T26] hid-steam 0003:28DE:1102.0036: Steam Controller 'XXXXXXXXXX' connected
[  221.684964][    T6] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.694949][   T26] input: Steam Controller as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1102.0036/input/input47
[  221.706746][    T6] usb 9-1: config 0 descriptor??
[  221.747995][ T1694] usb 6-1: USB disconnect, device number 16
[  221.773361][ T1694] hid-steam 0003:28DE:1102.0036: Steam Controller 'XXXXXXXXXX' disconnected
[  221.821866][   T39] r8152-cfgselector 8-1: Unknown version 0x0000
[  221.828235][   T39] r8152-cfgselector 8-1: bad CDC descriptors
[  221.852030][   T39] r8152-cfgselector 8-1: Unknown version 0x0000
[  221.865328][   T39] r8152-cfgselector 8-1: USB disconnect, device number 3
[  221.875108][T11806] incfs: Error accessing: ./file0.
[  221.880340][T11806] incfs: mount failed -20
[  222.033204][   T30] kauditd_printk_skb: 134 callbacks suppressed
[  222.033221][   T30] audit: type=1400 audit(221.994:4463): avc:  denied  { ioctl } for  pid=11823 comm="syz.0.4750" path="socket:[65376]" dev="sockfs" ino=65376 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  222.091893][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  222.129165][   T30] audit: type=1326 audit(222.084:4464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f767e7bd6c9 code=0x7ffc0000
[  222.152646][   T30] audit: type=1326 audit(222.084:4465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f767e7bd6c9 code=0x7ffc0000
[  222.175693][   T30] audit: type=1326 audit(222.084:4466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f767e7bd6c9 code=0x7ffc0000
[  222.198873][   T30] audit: type=1326 audit(222.114:4467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.4754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f767e7bd6c9 code=0x7ffc0000
[  222.213251][    T6] appleir 0003:05AC:8241.0038: No inputs registered, leaving
[  222.233098][    T6] appleir 0003:05AC:8241.0038: hiddev97,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.8-1/input0
[  222.339522][   T30] audit: type=1400 audit(222.294:4468): avc:  denied  { bind } for  pid=11846 comm="syz.7.4760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  222.360947][   T30] audit: type=1400 audit(222.294:4469): avc:  denied  { connect } for  pid=11846 comm="syz.7.4760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  222.461299][   T30] audit: type=1400 audit(222.414:4470): avc:  denied  { ioctl } for  pid=11862 comm="syz.0.4766" path="socket:[65475]" dev="sockfs" ino=65475 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  222.488771][   T39] usb 9-1: USB disconnect, device number 11
[  222.561910][    T6] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  222.673350][  T286] usb 3-1: USB disconnect, device number 18
[  222.695419][   T30] audit: type=1326 audit(222.654:4471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11879 comm="syz.2.4774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effa5b936c9 code=0x7ffc0000
[  222.698140][T11880] loop2: detected capacity change from 0 to 512
[  222.719241][   T30] audit: type=1326 audit(222.654:4472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11879 comm="syz.2.4774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7effa5b936c9 code=0x7ffc0000
[  222.802998][    T6] usb 6-1: Using ep0 maxpacket: 32
[  222.808511][T11880] EXT4-fs (loop2): Ignoring removed bh option
[  222.814825][  T941] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  222.819705][T11880] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  222.834263][T11880] EXT4-fs (loop2): 1 truncate cleaned up
[  222.839926][T11880] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,nodelalloc,quota,,errors=continue. Quota mode: writeback.
[  222.932621][T11888] device batadv_slave_1 entered promiscuous mode
[  222.939685][T11887] device batadv_slave_1 left promiscuous mode
[  222.942089][    T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.956710][    T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.967086][    T6] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  222.976203][    T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.992440][    T6] usb 6-1: config 0 descriptor??
[  223.037807][    T6] hub 6-1:0.0: USB hub found
[  223.154504][T11916] syz.8.4790[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.154554][T11916] syz.8.4790[11916] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.213344][  T941] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  223.236253][  T941] usb 8-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.241959][    T6] hub 6-1:0.0: 1 port detected
[  223.246633][  T941] usb 8-1: config 0 interface 0 has no altsetting 0
[  223.257910][  T941] usb 8-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  223.267106][  T941] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.276068][  T941] usb 8-1: config 0 descriptor??
[  223.371901][    C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  223.395872][T11932] loop8: detected capacity change from 0 to 512
[  223.753123][  T941] hid-steam 0003:28DE:1102.0039: unknown main item tag 0x0
[  223.760415][  T941] hid-steam 0003:28DE:1102.0039: unknown main item tag 0x0
[  223.767904][  T941] hid-steam 0003:28DE:1102.0039: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.7-1/input0
[  223.779679][  T941] hid-steam 0003:28DE:1102.003A: unknown main item tag 0x0
[  223.786980][  T941] hid-steam 0003:28DE:1102.003A: unknown main item tag 0x0
[  223.794771][  T941] hid-steam 0003:28DE:1102.003A: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.7-1/input0
[  223.871858][  T941] hid-steam 0003:28DE:1102.0039: Steam Controller 'XXXXXXXXXX' connected
[  223.881515][  T941] input: Steam Controller as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:28DE:1102.0039/input/input48
[  223.881924][    T6] hub 6-1:0.0: activate --> -90
[  223.961874][   T39] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  223.971153][  T941] usb 8-1: USB disconnect, device number 4
[  223.984454][  T941] hid-steam 0003:28DE:1102.0039: Steam Controller 'XXXXXXXXXX' disconnected
[  224.302461][  T625] usb 6-1: USB disconnect, device number 17
[  224.321929][   T39] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  224.332138][  T286] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  224.339748][   T39] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  224.421943][   T39] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  224.431093][   T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  224.439115][   T39] usb 1-1: SerialNumber: syz
[  224.552048][    T6] usb 6-1-port1: config error
[  224.571905][  T286] usb 3-1: Using ep0 maxpacket: 32
[  224.691970][  T286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  224.702996][  T286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  224.712761][  T286] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  224.722536][   T39] usb 1-1: 0:2 : does not exist
[  224.727828][  T286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.736782][   T39] usb 1-1: USB disconnect, device number 16
[  224.744534][  T286] usb 3-1: config 0 descriptor??
[  224.751983][ T4300] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  224.952707][ T2529] udevd[2529]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  224.992058][ T4300] usb 8-1: Using ep0 maxpacket: 16
[  225.111970][ T4300] usb 8-1: config 0 has no interfaces?
[  225.172006][  T625] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  225.191962][ T4300] usb 8-1: config 0 has no interfaces?
[  225.233367][  T286] kone 0003:1E7D:2CED.003B: item fetching failed at offset 0/5
[  225.241226][  T286] kone 0003:1E7D:2CED.003B: parse failed
[  225.248170][  T286] kone: probe of 0003:1E7D:2CED.003B failed with error -22
[  225.271903][ T4300] usb 8-1: config 0 has no interfaces?
[  225.435199][    T6] usb 3-1: USB disconnect, device number 19
[  225.462194][ T4300] usb 8-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  225.471414][ T4300] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.479651][ T4300] usb 8-1: Product: syz
[  225.484715][ T4300] usb 8-1: Manufacturer: syz
[  225.489332][ T4300] usb 8-1: SerialNumber: syz
[  225.498872][ T4300] r8152-cfgselector 8-1: config 0 descriptor??
[  225.570051][T12005] kvm [12004]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0xc1 data 0xffff000000000005
[  225.580617][T12005] kvm [12004]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0xc2 data 0xffff000000000005
[  225.593236][T12005] kvm [12004]: vcpu2, guest rIP: 0x9136 ignored wrmsr: 0x11e data 0xffff000000000005
[  225.604814][T12005] kvm [12004]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0x186 data 0xffff000000000005
[  225.615150][T12005] kvm [12004]: vcpu2, guest rIP: 0x9136 disabled perfctr wrmsr: 0x187 data 0xffff000000000005
[  225.627012][T12005] kvm [12004]: vcpu2, guest rIP: 0x9136 vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xffff000000000005, nop
[  225.711974][  T625] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  225.721055][  T625] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.729422][  T625] usb 6-1: Product: syz
[  225.733785][  T625] usb 6-1: Manufacturer: syz
[  225.738419][  T625] usb 6-1: SerialNumber: syz
[  225.761920][ T4300] r8152-cfgselector 8-1: Unknown version 0x0000
[  225.782593][T12022] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[  225.792285][T12022] SELinux: security_context_str_to_sid(system_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  225.982142][   T60] r8152-cfgselector 8-1: USB disconnect, device number 5
[  226.081864][  T286] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  226.441947][  T286] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  226.451168][  T286] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.464851][  T286] usb 1-1: config 0 descriptor??
[  226.491361][T12041] loop2: detected capacity change from 0 to 131072
[  226.582403][T12041] F2FS-fs (loop2): invalid crc value
[  226.589690][T12041] F2FS-fs (loop2): Found nat_bits in checkpoint
[  226.630871][T12041] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2
[  226.642180][T12041] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  226.771882][   T60] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  226.869366][  T625] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[  226.876189][  T625] cdc_ncm 6-1:1.0: dwNtbInMaxSize=2 is too small. Using 2048
[  226.884325][  T625] cdc_ncm 6-1:1.0: setting rx_max = 2048
[  226.942799][  T286] appleir 0003:05AC:8241.003C: item fetching failed at offset 2/5
[  226.951352][  T286] appleir 0003:05AC:8241.003C: parse failed
[  226.957547][  T286] appleir: probe of 0003:05AC:8241.003C failed with error -22
[  227.027273][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.035132][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.042736][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.050186][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.057649][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.065098][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.072644][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.080153][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.087690][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.095181][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.103773][  T625] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM, 42:42:42:42:42:42
[  227.114111][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.121489][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.130430][  T625] usb 6-1: USB disconnect, device number 18
[  227.136723][  T625] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM
[  227.145090][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.152748][   T60] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  227.157433][  T286] usb 1-1: USB disconnect, device number 17
[  227.165616][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.180468][   T60] usb 8-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00
[  227.181836][ T9032] usb 9-1: new full-speed USB device number 12 using dummy_hcd
[  227.189575][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.204457][   T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.213602][   T60] usb 8-1: config 0 descriptor??
[  227.218635][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.227069][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.235090][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.242542][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.249949][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.257975][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.265470][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.272910][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.280280][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.287748][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.295156][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.302597][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.309999][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.317396][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.324797][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.332266][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.339652][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.347046][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.354443][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.361846][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.369225][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.376626][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.384077][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.391439][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.398923][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.406406][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.413797][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.421176][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.428574][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.436166][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.443696][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.451081][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.458478][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.465883][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.473375][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.480777][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.488223][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.495643][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.503044][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.510752][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.518170][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.525573][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.533061][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.540461][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.547885][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.555290][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.562696][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.570197][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.571964][ T9032] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  227.577606][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.588956][ T9032] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.596050][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.605930][ T9032] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  227.613533][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.629878][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.636392][ T9032] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.639370][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.653566][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.660990][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.668638][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.668703][ T9032] usb 9-1: config 0 descriptor??
[  227.676434][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.688818][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.705509][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.714516][   T60] uclogic 0003:2179:0053.003E: unbalanced delimiter at end of report description
[  227.728215][   T60] uclogic 0003:2179:0053.003E: parse failed
[  227.736695][T12078] loop5: detected capacity change from 0 to 512
[  227.743355][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.750766][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.758446][   T60] uclogic: probe of 0003:2179:0053.003E failed with error -22
[  227.767485][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.775079][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.782585][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.789985][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.797417][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.804824][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.812235][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.819625][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.827047][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.834456][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.841876][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.849264][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.856733][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  227.864356][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.871750][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.879176][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.886584][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.893998][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.901380][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.908795][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.916208][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.916563][  T941] usb 8-1: USB disconnect, device number 6
[  227.923924][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.937002][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.937818][T12078] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  227.944546][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.956012][T12078] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2229: inode #15: comm syz.5.4863: corrupted in-inode xattr
[  227.959203][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.978597][    T6] hid-generic 0000:0000:0004.003D: unknown main item tag 0x0
[  227.979101][T12078] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.4863: couldn't read orphan inode 15 (err -117)
[  227.986505][   T60] ==================================================================
[  227.998749][T12078] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,inode_readahead_blks=0x0000000000000001,noblock_validity,noload,delalloc,max_batch_time=0x0000000000000001,discard,inode_readahead_blks=0x0000000000004000,nomblk_io_submit,init_itable=0x0000000000000fff,,errors=continue. Quota mode: none.
[  228.005973][   T60] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120
[  228.006004][   T60] Read of size 8 at addr ffff88811ab02c70 by task kworker/0:2/60
[  228.050734][   T60] 
[  228.053074][   T60] CPU: 0 PID: 60 Comm: kworker/0:2 Not tainted syzkaller #0
[  228.060369][   T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  228.070432][   T60] Workqueue: events_long br_fdb_cleanup
[  228.075985][   T60] Call Trace:
[  228.079255][   T60]  <TASK>
[  228.082183][   T60]  __dump_stack+0x21/0x30
[  228.086626][   T60]  dump_stack_lvl+0xee/0x150
[  228.091220][   T60]  ? show_regs_print_info+0x20/0x20
[  228.096415][   T60]  ? load_image+0x3a0/0x3a0
[  228.100913][   T60]  print_address_description+0x7f/0x2c0
[  228.106450][   T60]  ? __list_del_entry_valid+0xa6/0x120
[  228.111901][   T60]  kasan_report+0xf1/0x140
[  228.116321][   T60]  ? __list_del_entry_valid+0xa6/0x120
[  228.121791][   T60]  __asan_report_load8_noabort+0x14/0x20
[  228.127438][   T60]  __list_del_entry_valid+0xa6/0x120
[  228.132727][   T60]  process_one_work+0x453/0xba0
[  228.137580][   T60]  worker_thread+0xa59/0x1200
[  228.142255][   T60]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  228.147713][   T60]  kthread+0x411/0x500
[  228.151786][   T60]  ? worker_clr_flags+0x190/0x190
[  228.156821][   T60]  ? kthread_blkcg+0xd0/0xd0
[  228.161581][   T60]  ret_from_fork+0x1f/0x30
[  228.165996][   T60]  </TASK>
[  228.169008][   T60] 
[  228.171325][   T60] Allocated by task 625:
[  228.175657][   T60]  __kasan_kmalloc+0xda/0x110
[  228.180328][   T60]  __kmalloc+0x13d/0x2c0
[  228.184570][   T60]  kvmalloc_node+0x206/0x300
[  228.189156][   T60]  alloc_netdev_mqs+0x8d/0xc90
[  228.193929][   T60]  alloc_etherdev_mqs+0x34/0x40
[  228.198802][   T60]  usbnet_probe+0x219/0x2860
[  228.203402][   T60]  usb_probe_interface+0x5ff/0xae0
[  228.208531][   T60]  really_probe+0x285/0x970
[  228.213036][   T60]  __driver_probe_device+0x198/0x280
[  228.218330][   T60]  driver_probe_device+0x54/0x3e0
[  228.223347][   T60]  __device_attach_driver+0x2a6/0x460
[  228.228809][   T60]  bus_for_each_drv+0x175/0x200
[  228.233801][   T60]  __device_attach+0x2a2/0x400
[  228.238575][   T60]  device_initial_probe+0x1a/0x20
[  228.243629][   T60]  bus_probe_device+0xc0/0x1e0
[  228.248396][   T60]  device_add+0xb31/0xed0
[  228.252729][   T60]  usb_set_configuration+0x19c2/0x1f10
[  228.258188][   T60]  usb_generic_driver_probe+0x91/0x150
[  228.263651][   T60]  usb_probe_device+0x148/0x260
[  228.268516][   T60]  really_probe+0x285/0x970
[  228.273017][   T60]  __driver_probe_device+0x198/0x280
[  228.278298][   T60]  driver_probe_device+0x54/0x3e0
[  228.283325][   T60]  __device_attach_driver+0x2a6/0x460
[  228.288699][   T60]  bus_for_each_drv+0x175/0x200
[  228.293551][   T60]  __device_attach+0x2a2/0x400
[  228.298315][   T60]  device_initial_probe+0x1a/0x20
[  228.303351][   T60]  bus_probe_device+0xc0/0x1e0
[  228.308112][   T60]  device_add+0xb31/0xed0
[  228.312437][   T60]  usb_new_device+0xd06/0x1620
[  228.317204][   T60]  hub_event+0x29c4/0x4480
[  228.321620][   T60]  process_one_work+0x6be/0xba0
[  228.326473][   T60]  worker_thread+0xa59/0x1200
[  228.331150][   T60]  kthread+0x411/0x500
[  228.335211][   T60]  ret_from_fork+0x1f/0x30
[  228.339627][   T60] 
[  228.341946][   T60] Freed by task 625:
[  228.345836][   T60]  kasan_set_track+0x4a/0x70
[  228.350421][   T60]  kasan_set_free_info+0x23/0x40
[  228.355351][   T60]  ____kasan_slab_free+0x125/0x160
[  228.360455][   T60]  __kasan_slab_free+0x11/0x20
[  228.365207][   T60]  slab_free_freelist_hook+0xc2/0x190
[  228.370678][   T60]  kfree+0xc4/0x270
[  228.374503][   T60]  kvfree+0x35/0x40
[  228.378314][   T60]  netdev_freemem+0x3f/0x60
[  228.382818][   T60]  netdev_release+0x7f/0xb0
[  228.387321][   T60]  device_release+0x96/0x1c0
[  228.392182][   T60]  kobject_put+0x18a/0x270
[  228.396598][   T60]  put_device+0x1f/0x30
[  228.400759][   T60]  free_netdev+0x34b/0x450
[  228.405172][   T60]  usbnet_disconnect+0x24b/0x3a0
[  228.410108][   T60]  usb_unbind_interface+0x212/0x8c0
[  228.415304][   T60]  device_release_driver_internal+0x4c1/0x760
[  228.421366][   T60]  device_release_driver+0x19/0x20
[  228.426475][   T60]  bus_remove_device+0x2dd/0x340
[  228.431420][   T60]  device_del+0x696/0xe90
[  228.435750][   T60]  usb_disable_device+0x3a8/0x750
[  228.440768][   T60]  usb_disconnect+0x31e/0x850
[  228.445445][   T60]  hub_event+0x1a96/0x4480
[  228.449861][   T60]  process_one_work+0x6be/0xba0
[  228.454821][   T60]  worker_thread+0xd7b/0x1200
[  228.459499][   T60]  kthread+0x411/0x500
[  228.463563][   T60]  ret_from_fork+0x1f/0x30
[  228.467976][   T60] 
[  228.470292][   T60] Last potentially related work creation:
[  228.476000][   T60]  kasan_save_stack+0x3a/0x60
[  228.480674][   T60]  __kasan_record_aux_stack+0xd2/0x100
[  228.486126][   T60]  kasan_record_aux_stack_noalloc+0xb/0x10
[  228.491933][   T60]  insert_work+0x51/0x310
[  228.496270][   T60]  __queue_work+0x8e5/0xc60
[  228.500849][   T60]  queue_work_on+0xd2/0x140
[  228.505341][   T60]  usbnet_link_change+0x189/0x1b0
[  228.510373][   T60]  usbnet_probe+0x1dfd/0x2860
[  228.515070][   T60]  usb_probe_interface+0x5ff/0xae0
[  228.520177][   T60]  really_probe+0x285/0x970
[  228.524773][   T60]  __driver_probe_device+0x198/0x280
[  228.530047][   T60]  driver_probe_device+0x54/0x3e0
[  228.535059][   T60]  __device_attach_driver+0x2a6/0x460
[  228.540414][   T60]  bus_for_each_drv+0x175/0x200
[  228.545250][   T60]  __device_attach+0x2a2/0x400
[  228.550001][   T60]  device_initial_probe+0x1a/0x20
[  228.555009][   T60]  bus_probe_device+0xc0/0x1e0
[  228.559758][   T60]  device_add+0xb31/0xed0
[  228.564076][   T60]  usb_set_configuration+0x19c2/0x1f10
[  228.569521][   T60]  usb_generic_driver_probe+0x91/0x150
[  228.574970][   T60]  usb_probe_device+0x148/0x260
[  228.579814][   T60]  really_probe+0x285/0x970
[  228.584302][   T60]  __driver_probe_device+0x198/0x280
[  228.589579][   T60]  driver_probe_device+0x54/0x3e0
[  228.594590][   T60]  __device_attach_driver+0x2a6/0x460
[  228.599950][   T60]  bus_for_each_drv+0x175/0x200
[  228.604801][   T60]  __device_attach+0x2a2/0x400
[  228.609549][   T60]  device_initial_probe+0x1a/0x20
[  228.614561][   T60]  bus_probe_device+0xc0/0x1e0
[  228.619311][   T60]  device_add+0xb31/0xed0
[  228.623632][   T60]  usb_new_device+0xd06/0x1620
[  228.628384][   T60]  hub_event+0x29c4/0x4480
[  228.632800][   T60]  process_one_work+0x6be/0xba0
[  228.637640][   T60]  worker_thread+0xa59/0x1200
[  228.642308][   T60]  kthread+0x411/0x500
[  228.646375][   T60]  ret_from_fork+0x1f/0x30
[  228.650777][   T60] 
[  228.653098][   T60] The buggy address belongs to the object at ffff88811ab02000
[  228.653098][   T60]  which belongs to the cache kmalloc-4k of size 4096
[  228.667136][   T60] The buggy address is located 3184 bytes inside of
[  228.667136][   T60]  4096-byte region [ffff88811ab02000, ffff88811ab03000)
[  228.680568][   T60] The buggy address belongs to the page:
[  228.686177][   T60] page:ffffea00046ac000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ab00
[  228.696410][   T60] head:ffffea00046ac000 order:3 compound_mapcount:0 compound_pincount:0
[  228.704736][   T60] flags: 0x4000000000010200(slab|head|zone=1)
[  228.710820][   T60] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380
[  228.719506][   T60] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  228.728069][   T60] page dumped because: kasan: bad access detected
[  228.734457][   T60] page_owner tracks the page as allocated
[  228.740156][   T60] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1173, ts 35066031538, free_ts 33826993130
[  228.760640][   T60]  post_alloc_hook+0x192/0x1b0
[  228.765388][   T60]  prep_new_page+0x1c/0x110
[  228.769879][   T60]  get_page_from_freelist+0x2cc5/0x2d50
[  228.775420][   T60]  __alloc_pages+0x18f/0x440
[  228.779996][   T60]  new_slab+0xa1/0x4d0
[  228.784134][   T60]  ___slab_alloc+0x381/0x810
[  228.788712][   T60]  __slab_alloc+0x49/0x90
[  228.793028][   T60]  __kmalloc_track_caller+0x169/0x2c0
[  228.798386][   T60]  __alloc_skb+0x21a/0x740
[  228.802789][   T60]  rtmsg_ifinfo_build_skb+0x7c/0x180
[  228.808060][   T60]  rtmsg_ifinfo+0x7a/0x130
[  228.812468][   T60]  register_netdevice+0x112a/0x13a0
[  228.817654][   T60]  register_netdev+0x3e/0x50
[  228.822233][   T60]  ip6gre_init_net+0x26d/0x340
[  228.826982][   T60]  ops_init+0x1ba/0x4a0
[  228.831118][   T60]  setup_net+0x344/0xa90
[  228.835342][   T60] page last free stack trace:
[  228.839996][   T60]  free_unref_page_prepare+0x542/0x550
[  228.845439][   T60]  free_unref_page+0xa2/0x550
[  228.850100][   T60]  __free_pages+0x6c/0x100
[  228.854501][   T60]  __free_slab+0xe8/0x1e0
[  228.858818][   T60]  __unfreeze_partials+0x160/0x190
[  228.863922][   T60]  put_cpu_partial+0xc6/0x120
[  228.868582][   T60]  __slab_free+0x1d4/0x290
[  228.873001][   T60]  ___cache_free+0x104/0x120
[  228.877575][   T60]  qlink_free+0x4d/0x90
[  228.881712][   T60]  qlist_free_all+0x5f/0xb0
[  228.886199][   T60]  kasan_quarantine_reduce+0x14a/0x170
[  228.891645][   T60]  __kasan_slab_alloc+0x2f/0xf0
[  228.896483][   T60]  slab_post_alloc_hook+0x4f/0x2b0
[  228.901580][   T60]  kmem_cache_alloc+0xf7/0x260
[  228.906331][   T60]  getname_flags+0xb9/0x500
[  228.910817][   T60]  getname+0x19/0x20
[  228.914693][   T60] 
[  228.916998][   T60] Memory state around the buggy address:
[  228.922607][   T60]  ffff88811ab02b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.930652][   T60]  ffff88811ab02b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.938784][   T60] >ffff88811ab02c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.946827][   T60]                                                              ^
[  228.954525][   T60]  ffff88811ab02c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.962592][   T60]  ffff88811ab02d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.970666][   T60] ==================================================================
[  228.978710][   T60] Disabling lock debugging due to kernel taint
[  228.985206][    T6] hid-generic 0000:0000:0004.003D: hidraw0: <UNKNOWN> HID v0.03 Device [syz1] on syz1
[  229.002139][ T9032] savu 0003:1E7D:2D5A.003F: hiddev96,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[  229.021744][   T30] kauditd_printk_skb: 78 callbacks suppressed
[  229.021758][   T30] audit: type=1400 audit(228.974:4551): avc:  denied  { read } for  pid=140 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  229.088608][T12089] fido_id[12089]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  229.216121][  T286] usb 9-1: USB disconnect, device number 12