last executing test programs:

3m10.742161356s ago: executing program 4 (id=106):
socket$unix(0x1, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000006700)=@newchain={0x74, 0x64, 0x400, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7, 0x2}, {0x4, 0xe}, {0x8}}, [@TCA_RATE={0x6, 0x5, {0xf6, 0xf}}, @filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_POLICE={0x38, 0x4, [@TCA_POLICE_RESULT={0x8, 0x5, 0x4}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xea06}, @TCA_POLICE_RATE64={0xc, 0x8, 0x8e0}, @TCA_POLICE_RESULT={0x8, 0x5, 0x200}, @TCA_POLICE_RESULT={0x8, 0x5, 0x5}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x50}, 0x801)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x20, 0x4, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x3}]}, 0x10)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x78bd27, 0xf0, {0x0, 0x0, 0x0, r2, {0x5}, {0x81ff}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)
ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f0000000000)={0x7, 0x1})
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae)

3m10.683925089s ago: executing program 4 (id=107):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@jqfmt_vfsv1}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000006112240000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x4000000)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
statfs(&(0x7f0000000200)='.\x00', &(0x7f0000000440)=""/137)

3m9.825995909s ago: executing program 4 (id=109):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m8.949081799s ago: executing program 4 (id=113):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, <r3=>0x0, <r4=>0x0}, 0x2058)
write$FUSE_INIT(r0, &(0x7f0000002180)={0x50, 0x0, r3, {0x7, 0x27, 0x5, 0x1dd880, 0x1, 0x89, 0x0, 0x4, 0x0, 0x0, 0x80, 0x2404}}, 0x50)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r5=>0x0, 0x0, <r6=>0x0}, 0x2020)
bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfd, 0x800}, 0xc)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r7, 0x0, 0x12, &(0x7f0000000300)=0x1, 0x4)
sendto$inet(r7, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x20040000, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r7, &(0x7f000000e280), 0x58a, 0x42, 0x0)
write$FUSE_IOCTL(r0, &(0x7f0000002140)={0x20, 0x0, r5, {0x403, 0x4, 0x8, 0xfff}}, 0x20)
syz_fuse_handle_req(r0, &(0x7f0000004340)="265ed300624cee917954148609d0f2ac52561da46fe5c8ce8b3d649d8b59dfb0c633a2151990de893de399d507986121aa114fd87163065d2988807d3e0953e6b084d8b607280f9207193bb76a79bb6d4f638d070435bddb76667d5dee6329e71b2c9befbb22bbde0c1b6da63b845f2c28d2c5f4deb07b4ae015fc576702112f75a755e76b6dc450719f63cd1939961e4c895f9054760c61f933bf74d185520f9aebaf3ab397a2089640ec41ab5cfe6c828b53c4cc544f9812034c719e712532763eff6e69ad7cc4d2f29f97ccce18f298ce417251430929d422e21cac05093609d97896d0beb7d4cce9f1975f01e7dd29ea061a868bb6607b7cf88a2e33dd5c5db31cbead98e06c2c7add9012b0483fe662532c81ab1a1ca8f20f1cd9020e06c2bdade3f311d08b47503b5b63b279a9be019006e6929670f53d5688c194e9f046d2322d71bc26245e698cd44d655c59b2e0ff43771a386abc38cd6e493e0a475ef525fa78671fd9954e7df71a3b7c7ed90379dffa4fd76f0367eca11c1d8de813979951eccc8c93b4f9fdb4785c0a9d207e65742bdd358e9dfbf29203c36b91fdd78db55b53ad1e713e32fc1f47bf3390f3db8dfbd514b4b31095c818e18b63ebad5cc3b406557f3a9380c5065ab11c64522b1752b2296bb00b7750ab82704ba197f26ab76e35da02ae87d25669d54d212aa680b579773c889902782d1c8067b16ff957bfa70cd8af4c366c1629e871cfb033d46c0d308c3ff5072fd8e23ee02986a128051b8e6dbaa2bc46bdc8772d923f2906eef68015bdb4cd66a2525269a91cbd7336c930c08190a8606d762c768d164d05eea38d63e99e1fab83ce2683b885e1619065acb1bed0bfd63e3cea5c9d7c9994df4036aa17f9eb0850f9eb42b17b19926fd9d814529c3cf4397e3f38f9626f0bb4f229b51c35773cbecc42ba22f8346c9c3a6f3ca7d8b25d0bbf30baf48bde92ea192e2484ef9b2160492edb5f2ce296b0b6b420d020b7d14d780db436b1a23b733051369536eae7c7148927c3ba3a968516039b0b14d9918a41a1bdd5002847e1c3d02f0dc2235857a9797038d164591757820e7d74dbadd42b8903f20434c6ac0f401fdbfcbed5dd3c5b5fb0ce1f9c81e8d1037fde8dd3fef1d5d7af6af8f36c0f4462909dbf694cc6fe80070bd5fac5a5ca4dffae4b2c67892f7c53af3644ffec29ab3d791bd7934ad38929a9d5fb9ecf10b9dec62e315ccb0e0de60bb1620daa8154a4cdec98d94d42ac1a4b5f8da6afcb7dfb53544fbbcaa3aa444182ff25064ace51a825fe89236e850a2c90e1c7db17871ea809c4a11a26f49b213cab87d4a42b747546fb9b15068faf1a8556f909f2c47202e7b65cddc708ded90bdde68725b787bdc2d4eeda60204bd0028f07ffc3052f93eb6343d1b2a9a5292e6574baa4a096fda6dd54f6d39e9462b6839b8ee2426e3fbf42a016dc0963145e602f2b0c351f123df48f608f74b04fc7e9cd018e7ab25bc1c12f8f58c0b2dce5714faa54820ef72f38566e3d776ea2d5b061a2e94710176f15d2221420abad8b8b733de253e602277848e7f1e0eb4d07f5eb0cc4d9f874e632007cbca23a5d7e4109cf5c4fafe5f607149bac37938734b77d9b183cf76014aa61507bd4eb44524e8326c58932c8b9f6a10e334cc602b5b8c956c7cb5ffa099274b599fc9c58327f85553e00263e548c93c89edf7a7c83cc10348662fc344c85378572a40b49ae65972fb40abd5e0a38af48207983f86c7bb6bf9b7853c4b1fb522d135a83bbdbb78130b4df3aa7cfa930868cd5a2d995ca9fe4f64c79485ab19d85b0c82a72f4a09ccab267320a61208ccef13c3546ab0f16e34cdc56d6e48a6d9c14c626528a3b191e3723b19d4388d5b9b61c7aec726b8752455f96e888ba7af82c127796e9b67432d1f60a3470c7bf4b924cf10f06a3e3f64c60c7c2b0fba4d1ebe4e52014b4052c2ba0d5b649c46e5cdc6c7159faff2adad2db2d3db9f4f9e9735ba28b7aa1c6c2fea9dab6c9617160d182dfc13e18f44e73c4377df42080d08a87fcfd46b4a4f30205457ad19ddd473fc3a67153d04e960f1dc7556fb158a1d584eb2bde917792892a30e9cd25d37a318cf06bd6541463adaf5d12adc50252f364ba05f89182018ded2179c23a1fc0b31d87139da39298b8d387446c70c4577a27f6df841d9f43106bc1bf44f5c7a41460e2afc9eea98f8e256919c0befd53d7d015412391963c9ad39a19aad265cdbd609628e1913adc2467b69c00865a88635c46a851e7252cf3dc5c3cc5dcb04e97c0742d1a844556744036c97710dd9b55f661506f36cfef2c6b7305b63f5c33469b33ad09e1b593a7ddfc97777954c71c8e4857ca49aa7e5de0d25d760f633660e1fd783cdc43b00a0ec149cc9c8385807c2f6b4cb255d6a15ac75ef63d0871b176d503f332c069ccfa7a2bacd11999ea792024b35c9faae5bf02bd5c844d04d9680c1fe35c2d90ce808b45932e754e4e1dd142ba5a7bd9ecdf7717094ed4359eba666fbdc1e849ccede72b0b37f0b8bc4f76b99222f8d199de11dbd0ff396236f4a37aab955126a60c9f0d457c7a394920aa9014611e5d994c8373516f061dcc5ac881bdda5132b5ee984b15fd007828401c72df63c2efbc5f0e8545310ce65d0635dc73f0cb1c796c24b7ee62616116c13369ceb74ff8bda64a98e903dfcfd88b3c0c5f86191bcc8342578f23dc70fa6ceebde822ffedb7587a3f204d330be4977bbbc2529cf0ddf4c85b17f1088f48d878e72fb00e15a6144231108be816d2718c360e2fa8a236691c775a9a0ef3559696f5b8f85eec0aa2b1c4f01a2df6065bd31b23dd37718613fcbbb1566dc0607bf487c1a91f2b39a83755a6048e46d02ede0f5aaea8ee9e245d6c37891f5ebc9bb7ad2462b4ea4f1167b8c8e97e2f7b62c1c98ae0b808ee6033818d28a00ee72120820b2227da50d7f66d3318f6acc6398c81e529c5cb0df75e303954c2fa828760c1133fdbdf1fd7675b8634bdb496b054b91672fc7ac344a37bf60988870d54e5baf91334db883b2c69acb50676c2f871fd577747dd1d26c00a56e757b6a0edcd609ef5c3b3ef669ced2af5f19ad19194d04f23ff23546df47bc67ad596672a40cca2e87f8fcc3a318e37c73f9f50bd06926c74078356ddddba42ee273e0c33c2fc6cdd1fd50daa6ed3b7b6ce558f89449fca6d8b05c90639283d44e14a854eb29d65ce5b9552597072cb148ccea15ef430630559293afaf204f22a890fc3009a2bc1b0844a49668354a940fbd0d5919faadfe5cb80e4c93d138ae28269a99c877426298b9ec7f01e9005da2d7977f34103de38b2f65bdc1c899ba96745ca977c46db6003b1ab840e677f0d8960b4e9f71e82fb89a8cc0702739276ec7a040c69e6dc0e439658d420737a2f6cbe7cb1ce904f4a39dbe8284971e527ef50976c89855f75d5e129a09a117a5c042411696f8a3bf02879a287b2b1ea2a6e1adaed0374341113bb8363f33aacd361339c9c06b4bd6e04f8fbf1f120f1992856608426d44abb6cc429a075c7bd22bdffc9493f218286f8eb585001fdf79327c8c17d462cc2ca5b435d444659767150c6e1000a74f001be398a1bb48863d3a4d4a71a4623e1721b003d7d2c038fdb405b814f37a95a6a53bbb365dddeefb83451676c7b57a23dd1d523958e2e2eb8d889c47cb7aa515e9b11b2c3accfe6739a8ef56b7a02adfd63ec9f9232c38e2aef3773a9a7d6f4844ea1d609f146f19e6c46fb6b961b8037e5d9ba34c0ca5c10a668ddc5d6f4c7951732f68c56ad9c1b3e53e09d33d9b377258ab2de957c8adcd4b68923ed6eaf2441e2d888d1d4653c5686ab712a82ca16cf475009e238e5a8df04ca2fa719e6308bd60026deea44355a6e878157ffc7f14a8d34275a9ed5f810ea4ed1827e4c91998aebe9aacbae14d95eed96a9de17463ae852f53d2bf3e92df959564e9550c1eeb0b052c00cd44c07b7f021cdad5c70908a74bca9ec4fa372f491aeadb297e8f571de1b376ef1b7194d8e434ba3867940606521399595be0ec4daab0b45c42e439adc5cbecc7310025ed8761a1d78adf3ee6b223577e473423cece99cde0807269de6929624ed1739b2380ed4688779ce9808595e9b87ed6f42d89b1676014cb8c9a3f7484aacdf794f056439fd1e5233de23141d5b87ca95b54721a01212666e8067cf683025f1219f4d0569c8cfb2d6ed67e7f051e2ef9d0b70a390ac7d53bf9c4e537c74afd223e311341583282ac6e4ab209a591ab0f4d7205512a74a01cd33b57d993fc5c548a757d757e1f32272c22b86fb2428b338eac75c21e4ce3fbfdc6f04a62856610308e65dca82a7637d7113a48c6ce0357fa454f6d58a1b61698c7b65dc9b8678f9d279b883f76e04ad1f1154e2f490afb7e397ce65ce297f6599b0671f3129bc87cf4221d8ce101f71a1df23b6343dc3d6e35ee2eb0a1e37e67e091fab994b8948e956320d7e512308641a129526ff2e73ba026fb72fd3da3482fde5374d54bc3ed6ae53f2b9b4d222db5f3126760285683ecbbd0f8b5bb964e5a1cfe404ce21588a21c2244e0f76520e139992f65a15299548f4dc5e4d1e54acf7592ee1f04e36987606bf10e4632c79d00e1ed985553b00a8e828dd193f5cbd7101cd36745804d474532fc51e708c7f124bf9231b9a7bd1ca4446060535054b4bfd5a61607f3ae45cf1deebfb9d8710e5523c8cd03565cd378e77b1b3323a7d97f28fd1a13aa40626abf69d7b66ee9db3d604b293966347a4fb36d089078f9808bc209109690ea47941ad7c141767b78eee93131a57b5e12690b7288ffecf22f39f308a80457ac6052b8f477bafc15a3ab30cfa3cbd7dda9803e5a5664694e77f528087de197c02fd4d133ea9133b9aa4377bcc0b62801982b999b6e7f76dff371dfd998704e340b4e5da88384fa8cf08d747c977105e4574bda02c56361338a0a9bd800e94c861a31d5d64d71cb65c0655f5b5cf5f900e348d7cc05d9c2dcf711859cbb8ffa54065e2e5462f4c1d80d28e5d5400090d4bf61565422b8df0f34f7a7c1e153d39c9d7340d15b8db226d323b4e3c50fd8aaa87ec9e5c3fbb3ad66462c6ec5ff31877024d119fdb7a16e69d324ca9819512c45c3852409f4899a41a4d16ca77dc3dba1ffbdc2af2fccaba1f04e048444154d5019a267bbcd440d7bb3516e9741e5f9c3ef1135e8c0d70e3c7800c10c000e9cfbddbb5aba9e43b3dc0164f92733590f6921bfb53aa1466a53b6146113795fc13d1621b3cbe0eadec02c469a4899232c23a5a88a9d659984c22ee523b5c5de84223a0f0f9bf1fcdb1efb4709252c0fab477823bf2505f9a2e4a36d0bdae824ecad15a4c313f0c9eb4423ea249710e353e61264630927f778c01978f5b50213d71fd746e40009432bf50b7932b7659942f0d1b6375b87d9b038ce271d7333ed282beb3925a330d881ac7611d3e8b869601b146fd82c06b340ae4823c4c429af4c15f2a2a2bdf383788e86b68c001866a86188cfd71b02bc8abef13703264f3ad08ff6602e15ff84715b7796541c87e26b0c6e086211943e52629f8c1e71fdaec972ab5a2c690c78b08d65651ae4b64070f7bb37931119881ef14c4c8e228d67d34f1c9eb855b39ad6e615bf24f7b453a76547edf2fa025c53bda95d783fb3f735852f28318a8a67c8ceb5279d380d724ee6eb2e76ba8807a0865fcafac50d09a92b85d27a238e4461a80cbbeaed62a844c17e498f6457aa642ebbd0aaeabf127b8f8fbdc2e28ff7fafaafe3016603461f256d7fca690a8643b9697800b3cd59e09ecae48baabccb63cad4a627f6bfba0759f1c186977e9698e6fbc16ec9d1c95ca8e2e075a1eed3ba6223e4df44be7da59a444715a78fdb90a1645c069ca0fd1609b7dce29ffa11f17266c32856f9ebc853c0c7cbbbd82667a5106b5b63f5328ae9d653dc5dd53194988f0e421db3851eee53c557e40a7ad293a22ffd3445d296347cef4187aab3c9c3c2a8e40be66919c30cef3de8125f3cc7342a43791cf1b3b117af99b04e0fd8170f17f4ba25bdcb24965501025188a430df86239d369a6e2c9245e914fe4be3a1eb48e22e2e1c72caeb4b0d1b69e8a817cc7ddf644d33e56ae32215604f267a80754619440ddb3621280a4b388c14ca19dfd398d744977849247d0bbc55d5a54ef062ad3cb3689168b28a0981946fa01737e081101b9c571d0ec4e5775159daccc110588fbd35bf6f0d55f99da967a3d3db1999e158958d7ce128571efaabc09c1aa7137c35f3edf7cfff386a79ba5acfa974366c442207a39ce67afc8469c2ddc6f45413dd654d9f59ae7fd31115dfeccc43c27bbcffab119106735b7782f9694a3e30159aee341f04540a54443562cafad5cf3336c6e900332b053d7c93bab45d8846cb5b880e11b979c13dfea06267932d89e258ef30768ec2ce1d7b020609a5ea6ad9eda78219542567029d1d4d2ffe797b7f95f16b8f599390b0b630decdc6e17593b7e4992d48e62c27cca2e423eded85cd4b436065496984d59044d38f317d0ba649837e5377ab3793c3f66c0509eb37ba365c94273b3cad97c5f607bcd312cdf3c8605dd5569e293d21c588969d7bfb17a228b53f2cd0387995945253c6ec8fad3777cafafcbb9151a54e653a142b5ad0c62682b8ec4b99f525dd853f75c17ae6264b7bf975138de9932d40be9f35ce25dd2a1e307fcf506eb6db8803c19b9880f96299ef58a6bdf32708346db540dae112b0f7ebfbe6f3f46635b7d98e232cc91eff2aa9c7fed6dd53d448db2fb8fc4c0dd661d47585c7966f9338f165e53b3d7777dd844be6a6c8885d95b839a32ea0bc83ec0ef8a5bd11b666d11fd8e27561d8afc4686e978ba31ff2f812f81a6a82956b95a0cce2966a37a4b9e33bd297ab8b1667f6ca5a6be65e4485a305651a4230b7a010a960b035dfb7a8474dec1965c6a9177f62484817807e0dc43ab2770b27adcb40f76c0e78639c55fdecb6c008f2e859ed496818b48e5fbe32376fb3c434afc0ff780867e7374a8d659cc1580e49678f4542e5cd3e54d5f4bd1ff6d186827d588ace5a8adf437dea11def7b57b6b8c992b86695d09c65aaf532d6b8cf12686df8b07bfb5a8aef7944f04c8bd00d500b8b7eb24516dbec0f5514dc48f70eb26a2b78042fb6b4726a20fcf73ccc9a14b75bb82e558e8bc4f7ff5453850f83d12896e9abf322e5b81b6efe679c8c98ee092e06302f9f1472931dbe5a815ac38b1bff79363c4f846caa755ab3ed5b60a938d5f1a9e10950aaa0c5d10c5c4f09abb8ce6b98867e6f8644e3b9d603f07f9c2d1044600635d432ce796b0b96baf572238711302f8fe486f3bd4b5a0463eefb0cb04271393cb1b47b033db62840b4c535da356de3db90961deefbf43060d57b303489aaf9c3bed935f8750d47b8e6aed8eba71f08d93246c92c7cfddea99f6e052bf18e787aca4cc04779dda1f67a420cbb5fbcee2f2ae28be664fad18b478e171dc3699116ae71421b86a5fa9732767c994f38519874b33f07b12b8baa5bc672017cb1e2c8e8897e541358da9a9e3bf8bf57ad3541fb434534190ddb95a5ad701e20548b269268fef7c20c15adb8a86dc8ed756f760370ef2bfff1261349b535b77f67a4118dc8f95c70e977ae39c7c77f2d4e2248028439b72325c033c68684fc8dd6050f0449e2c87debc00fb8bd5d1d9b9f31219b4243cb089362b345f2b9aa7089eb618e1407223ef1022dbaa856197f6cd8dcb7fc53afc16731e0f21b45a17fdc2c49bfd9f14e454c98536c507c3aca95ad57be395ea9d737a4a3237825cf102ca080e013230cd7a46e91237b2214a2b175ffb390ac9f12e5dd3124ffe1e152e148371425c6ae5c603715d5439e0f9e49e8048b56489ce79c26df2dab6ad0c8ac0b37e5d4fe10061f44f3d2314e1ee6245ed600c62a9c448faf905267cdb125ed7dd2a7a539770bd1ddeefd13a521991cae16160cadef434edc23fec333ec7b328c4a6213c5040848e835c6b3e0aebcae1d5884f7e8f654adb512c2f0227fae83ddae0dfa848e0ba9344404ef1d6da880f8eac71fb7e02f197859fdc1ec634dca3f46932e5f022689ed253e60f232e1acd96fce398961d62c4d63d7f37d48c26175298658c224bc1db73b8baaeab139065a9bd004bcaa24493c17f09961c09bd0cb828a8cb3cab56df2991646ff370040bc8507d3d16e66dc075c8d302c6586dbee27b32f93ea563a2692f65ada174e35bcd8cd3214c1a38cc00c90067828b9980da7dec04fbeaa2e550c8d06358ab446853e7daf007b0de5c9e361d75c40ad5f9f2923c10ea479e5852ad35f232d6d141ca7b4328c9d72dc5c247d1431688b2a325d88582733953ee50f997a5d8324cdcb01fda11a773093f344fb38b55c5f9e7706e1024cfb4f2e47544ebbaf792de3c4d8f1522e9d9ce73fdaf1740d3dc134a78b53c6167aec45c730016b8ad9d9bc4042b6835a5ff34c9d36da7418719a86be6637c896fa4a4eda862a9e73ab97e5a977aebf0fe64a7d507dc210a677873e155fe4b2cc3a96e558f4d54db6fc5fcdf166c4cd58bb5d1721378ccff170c0eba14b990ef610606909c205e34aabd15eb7a60406df5451871b18ae3cfb5af37b7f7bb2be80590d3be02c5d0c4143be66efcbe13c6927f54ed27884b3d6a73e90516552a0bbd81f7c76ed5f84ecfef2225e52b9cf6021895716aa29b540750eb64b31cd7be1e9fdaaf132681b23cfb2742fbeb4d1f40fd0bb1d13ba044b252f2f04b0d5fcb121977486c5754a569b81be7577cc0c9e918affbf9abc1b6dd567aab66b7e2aca396e79d53ced9695a65a704bbd9700b55ac8c968c5f43557060c6507a3557c8762a7dc8263eaba22d51fb7df435e20beeaa700609d774d1e212e7493b672324e1a907fc1546cdf7d4ff88029dd7e9c92fc530e3f55b6c1b103c69f14859524d07e454a3c5f987e01d21d9a5a6f842370cc3dadcde1b5822b0d0c47883dfee62b9b7209c3a7c399ed34604e164f806e68a5a24a53d0c5beccdc1389e87a5894061f95e7e8e8bf84ead6e7fb155938230f22b426d9041e8bea72dae14911824db9b65bb0ea0d0404cc8fabcb8f1863e13c8475beb68138e043dd67bf1b0d7e038f9f3d25c8ab1a52173af6b46d8260d677bf066058e89dd18b03fa20e79938dab01876102992f9df49dbe983526b9e0bc83c15cb9d52511eff20d18dcdd316bf334b98aed9024051b87bd3d767054470f4b7f59a207e9b9f17827497bec146aa1b0d18ef54ae5927c64b05f34c8508a0cfea02cf59b3c97a1d3e83a00b7ca495167f411b3f41c1409a8ac007e1cb08ef83c4cbe38117d4b1ef9b58dc0092371b1dbb1a1834f780282dc2f3b6bf36fd0dcc7619c28785b76910757376adfb014ca9ff8bfa3e291e7cba2caa05efad48b1506337b61f74b7b0f4abc18846af682f34708bbee9dee76837bcd192876d1861a20b3e77c9984aff5ebf0a2a4741d6e43b4ac056ea138e79230144578bfd4ae82b84ed109e4d5ff0f955ca481ac0231cae963b7d4db76d89d07e265973a16899fb3a6f8dba53473954589134b520e680f4c5e707fd056e75edb194004b81a40bce0407b6c294078b77e8abd8873c01f6918b2c7c6095c9f23b9841e90e8acde53ba60cd78911cac6fc2ef6bb5fcbb0d3da3e63d70b47495f2177afce5da37c59efde49aae133761847a6f0c8aa374790522ba04d466bd1f7860f53371f5eb2f506c5bc7bb6ab449e4a5c37866c31684b285cf5da17f36434b809f69c542c989449fd0eca50f5eacf8080cbbe8b84d1183095ae7416b8f2b98311451cf7cad2d8fb721e589f9e611376430359cf855444fd1415011e8c313834bf0e217ac7b03f8add941427b0d15b56378b2cd1e3925008c16cd5f95dd149c7e050e0a153e4333e63bd14816b4357fbaa5f706af6ee225057eb599bbe5714c9ff23204d1902230569839d8836e6b2525570b00eca8534aa0c29cf62dce61ec66d9c195be81279b698ec8565fd6754f636b9288247657efdb2b6356a82f014a1e6b24926fdd67810ef0a01295c664980f2057ca17362b0a5888c23ac21842f931a7d57cdeea73c4848c6c1cce20be979faa611f86509ce031fb4102a0fd30bea4f4f840c75d238362a2c4f8de16e81733ca90119f8c1ae148b184d0b113685594088ad8a947455dcfb782f8beb69e255dbed46ae2ee6f094168a52501fc68ed669fac390cd9320ba16d69c86d6f642aea836bb1d7c14593f15d8d33d452d8c87003d7ada1995e2b43f788b4ab00ec6f58869968f098218a3ca21a6f369d47a14cd3de7de8357902e8ecfb5f2e6beb5d3d32a6a6224fe3d6dc5c06eb117af0ab396acfcae58b2b1b9981cc71cc1cde07491b6b6d97e04c10ff216393dd28737d31c8f2cc9ebe161b96d407088b2bc456c331b676a0d7dca3df7f7080697d154fa14f351fd467e30b4ac3f4eb7b4adfb173ff20594cfe539c775c4275795d54782bae4b59cc64a45740ff73d21f5d6cf39e10bae4fbc48ac7799023796d7408ff9220a07a49552b18c5e35f98082297d2b4a0932e4d224c6807d49bf9b5de2eff1a8130da56124ecb5509241fe95be11eb0df066f5f819bc7db0f1ee90ea0aaf4ca4458ae7b5105d574de028c82714ad0d53bfc8ffab31c57762b38e433d6991d83ba5616162e27e8ac122c145547c4abe18260c6d32c755a44390ed41241ef375e1f5a4311263881a02dae71f837206413fc37ddf40a9bb72256d1625ee0b94c1c5715809bdb24224cd0698a5802a83e2328dfa22b80e31b9a5c7dc2fe0c68545905368806c308334c194803eed4a24a96bc5021b837a293dde7ba22b9ed27369b3584deda6489bd1b3fa2925beeacb7d3be367fd014547f82b4561c0120978b6ec2b32ac2634589b819a2c94fd20c081fe9eac7b0745f73a1981e21b05b1bd97a9a1d7218c0e6d0e473e15a1a7465cea98ba0c72af2f270b6a61bc51d1a0a9603b91fcdcc7314fe7aa007ecffe6c7eebf5a65e82a96325e86f9aec39feac6eee9501495c74000ec1f0923e79ad1fbf6dc581539047537794151473e00be353b3b8dbb6da0053826c7bdf16c43867cc9cab9d1220466ca29ef2d6172c4c0ff9067eba9d9775225efaeab1b8c634b4001d2a5c01628bd5550c4573fa017afa3f501f1a6b7d7a483dc0885ab9c2ee959a596ffbb68c7ea99e48f4304697edf7fdba5567735ace3433c15aa59863f87e4605206a31ccf268588de7ed37fcacf6bde80c68ad53de63feb4399cce137c5776abd15395402af07250938aa1c466511bd5754f9cf2f938faa37a683996c801c8fc8aae36a706c5d6e2d36e96ab77eec817ce4d56d2bcf5a43702a883b127a1da8b6ceae1b82573a9e9e9e297560f8d65a1f5fd4bf3d45af0841e691b6e637bd8b9f7c8e51b813b818b0baf2d9c5c9d116781d327b4b43309c7265612089f1dce60a41fd0aff4bcd1335d696f01cee7b371e13584c731a3c3ef7e1b9f3f41f91c4dc647b948c93a99c1ae79f5f530c68c3cc28bbd", 0x2000, &(0x7f0000003840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002440)={0x78, 0x0, 0x7, {0x8, 0x2, 0x0, {0xfffffffffffffff7, 0x0, 0x3, 0x8, 0x802, 0x0, 0x800, 0x0, 0x0, 0x4000, 0xbca4, r4, r6, 0x0, 0x6}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m7.936670168s ago: executing program 4 (id=118):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES32=r0])
socket$netlink(0x10, 0x3, 0x4)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r4, 0x0, 0xa888, 0x10040, &(0x7f00000001c0)={0x11, 0x0, r3, 0x1, 0xd8, 0x6, @multicast}, 0x14)
r5 = open(0x0, 0x80242, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, 0x0)
socket(0x10, 0x3, 0x0)

3m7.684114322s ago: executing program 4 (id=120):
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001600)=[{{&(0x7f00000003c0)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f00000009c0)=[@hopopts={{0x18, 0x29, 0x36, {0x6c}}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @empty}}}}], 0x40}}, {{&(0x7f0000000b00)={0xa, 0x4e23, 0x9, @local, 0x8}, 0x1c, 0x0, 0x0, &(0x7f0000000cc0)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x4, 0x0, 0x2, 0xeb}}}], 0x18}}], 0x2, 0x4000)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$netlink(r0, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00', 0x46})
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x800)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r4, 0x8983, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0xd})
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000ee43f6642531e0800450000200000e00000bcb5f33d87c18b6800000000004e20000c907861100000"], 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'pimreg\x00'})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_emit_ethernet(0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="acaaaaaaaaaa5b06fa5323043bef230000000000000800470000100000000000001800004e224e00"/54], 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50)

3m7.603002967s ago: executing program 32 (id=120):
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000001600)=[{{&(0x7f00000003c0)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f00000009c0)=[@hopopts={{0x18, 0x29, 0x36, {0x6c}}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @empty}}}}], 0x40}}, {{&(0x7f0000000b00)={0xa, 0x4e23, 0x9, @local, 0x8}, 0x1c, 0x0, 0x0, &(0x7f0000000cc0)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x4, 0x0, 0x2, 0xeb}}}], 0x18}}], 0x2, 0x4000)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$netlink(r0, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00', 0x46})
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x800)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r4, 0x8983, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0xd})
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000ee43f6642531e0800450000200000e00000bcb5f33d87c18b6800000000004e20000c907861100000"], 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'pimreg\x00'})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_emit_ethernet(0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="acaaaaaaaaaa5b06fa5323043bef230000000000000800470000100000000000001800004e224e00"/54], 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50)

6.671751494s ago: executing program 1 (id=1419):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.815599734s ago: executing program 1 (id=1428):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

4.902380587s ago: executing program 1 (id=1442):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000440)={0xfffa}, 0x10)

4.83704932s ago: executing program 1 (id=1443):
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000001400)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x20}}], {{0x9, 0x5, 0x82, 0x2, 0x20}}, {{0x9, 0x5, 0x3, 0x2, 0x8}}}}}]}}]}}, 0x0)

3.987148899s ago: executing program 5 (id=1455):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup=r5, 0xffffffffffffffff, 0x6}, 0x10)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

3.594834212s ago: executing program 0 (id=1457):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.501405828s ago: executing program 2 (id=1458):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.956792939s ago: executing program 5 (id=1459):
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@remote, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e21, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x7}, 0x70bd2a, 0x3504, 0xa, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_ethernet(0x1de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a601a80000fc020000000000000000000000000000fe8000000000000000000000000000aa22340502c9a431"], 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYRES8], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

2.898610302s ago: executing program 5 (id=1460):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80000, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000740)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e0, 0x230, 0x12, 0x60a, 0x0, 0x202, 0x338, 0x2e8, 0x2e8, 0x338, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @mcast2, [], [], 'veth1_to_bond\x00', 'xfrm0\x00'}, 0x0, 0xe0, 0x208, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x57c, 'system_u:object_r:file_context_t:s0\x00'}}}, {{@ipv6={@private2, @loopback, [], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39e}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440)
mmap(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x3, 0x20132, 0xffffffffffffffff, 0x986c6000)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r2, 0x400448e1, &(0x7f00000001c0))
lseek(0xffffffffffffffff, 0xa, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x1a00040, &(0x7f0000000c80)=ANY=[@ANYBLOB="757466383d312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303461612c747a3d5554432c73686f72746e616d653d6d697865642c636f6465706167653d3835322c696f636861727365743d6370313235312c756e695f786c6174653d302c696f636861727365743d63703836312c757466383d302c756e695f786c6174653d302c757466383d302c757466383d302c005ed4a338bef3e79ebeeb0dea20ed716e2652f036e76f36af1d77148ac9e99ed844e242770e1a7eee5b41b85f7d7993a9158992a042867549bc8e597489cb14cb3e71653312b7094940d35261b0b10d3305a832c47c8d2e864409a82953ca00605e547b67bb69e887b65c987fc112313cf7290594bc4d91e58b09bfa583e4392b695873732e75f02c50d167eb5caf09e888d1f7075337d4dfd52a32d9ba13b879b7aa285cf8eb6801afd8542606c8"], 0x3, 0x350, &(0x7f0000000900)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x7c, 0x40}, {0x6, 0x4, 0xff, 0x3}]})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f0000000100)="c6", 0x1, 0x8000)
write$FUSE_NOTIFY_INVAL_INODE(r6, &(0x7f0000000240)={0x28, 0x2, 0x0, {0x5, 0x0, 0x6}}, 0x28)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffe82)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="48000000100039049b3bd41fc8c640c0fdffffff0000000000000000e8a6dc187faa1be2d8542f64b701a89856c470443e560a8480dbf8e03582173afc830b3d206fc7026ec8800d5327db01293062e4fb76bcef0f0305009e4c6f23d0ffac8375628df9f436981fa800906c34286934878e20fbf07a1358527cdf31b3a30e5a6531ec76820eb03907b9116efd2820a1877ebc14624be9289f7fe10ca007b77ed0fadf3dc896ca597f732fdc97c155dc23f12f808cf614ed2172df1cc2d316e3427a5659107027824f01a2adfcdbbf12ff24aac58962196d7458e227428e74e1e5ae3bb4e5e4e46830ce8fa83f25e1e613818eafce6236", @ANYRESHEX=r1, @ANYRESHEX=r0], 0x48}, 0x1, 0x0, 0x0, 0x20004890}, 0x80)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0)
ppoll(&(0x7f0000000140), 0x1c91819c2d4b4339, 0x0, 0x0, 0x0)
ioctl$FS_IOC_GETFLAGS(r7, 0x5437, 0x0)

2.855709945s ago: executing program 1 (id=1463):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4)

2.800979608s ago: executing program 1 (id=1464):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="6dd2c605c6a41e2a42fdb3fa200e66fdffff02cf947f54b6f610212d1606db40e8268599796eaa9dce31ddb8fd71fb5336540b78a9d82da8ad2a3621636dc531910fb699d2b910172da41602aefe1495090676c0c434e1ff7405b09654b2d7f7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000140)={0x44, &(0x7f0000000440)=ANY=[@ANYBLOB='7'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

2.358215123s ago: executing program 0 (id=1466):
r0 = socket(0x10, 0x803, 0x0) (async)
syz_mount_image$f2fs(&(0x7f0000010600), &(0x7f0000000480)='./file0\x00', 0x3004050, &(0x7f0000000000)=ANY=[], 0x3, 0x1063a, &(0x7f0000010640)="$eJzs3L1vW1UbAPDHSdOvt2+JEAMLcCWElEjYqtMPUaYArVokWlV8DAghcGzHcmv7RrGbmi6IgQ0xM7KwMfCxsSL+BxYkFiQGJiQ2pCLfc1M1pUCL24Q0v59089xz7vFzn+N4OffaN4A9az777ddKHI1DETEbEUciiv1KuRWWU3g8Ip6KiJlbtkrZf7Njf0Qcjoijk+QpZ6U89NbPz58//cG5Dz/+5scnV7/49vOdmzWw056JiP5a2r/WTzHvpHi57G9sdIvYP7FRxnSgf6Vs5ylea68UGa41Nsc1ini8k8bna1eHk7jaazQnsdNdLfrXBumEw43OZp7iBZcb60W71V4pYneYF7FzPdU1LuP14SjlaZX53ivSx2i0GVN/e9xO81m7UsTmYFT2p7x5qz2exI0ylqeLZt5rFXWs3OENvDF71+/1f9kr3cHVcbbRXh9280F2slZ/rlY/Va2v5632qH2i2ui3Tp3IFjq9ybDqqN3oL3fyvNNr15p5fzFb6DSb1Xo9WzjTXuk2Blm9XjteO1Y9uVjuPZudu/hG1mtlC5P4YndwddTtDbPVfD1Lr1jMlmrHTy9mT9ez1y5cyi69evbshUuvv3PmzYsvXHj5pXLQn8rKFpaOLS1V68eqB2+fz4FP9tT8l+qL0/3/x5Wt7SduJJvt5enS87Cr7HQBALuP9T+wE6z/p1z/PyQewPo3i4hds/795/m//30auTfW/3BPfH4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPasn+a+Pl/szKf2/8r+/5ddj5btSkTMRMSNO5iN/VtyzpZ55v5i/NxtNXxXiSLD5BwHyu1wRCyX2++PpGMAAADAvfvhq8/eTqv19Gd+pwvi3zp01yOzm3vpos3MkXfvUw2ViJib/+U+ZInyYlM8Nn1VyeTzvS/GU2bZrK24gHVw+qqS4pLbvvuV7a7MbgkHbwmVFGa2tRwAAGBbbF0JbO8qBAAAgO300b0M/jI+fXCV8EDdfk+vuJtZfhe//AL/gRTKG4KHtrQAAACAXchP6gEAAODhV6z///75f+OW5/8BAADA7pae/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwB/s3Dtu4kAYB/CPhxf2pbVW23CbLbnESnuELbfMIbhCehRK6hwjHelyBAQRnokUQ5CS2BgR/X6SPcwAfz5LNDN+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJzSfbGY3t1c/2kQcbXbbbbNtHdEAAAAwL5VsZhWL8rU/5rHv+ehn7nfi4h+RLw0dx/Ep1rmIOcURz5f7NVwG1El7H5jlLcvEfE7b+sf6T0AAADg7ZbzySzN1tOuPHdBdCkt2vS//W0prxcRRfnQQkrkxab41byqZPf/Hsb/hilPtVULWOPmVSXVktuwrbRXGdSa8bOml5p+p+UAAACdqM8Eup2FAAAA0KV/5y6A86jOZuZr8fMF/KPU5BOCn2s9AAAA4AK5pR4AAAAuy/odk/nqK57/BwAAAB9bev4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp7QqFtPlfDJrmrPZHogy4nD0iHaOBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCR/XlHgRAIgzDYu74zmfsfVho0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODN7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhfvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQhiAAWim89Od9P6HlYA9gwjvQUtC6KIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPNHrOhm9PqutMo4k37aZ5Ne54d+pYUvybtj7YN74EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GTnfkLjqOI4gL/ZzW7/gLjGGCQqVmyqIGazG1roRfAgBA/qwYvHNN3U2GnUNoekBCQXb169602wKOTSWz16sedC8NAeC4tU6Lky/5pJTGIKZnbTfj7w9v06HWbeewvLfvcNAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJv+++FUUdeTl1ZW1/Jjdx6sze/WJ+4vxWNJS+qo2mEfOS/n/Sc3bnxWXsNofHBjAgAA4OlTL/J9COFuY2M26WutNP9PFuckmX/tuawu8vxe+f9Wrz1W5P/NiY/fe3yjVnafRghhYTHuTVc2w+F2OnTTvnNv86/yGu487/n9LlLfKqPsF5p6+rbVPlx/sd9IVz367vbtD5ppeez/nwUA8KSmij4viu9HSd8Z5MAAeGqN5C2U8n+9NdgxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFShvx7eKeoohDAxslUn7jxYm9+tv9Vrj91fitO2+fvNVvmaySUaIYSFxbg3XeFchtnp0E37+Lczr5bXcOd511avX56L495VxaCKR99kb8WwjEdx8CL52BqCYRxGUfUnFgAAR1kjb8kX5LuNjdnkWDQawqMftuf/t0p12Cf/F9k/aa+s9M+U71XO/53KZjjcivy/Ef2yWl7Dnee1l6981b62ev3dxStzl3qXekud82fPnTs/05mZbqe/p7T9qgIAAECmscuxZt7K+b82+u/9/5OlOhww/3/642vd8r3qz2z+P7Hn/xT5/6ULf3b3y/9bm36HOlAAAIBn2gunHv4d7XI8ajbDytzy8tVO9vr4393sdQBDfWLH8lbO/8dHBz0qAAAAoAr99Wjb/v/FUh3+Y/9/bOWntN38durr8jXr+U74wmLcm5r/Mr5Y3XSGVrH///DziT8Otv9/eMUApg8AAEBFTuStvP/fSJ//r71RnFMLIbz9ZlbnfwZwj/z/+rbn/ye7Z38u36v8/P9MhXMcRrXxbD2K/H/5wveTe+X/9NzxEEbGBzRYAAAAjrzjeUvy/73GxuwXv578qOn5fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4h/25R00gCOM4/O4kIQmkyz2WfJxBBCvBxsrGDxAW9gwewAvZWNkuXkSvoKiztZWsxfM0/18xDDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8PROd0+8REQRqc0UabD6PrxGxFukddP03q9ZbI77+uOWo+1ueMnxpP+Vb/mM4tFfAQDoRNlujsWymv/k/c37l/c/bzmtq1mXjwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADizAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgWAAAAABDmb51GxwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMFYAAAD//3eIiHE=")
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
fsetxattr(r1, &(0x7f0000000240)=@random={'osx.', '^\x00'}, &(0x7f0000000280)='f2fs\x00', 0x5, 0x2)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240)) (async)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000370401000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="890c040000000000200012b4266f8f44588009000100010001008900000000000000000000000079c6df98cbce8b7e5a00ad45c7e39fa8bd4c47281817007444f0c9ab3d93d98fb5f5be73ec869fa377a6f20025cf26460079000000000000000000000000000000059ea52ca9aaa9b8e7bb37502214468ca4a7cfdd8184a3ecf1942eaedd4f7c31a38be1b19b094dd4d0197a0d3d104e451955932f0b563f3ca7da0bee035df9142354e7c9db864f872e1a9ef900b0c6966a68f18c8da00a6c2d355f"], 0x40}, 0x1, 0x0, 0x0, 0x44801}, 0x0)

2.011835223s ago: executing program 2 (id=1467):
prctl$PR_SCHED_CORE(0x38, 0x10000, 0x0, 0x81010000000000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x808080, &(0x7f0000000000), 0x2c, 0x525, &(0x7f0000000100)="$eJzs3c9vG1kdAPCv3fxw03SThT0sCNiyLBRU1U7c3Wi1B1guSGi1WqRlTwh1o8SNothxFDulCZFIJW5ckajECf4EDkgckHrizg1uXIoEUoGKqkFCyGjscZo4dhM1cdzGn4808ps3k/l+n6V5L37+8QIYWlciYicixiLi04iYSusz6Rbvt7bkvCePthd2H20vZKLR+PifI+mZ2wvt89supdfMRXyU7I93iVvb3FqZL5dL6+l+oV5ZK9Q2t64vV+aXSkul1WJxbnZu5t0b7xRPra1vVH7z8DvLH3zy+9998cEfd77x4yTnb7UOjSVtO7VA+7Sel9GY3FeXPHMf9CPYAFxI2zM26ER4LtmI+ExEvJmW9+QGlxMA0F+NxlQ0pvbv95Y5xjkAwIsvec0/GZlsPn39PxnZbD7fnMPLvRYT2XK1Vr92q7qxuhjNOazpGM3eWi6XZtK5wukYzST7s83y0/1ix/6NiHg1In4+frG5n1+olhcH9U8PAAy5Sx3j/+Px1vh/DN4hAICXmZEcAIbP4fF/dCB5AABnx+t/ABg++8b/bt/VBQDOoVzHd/8BgPPvyPn/1+MnPzybVACAM+L9fwAYKt/78MNka+ymv3+9eHtzY6V6+/piqbaSr2ws5Beq62v5pWp1qfmbPZWjrleuVtdm346NO4V6qVYv1Da3blaqG6v1m83f9b5Z8sUCABi8V9+4/+dMROy8d7G5RXstBx8IgHPPbQ7D68KgEwAGZmTQCQADYz4eyBxxvOdHhO71/puLJ8gH6L+rn+sx/9/tf4O7e6X/Nc4uRaBPzP/D8DrZ/L/ZA3iZmf+H4dVoZKznDwBD5hiv4H1EEM65537/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYZHPLZPPpWuCTkc3m8xGXI2I6RjO3lsulmYh4JSL+ND46nuzPDjppAOCEsn/PpOt/XZ16a7Lz6FjmP+PNx4j40S8//sWd+Xp9fTap/9deff1eWl/sGmC8/20AAPYZ6axoj9Ptcby9vu+TR9sL7e0sE3z47dbioknc3XRrp95KPhejETHx78yBxmROaWHinbsR8Xpn+7N7x6fTlU874yexL/ctfjRbOHkgfvZA/GzzWOsxeS4+ewq5wLC5n/Q/73e7/7JxpfmY3n+Zg51pLn52uHN9Du3+b7fR2f+17vePLueafU23/u/KcWO8/Yfv9jx290Lj8yMRu4f63/aK0LlmqVv8t7pd8KfffLzRUfWXL3zpzV7xG7+KuBrPit8qFeqVtUJtc+v6cmV+qbRUWi0W52bnZt698U6x0JyjLrRnqg/7x3vXXund/oiJHvFzR7T/q70u2uHX//30B19+Rvyvf6Vb/Gy89oz4yZj4tWPGn5/4bc/lu5P4iz3aP3Ig/tiBv0vqrh0z/oO/bi0e81QA4AzUNrdW5svl0rrCSQu5fl350gvSQIUehb99cuCeGng+p1IYWJcEnJGnN/2gMwEAAAAAAAAAAAAAAHqpfT/9yb8+fhlu0G0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/Pp/AAAA///RQMtW")
truncate(&(0x7f0000000900)='./file1\x00', 0xbf39)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x30, &(0x7f00000001c0), 0x10}, 0x71)

1.978025445s ago: executing program 0 (id=1468):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f00000001c0), 0x60000, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x12, &(0x7f0000000240)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x48ec21b5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x7, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xe7}, @generic={0xf, 0xa, 0x2, 0x2, 0x81}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x4, 0x9, 0x885, 0x84}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000380)=[{0x2, 0x1, 0x1, 0xa}, {0x4, 0x2, 0x4, 0x7}, {0x1, 0x2, 0xc, 0x5}, {0x5, 0x4, 0x5, 0x7}, {0x0, 0x1, 0x2, 0x9}, {0x5, 0x1, 0x4}, {0x3, 0x2, 0x6, 0x9}, {0x1, 0x2, 0x4, 0x3}], 0x10, 0x4}, 0x94)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000004c0)='syz1\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000500)={r3, r4, 0x1, 0x0, @val=@netfilter={0x7, 0x1, 0x5, 0x1}}, 0x20)
socket$inet6(0xa, 0x1, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x88, 0x0, 0x0, 0xffffffffffffff88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000a80)={'bridge0\x00', &(0x7f0000000a40)=@ethtool_rxfh_indir={0x39}})

1.433986557s ago: executing program 3 (id=1473):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x1000000, 0x0, 0x48, 0x18, &(0x7f0000000340)={@flat=@weak_binder={0x77622a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

1.38503713s ago: executing program 3 (id=1474):
syz_open_dev$tty20(0xc, 0x4, 0x1)
bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4)

1.38465495s ago: executing program 3 (id=1475):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000440)=',', 0x1, 0x4000, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000000c0)="80", 0x1, 0x40801, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x5c, 0x3, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x489}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @local}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000003240)=""/4106, 0x100a, 0x0, 0x0}, &(0x7f0000000040)=0x40)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x5, 0x53, 0xdffff038}, {0x6, 0x14, 0x2, 0x147c97e8}]}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000005c0)={@broadcast, @multicast, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "d172f5", 0x10, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, {[], @ni={0xc46ee13d8e75c188, 0x0, 0x0, 0xc2, 0x2, 0x9}}}}}}, 0x0)

1.152850223s ago: executing program 2 (id=1476):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.067994928s ago: executing program 0 (id=1477):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="76ea090000000000119ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.0290283s ago: executing program 0 (id=1478):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000780)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018120000", @ANYRES32=r0, @ANYBLOB="00000000000000006100100300000000180000000000000000000000000000009500000000000000180000002020782500000000002020207b1af8ff00000000bfa10000000000000701000000feffffb702000008100000b703000000000000850000009e00000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x4}, 0x94)

851.38116ms ago: executing program 0 (id=1479):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

787.452164ms ago: executing program 5 (id=1480):
r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x30, &(0x7f00000001c0), 0x10}, 0x71)

776.417335ms ago: executing program 5 (id=1481):
setrlimit(0x2, &(0x7f00000000c0)={0x2000000, 0xffffffffffffffff})
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffe000/0x2000)=nil)
setrlimit(0x5, &(0x7f0000000100)={0x10, 0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x8, &(0x7f0000000100)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x4, 0xfb, &(0x7f0000000400)=""/251, 0xb6df4c32c1d5c814, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

724.702667ms ago: executing program 5 (id=1482):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x3}, 0x1c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
io_setup(0x2558, &(0x7f0000000040)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000011380)=[&(0x7f00000101c0)={0x0, 0x0, 0x0, 0x7, 0x7, r2, 0x0, 0x0, 0x1, 0x0, 0x3, r1}])
io_submit(r3, 0x2, &(0x7f00000006c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x1, r0, &(0x7f0000000400)="cd8380dc1dadf1bff95f8fa430a38c552a82f06e11bc9e15cdebdfd0e8c2f5424fa70def10cb9773f86ffb6d479f5d3fe9d9959d423d2db070da2931cc2f6d15fc5a1c2f0ddaf452595911194d524f28ba8325904ccd4bcbe7bf77f772415774cea88da5bdf3402db4faf957f23a5db39d5916706d299b5149281c7dd77ee869d838bf6bcf78bcd69cd9cac3", 0x8c, 0xfffffffffffffff9, 0x0, 0x3}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff, &(0x7f00000005c0)="8a9205da0ea534e88f75be7c4145e5652cd930b4af793c43609e4b3b01d514a859ed55bf32241f0a24e136f9f16dd0cdb9dda5f1e643fb32fafb43f071799480310373ce9c4cafc9637b51bbb751b52fea371da2627c906a9f4a0ff8cdf1c59eca0cd0c80a99e1fada662e63cf5faca9fefdb5ad3c94706f88b2993a990d16e733f47978df99751d687de9f23e1b570f453a56e537bbf8a55b3fccdf5b1eced31dc93784725143494bd18f1af51cf99bd7e373fd335fa5c8fe1a12b36e360960179b0616104bd82bee0f01f49ac6bd602891bda88f80e0d1ba4d635ada9169470806f9d4e993ed268bc3d70deb438180f9cd314ca09255792f", 0xf9, 0x8, 0x0, 0x3, r1}])
r4 = io_uring_setup(0x5584, &(0x7f0000000100)={0x0, 0xfffffff, 0xfffffffffffffffe, 0x0, 0x1d2, 0x0, r1})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000580)=[{&(0x7f0000001700)=""/4095, 0xfff}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x0, 0x1}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000001c0)={0x8, 0x0, &(0x7f00000000c0)=[{0x0}], 0x0, 0x1}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x40001f9, 0x2, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x0, <r6=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r6, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000800", @ANYRESDEC=r2, @ANYRES32=r2, @ANYRES32=r5, @ANYRES8=r3, @ANYRES32=r1, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r7 = gettid()
timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r7}, &(0x7f0000000000))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
lstat(0x0, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x169881, 0x0)
write$binfmt_elf64(r8, &(0x7f0000000000)=ANY=[], 0xffbd)
ioctl$UFFDIO_WAKE(r8, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000596000/0x1000)=nil, 0x1000})
r9 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
connect$802154_dgram(r9, &(0x7f0000000240)={0x24, @short={0x2, 0x3, 0xaaa2}}, 0x14)

574.961546ms ago: executing program 3 (id=1483):
setsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0xd, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000240)="b9800000c00f3235000100000f300f20c035000000800f22c066ba6100b805000000efc4e1555538c4c1b1d24900660f60c50f2055660fae3a66bad004edc744240000000080c7442402f8ff0000c7442406000000000f011c24", 0x5a}], 0x1, 0x44, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009041300010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, 'a#\bY'}]}}, 0x0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="900000000206020800000000000000000700000905000400020000004000078008000b400000000908000a400000007f050015000600000005001400000000000800064000006c3c08000a40000005c40c000280080001406401010211000300686173683a69702c706f727400000000050004000300000005000500020000000509000000000000050005100000"], 0x90}, 0x1, 0x0, 0x0, 0x10}, 0x50)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_read_part_table(0x1054, &(0x7f0000002100)="$eJzsz7utAjEUBNDZz3u7G21LUASdkFMKEQlVICGRUAQhZYAwWFSAENI5gT321QQ3fFXT1TSWsz43WSQ5znXa5jTmNk+1NuWvzyHJ/+6a4fHTlEGf9ZxziZchWU7tq9E/r233zslq/+H1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAn3AMAAP//EFEKIw==")
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xc, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

246.618786ms ago: executing program 2 (id=1484):
r0 = socket$inet6(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r1=>0x0})
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) (async)
pselect6(0x40, &(0x7f0000000200)={0x1, 0x990, 0x3, 0x5, 0x80, 0x2, 0xfffffffffffffff8, 0x7}, 0x0, &(0x7f0000000680)={0xa, 0x3, 0x6, 0xffffffffffffffff, 0x2, 0xffffffffffffff7f, 0x6, 0xb8b}, &(0x7f00000006c0)={0x0, 0x989680}, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000100)={@mcast2, r1}, 0x14)
sendto$inet6(r0, &(0x7f00000000c0)="800034ca269bb23c", 0x8, 0x4004084, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @private0}, 0x1c)

180.859669ms ago: executing program 2 (id=1485):
syz_clone3(&(0x7f0000000340)={0x60861400, &(0x7f0000000280), 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = syz_open_dev$loop(&(0x7f0000000500), 0x7, 0x880)
ioctl$BLKBSZSET(r0, 0x40081271, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_mount_image$ext4(&(0x7f00000006c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f00000002c0)={[{@dioread_nolock}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0xfd, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x2, 0x0, 0x0)
r1 = io_uring_setup(0x21dd, &(0x7f00000001c0)={0x0, 0x1fffff, 0x0, 0x2, 0x381})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xe, &(0x7f0000001180)={0x0, 0x2000000, &(0x7f0000000040)=[{0x0, 0xffffffff00000005}], &(0x7f0000000180)=[0xffffffff, 0x7fffffff, 0x2, 0x6, 0x101, 0x1], 0x7}, 0x20)

108.974803ms ago: executing program 2 (id=1486):
prctl$PR_SCHED_CORE(0x38, 0x10000, 0x0, 0x81010000000000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x808080, &(0x7f0000000000), 0x2c, 0x525, &(0x7f0000000100)="$eJzs3c9vG1kdAPCv3fxw03SThT0sCNiyLBRU1U7c3Wi1B1guSGi1WqRlTwh1o8SNothxFDulCZFIJW5ckajECf4EDkgckHrizg1uXIoEUoGKqkFCyGjscZo4dhM1cdzGn4808ps3k/l+n6V5L37+8QIYWlciYicixiLi04iYSusz6Rbvt7bkvCePthd2H20vZKLR+PifI+mZ2wvt89supdfMRXyU7I93iVvb3FqZL5dL6+l+oV5ZK9Q2t64vV+aXSkul1WJxbnZu5t0b7xRPra1vVH7z8DvLH3zy+9998cEfd77x4yTnb7UOjSVtO7VA+7Sel9GY3FeXPHMf9CPYAFxI2zM26ER4LtmI+ExEvJmW9+QGlxMA0F+NxlQ0pvbv95Y5xjkAwIsvec0/GZlsPn39PxnZbD7fnMPLvRYT2XK1Vr92q7qxuhjNOazpGM3eWi6XZtK5wukYzST7s83y0/1ix/6NiHg1In4+frG5n1+olhcH9U8PAAy5Sx3j/+Px1vh/DN4hAICXmZEcAIbP4fF/dCB5AABnx+t/ABg++8b/bt/VBQDOoVzHd/8BgPPvyPn/1+MnPzybVACAM+L9fwAYKt/78MNka+ymv3+9eHtzY6V6+/piqbaSr2ws5Beq62v5pWp1qfmbPZWjrleuVtdm346NO4V6qVYv1Da3blaqG6v1m83f9b5Z8sUCABi8V9+4/+dMROy8d7G5RXstBx8IgHPPbQ7D68KgEwAGZmTQCQADYz4eyBxxvOdHhO71/puLJ8gH6L+rn+sx/9/tf4O7e6X/Nc4uRaBPzP/D8DrZ/L/ZA3iZmf+H4dVoZKznDwBD5hiv4H1EEM65537/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYZHPLZPPpWuCTkc3m8xGXI2I6RjO3lsulmYh4JSL+ND46nuzPDjppAOCEsn/PpOt/XZ16a7Lz6FjmP+PNx4j40S8//sWd+Xp9fTap/9deff1eWl/sGmC8/20AAPYZ6axoj9Ptcby9vu+TR9sL7e0sE3z47dbioknc3XRrp95KPhejETHx78yBxmROaWHinbsR8Xpn+7N7x6fTlU874yexL/ctfjRbOHkgfvZA/GzzWOsxeS4+ewq5wLC5n/Q/73e7/7JxpfmY3n+Zg51pLn52uHN9Du3+b7fR2f+17vePLueafU23/u/KcWO8/Yfv9jx290Lj8yMRu4f63/aK0LlmqVv8t7pd8KfffLzRUfWXL3zpzV7xG7+KuBrPit8qFeqVtUJtc+v6cmV+qbRUWi0W52bnZt698U6x0JyjLrRnqg/7x3vXXund/oiJHvFzR7T/q70u2uHX//30B19+Rvyvf6Vb/Gy89oz4yZj4tWPGn5/4bc/lu5P4iz3aP3Ig/tiBv0vqrh0z/oO/bi0e81QA4AzUNrdW5svl0rrCSQu5fl350gvSQIUehb99cuCeGng+p1IYWJcEnJGnN/2gMwEAAAAAAAAAAAAAAHqpfT/9yb8+fhlu0G0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/Pp/AAAA///RQMtW")
truncate(&(0x7f0000000900)='./file1\x00', 0xbf39)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x30, &(0x7f00000001c0), 0x10}, 0x71)

15.026498ms ago: executing program 3 (id=1487):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x7, 0x4, 0x25cd, 0x1, 0xb1, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x8002, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0xc1, 0x9, 0xf9a2, 0x80000001, 0xff, 0x6, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x23, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0x8, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x4, 0x3, 0xb, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff4, 0x401, 0x46, 0xf1, 0x4, 0x1, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x7, 0x2, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000005, 0x5, 0x5, 0x491, 0x9, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0xa, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x100007, 0x2, 0x400, 0x3e55, 0x1, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d2e, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x20008000, 0x3, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x2, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfa, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x209, 0x81, 0x3, 0x9d86, 0xf5c, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x3, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x32c, 0x3, 0x1ff, 0x2010803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x8, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x5, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x601, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x2804000, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

0s ago: executing program 3 (id=1488):
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, 0x0, 0x0)
getpid()
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r1, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x18}}, [], [], 'wg1\x00', 'caif0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x4, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

kernel console output (not intermixed with test programs):

blocks 1 with error 117
[  118.609595][ T2511] EXT4-fs (loop2): This should not happen!! Data will be lost
[  118.609595][ T2511] 
[  118.630910][ T2511] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.666461][ T2511] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.680253][ T2511] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.707295][ T2510] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.725534][ T2510] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.738706][   T19] usb 2-1: Using ep0 maxpacket: 16
[  118.746803][ T2511] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.747271][   T19] usb 2-1: config index 0 descriptor too short (expected 59463, got 71)
[  118.761067][ T2510] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.773787][   T19] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  118.782470][ T2511] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.801465][ T2535] loop5: detected capacity change from 0 to 1024
[  118.805783][ T2511] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #15: comm syz.2.651: lblock 0 mapped to illegal pblock 0 (length 1)
[  118.829577][   T19] usb 2-1: New USB device found, idVendor=0586, idProduct=401a, bcdDevice=1f.39
[  118.838737][   T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.853671][ T2535] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  118.866305][ T2535] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  118.877512][   T19] usb 2-1: Product: syz
[  118.881963][   T19] usb 2-1: Manufacturer: syz
[  118.886565][   T19] usb 2-1: SerialNumber: syz
[  118.892115][ T2535] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[  118.902987][ T2535] EXT4-fs (loop5): external journal device major/minor numbers have changed
[  118.911798][ T2535] EXT4-fs (loop5): filesystem has both journal inode and journal device!
[  118.920849][ T2538] tmpfs: Bad value for 'size'
[  119.123039][   T19] rtl8150 2-1:7.0: couldn't find required endpoints
[  119.135821][   T19] rtl8150: probe of 2-1:7.0 failed with error -5
[  119.165596][   T19] usb 2-1: USB disconnect, device number 14
[  119.187134][  T287] EXT4-fs (loop2): unmounting filesystem.
[  119.213132][ T2547] bridge: RTM_NEWNEIGH with invalid state 0x4
[  119.249506][  T303] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  119.439489][  T303] usb 6-1: Using ep0 maxpacket: 16
[  119.445990][  T303] usb 6-1: unable to get BOS descriptor or descriptor too short
[  119.454366][  T303] usb 6-1: config 1 interface 0 altsetting 15 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  119.465515][  T303] usb 6-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 1024
[  119.476620][  T303] usb 6-1: config 1 interface 0 altsetting 15 bulk endpoint 0x3 has invalid maxpacket 32
[  119.486456][  T303] usb 6-1: config 1 interface 0 altsetting 15 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  119.499427][  T303] usb 6-1: config 1 interface 0 has no altsetting 0
[  119.507329][  T303] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  119.516408][  T303] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.524400][  T303] usb 6-1: Product: syz
[  119.528535][  T303] usb 6-1: Manufacturer: syz
[  119.533128][  T303] usb 6-1: SerialNumber: syz
[  119.538773][ T2535] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  119.539515][  T363] usb 3-1: new low-speed USB device number 12 using dummy_hcd
[  119.546120][ T2535] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  119.720638][  T363] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  119.730803][  T363] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  119.740360][  T363] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  119.751481][  T363] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.761671][  T363] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  119.766931][  T303] usb 6-1: bad CDC descriptors
[  119.771817][  T363] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.783967][ T2559] netlink: 12 bytes leftover after parsing attributes in process `syz.1.667'.
[  119.787989][  T363] hub 3-1:1.0: bad descriptor, ignoring hub
[  119.796063][  T303] usb 6-1: USB disconnect, device number 20
[  119.798845][  T363] hub: probe of 3-1:1.0 failed with error -5
[  119.811380][  T363] cdc_wdm 3-1:1.0: skipping garbage
[  119.816689][  T363] cdc_wdm 3-1:1.0: skipping garbage
[  119.823539][  T363] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  120.518737][ T2568] serio: Serial port ttyS3
[  120.663803][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  120.663830][   T28] audit: type=1326 audit(1769189629.123:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  120.724606][   T28] audit: type=1326 audit(1769189629.153:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  120.765889][ T2573] fuse: Unknown parameter 'group_i00000000000000000000'
[  120.778042][   T28] audit: type=1326 audit(1769189629.153:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  120.802027][   T28] audit: type=1326 audit(1769189629.153:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  120.834830][   T28] audit: type=1326 audit(1769189629.153:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  120.859182][   T28] audit: type=1326 audit(1769189629.153:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  120.890549][ T2577] netlink: 12 bytes leftover after parsing attributes in process `syz.1.671'.
[  120.979857][   T28] audit: type=1326 audit(1769189629.153:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  121.010332][   T28] audit: type=1326 audit(1769189629.153:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  121.088255][   T28] audit: type=1326 audit(1769189629.153:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  121.111786][   T28] audit: type=1326 audit(1769189629.153:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2557 comm="syz.0.668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  121.240506][ T2581] kvm: pic: level sensitive irq not supported
[  121.240612][ T2581] kvm: pic: single mode not supported
[  121.246750][ T2581] kvm: pic: level sensitive irq not supported
[  121.252595][ T2581] kvm: pic: single mode not supported
[  121.258705][ T2581] kvm: pic: level sensitive irq not supported
[  121.264687][ T2581] kvm: pic: single mode not supported
[  121.270894][ T2581] kvm: pic: level sensitive irq not supported
[  121.291754][ T2576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.673'.
[  121.301424][ T2584] FAULT_INJECTION: forcing a failure.
[  121.301424][ T2584] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  121.320082][ T2581] kvm: pic: single mode not supported
[  121.320095][ T2581] kvm: pic: level sensitive irq not supported
[  121.320536][ T2584] CPU: 0 PID: 2584 Comm: syz.3.675 Not tainted syzkaller #0
[  121.325683][ T2581] kvm: pic: single mode not supported
[  121.331527][ T2584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  121.331542][ T2584] Call Trace:
[  121.331547][ T2584]  <TASK>
[  121.331554][ T2584]  __dump_stack+0x21/0x24
[  121.331578][ T2584]  dump_stack_lvl+0x110/0x170
[  121.331592][ T2584]  ? __cfi_dump_stack_lvl+0x8/0x8
[  121.331609][ T2584]  dump_stack+0x15/0x24
[  121.331623][ T2584]  should_fail_ex+0x3d4/0x520
[  121.331643][ T2584]  should_fail+0xb/0x10
[  121.331658][ T2584]  should_fail_usercopy+0x1a/0x20
[  121.331677][ T2584]  _copy_from_user+0x1e/0xc0
[  121.331692][ T2584]  do_sys_poll+0x2c1/0x11e0
[  121.331709][ T2584]  ? 0xffffffffa000095c
[  121.331721][ T2584]  ? is_bpf_text_address+0x177/0x190
[  121.331740][ T2584]  ? kernel_text_address+0xa0/0xd0
[  121.339006][ T2581] kvm: pic: level sensitive irq not supported
[  121.339230][ T2581] kvm: pic: single mode not supported
[  121.344366][ T2584]  ? unwind_get_return_address+0x4d/0x90
[  121.344392][ T2584]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  121.344411][ T2584]  ? poll_select_finish+0x620/0x620
[  121.344440][ T2584]  ? __kasan_check_write+0x14/0x20
[  121.344454][ T2584]  ? proc_fail_nth_write+0x180/0x200
[  121.354605][ T2581] kvm: pic: level sensitive irq not supported
[  121.357846][ T2584]  ? set_user_sigmask+0xca/0x1c0
[  121.361248][ T2581] kvm: pic: single mode not supported
[  121.365075][ T2584]  ? __cfi_set_user_sigmask+0x10/0x10
[  121.365102][ T2584]  ? __kasan_check_write+0x14/0x20
[  121.370713][ T2581] kvm: pic: single mode not supported
[  121.374750][ T2584]  ? mutex_unlock+0x8f/0x230
[  121.374775][ T2584]  __se_sys_ppoll+0x206/0x2a0
[  121.496077][ T2584]  ? __kasan_check_write+0x14/0x20
[  121.501171][ T2584]  ? __x64_sys_ppoll+0xd0/0xd0
[  121.505914][ T2584]  ? ksys_write+0x1f4/0x250
[  121.510398][ T2584]  ? __cfi_ksys_write+0x10/0x10
[  121.515224][ T2584]  __x64_sys_ppoll+0xbf/0xd0
[  121.519792][ T2584]  x64_sys_call+0x29e/0x9a0
[  121.524273][ T2584]  do_syscall_64+0x4c/0xa0
[  121.528763][ T2584]  ? clear_bhb_loop+0x30/0x80
[  121.533423][ T2584]  ? clear_bhb_loop+0x30/0x80
[  121.538092][ T2584]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  121.543972][ T2584] RIP: 0033:0x7fbcaff9acb9
[  121.548386][ T2584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  121.568004][ T2584] RSP: 002b:00007fbcb0ed6028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  121.576531][ T2584] RAX: ffffffffffffffda RBX: 00007fbcb0215fa0 RCX: 00007fbcaff9acb9
[  121.584495][ T2584] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  121.592459][ T2584] RBP: 00007fbcb0ed6090 R08: 0000000000000000 R09: 0000000000000000
[  121.600434][ T2584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.608403][ T2584] R13: 00007fbcb0216038 R14: 00007fbcb0215fa0 R15: 00007ffeae07eeb8
[  121.616425][ T2584]  </TASK>
[  121.660591][ T2588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.677'.
[  121.672465][ T2588] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=263 sclass=netlink_route_socket pid=2588 comm=syz.1.677
[  121.687436][ T2588] netlink: 12 bytes leftover after parsing attributes in process `syz.1.677'.
[  121.723972][ T2590] loop3: detected capacity change from 0 to 4096
[  121.766305][ T2590] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  121.795827][ T2590] fs-verity (loop3, inode 15): Unsupported log_blocksize: 13
[  122.082848][  T283] EXT4-fs (loop3): unmounting filesystem.
[  122.160220][ T2607] loop3: detected capacity change from 0 to 256
[  122.186058][ T2607] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  122.219835][ T2607] fuse: Unknown parameter 'group_i00000000000000000000'
[  122.277078][ T2611] netlink: 12 bytes leftover after parsing attributes in process `syz.3.684'.
[  122.300562][ T2611] netlink: 'syz.3.684': attribute type 5 has an invalid length.
[  122.313434][ T2611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.684'.
[  122.689501][  T303] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  122.689903][  T363] usb 3-1: USB disconnect, device number 12
[  122.765412][ T2626] xt_l2tp: v2 sid > 0xffff: 4294901760
[  122.808591][ T2628] netlink: 104 bytes leftover after parsing attributes in process `syz.5.690'.
[  122.845939][ T2634] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  122.856332][ T2634] F2FS-fs (loop1): Unable to read 1th superblock
[  122.864604][ T2634] I/O error, dev loop1, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  122.864610][ T2632] netlink: 104 bytes leftover after parsing attributes in process `syz.1.693'.
[  122.888515][ T2634] F2FS-fs (loop1): Unable to read 2th superblock
[  122.891569][  T303] usb 4-1: Using ep0 maxpacket: 32
[  122.907501][ T2636] loop1: detected capacity change from 0 to 256
[  122.913138][ T2630] kvm: pic: single mode not supported
[  122.918371][  T303] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[  122.936177][ T2636] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  122.937186][  T303] usb 4-1: config 0 has no interface number 0
[  122.955341][  T303] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  122.970325][ T2636] fuse: Unknown parameter 'group_i00000000000000000000'
[  122.978379][  T303] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  122.993541][  T303] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.006604][  T303] usb 4-1: Product: syz
[  123.011220][  T303] usb 4-1: Manufacturer: syz
[  123.025097][  T303] usb 4-1: SerialNumber: syz
[  123.039718][ T2642] loop1: detected capacity change from 0 to 1024
[  123.047105][  T303] usb 4-1: config 0 descriptor??
[  123.052840][ T2621] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  123.069777][ T2642] EXT4-fs: dax option not supported
[  123.081391][  T363] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  123.244142][ T2660] loop1: detected capacity change from 0 to 1024
[  123.253879][ T2660] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  123.264318][ T2621] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  123.271826][ T2660] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  123.283920][ T2660] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[  123.293844][ T2660] EXT4-fs (loop1): external journal device major/minor numbers have changed
[  123.303212][ T2660] EXT4-fs (loop1): filesystem has both journal inode and journal device!
[  123.312331][  T363] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  123.325886][  T363] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.337579][  T363] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.348081][  T363] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  123.362555][  T363] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  123.375663][  T363] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  123.384366][  T363] usb 3-1: Manufacturer: syz
[  123.394894][  T363] usb 3-1: config 0 descriptor??
[  123.639551][   T19] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  123.684280][  T303] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  123.694456][  T303] asix: probe of 4-1:0.188 failed with error -61
[  123.720305][ T2672] fuse: Unknown parameter 'group_id00000000000000000000'
[  123.802704][  T363] appleir 0003:05AC:8243.0007: unknown main item tag 0x0
[  123.810277][  T363] appleir 0003:05AC:8243.0007: No inputs registered, leaving
[  123.820032][  T363] appleir 0003:05AC:8243.0007: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  123.822927][ T2678] device ip6gre1 entered promiscuous mode
[  123.837109][   T19] usb 2-1: Using ep0 maxpacket: 16
[  123.843784][   T19] usb 2-1: unable to get BOS descriptor or descriptor too short
[  123.860402][   T19] usb 2-1: config 1 interface 0 altsetting 15 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  123.877943][   T19] usb 2-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 1024
[  123.888569][   T19] usb 2-1: config 1 interface 0 altsetting 15 bulk endpoint 0x3 has invalid maxpacket 32
[  123.898508][   T19] usb 2-1: config 1 interface 0 altsetting 15 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  123.911725][   T19] usb 2-1: config 1 interface 0 has no altsetting 0
[  123.920044][   T19] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  123.929191][   T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.944307][   T19] usb 2-1: Product: syz
[  123.948745][   T19] usb 2-1: Manufacturer: syz
[  123.953596][   T19] usb 2-1: SerialNumber: syz
[  123.959392][ T2660] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  123.966640][ T2660] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  124.030725][ T2682] netlink: 40 bytes leftover after parsing attributes in process `syz.0.710'.
[  124.366368][ T2695] xt_hashlimit: size too large, truncated to 1048576
[  125.081850][   T19] usb 2-1: bad CDC descriptors
[  125.087829][   T19] usb 2-1: USB disconnect, device number 15
[  125.126705][  T363] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  125.152670][ T2705] fuse: Unknown parameter 'group_id00000000000000000000'
[  125.279626][   T39] usb 3-1: reset high-speed USB device number 13 using dummy_hcd
[  125.311024][  T363] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.323594][  T363] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  125.332791][  T363] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  125.341023][  T363] usb 6-1: Product: syz
[  125.345264][  T363] usb 6-1: SerialNumber: syz
[  125.701853][   T28] kauditd_printk_skb: 378 callbacks suppressed
[  125.701904][   T28] audit: type=1326 audit(1769189634.163:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  125.704939][ T2721] loop2: detected capacity change from 0 to 256
[  125.738282][   T28] audit: type=1326 audit(1769189634.193:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  125.775882][ T2721] FAT-fs (loop2): Directory bread(block 64) failed
[  125.783646][ T2721] FAT-fs (loop2): Directory bread(block 65) failed
[  125.790663][ T2721] FAT-fs (loop2): Directory bread(block 66) failed
[  125.797330][ T2721] FAT-fs (loop2): Directory bread(block 67) failed
[  125.804241][ T2721] FAT-fs (loop2): Directory bread(block 68) failed
[  125.811011][ T2721] FAT-fs (loop2): Directory bread(block 69) failed
[  125.817829][ T2721] FAT-fs (loop2): Directory bread(block 70) failed
[  125.824514][ T2721] FAT-fs (loop2): Directory bread(block 71) failed
[  125.831244][ T2721] FAT-fs (loop2): Directory bread(block 72) failed
[  125.837832][ T2721] FAT-fs (loop2): Directory bread(block 73) failed
[  125.939532][  T601] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  125.949182][   T28] audit: type=1326 audit(1769189634.403:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  125.974604][   T28] audit: type=1326 audit(1769189634.433:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  125.991033][ T2684] tmpfs: Unknown parameter 'grpquota_inode_hardlimit'
[  126.159524][  T601] usb 2-1: Using ep0 maxpacket: 8
[  126.165097][   T28] audit: type=1326 audit(1769189634.623:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  126.532866][   T28] audit: type=1326 audit(1769189634.993:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  126.556338][   T28] audit: type=1326 audit(1769189634.993:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  126.560295][   T60] usb 3-1: USB disconnect, device number 13
[  126.581671][   T28] audit: type=1326 audit(1769189634.993:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  126.608902][   T28] audit: type=1326 audit(1769189635.043:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  126.632364][   T28] audit: type=1326 audit(1769189635.073:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2716 comm="syz.1.721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2e059a94b code=0x7ffc0000
[  126.647350][  T601] usb 2-1: config 1 has no interfaces?
[  126.661911][  T601] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  126.671344][  T601] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.700211][ T2738] fuse: Unknown parameter 'group_id00000000000000000000'
[  126.751167][  T363] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[  126.757749][  T363] cdc_ncm 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  126.765434][  T363] cdc_ncm 6-1:1.0: setting rx_max = 2048
[  126.818839][   T39] usb 4-1: USB disconnect, device number 11
[  127.117607][  T363] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  127.131608][  T363] usb 6-1: USB disconnect, device number 21
[  127.138245][  T363] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP)
[  127.173943][ T2751] loop3: detected capacity change from 0 to 256
[  127.174946][ T2752] loop2: detected capacity change from 0 to 16
[  127.188504][ T2752] erofs: (device loop2): mounted with root inode @ nid 36.
[  127.202904][ T2751] FAT-fs (loop3): Directory bread(block 64) failed
[  127.209684][ T2751] FAT-fs (loop3): Directory bread(block 65) failed
[  127.216279][ T2751] FAT-fs (loop3): Directory bread(block 66) failed
[  127.223052][ T2751] FAT-fs (loop3): Directory bread(block 67) failed
[  127.229853][ T2751] FAT-fs (loop3): Directory bread(block 68) failed
[  127.236431][ T2751] FAT-fs (loop3): Directory bread(block 69) failed
[  127.243020][ T2751] FAT-fs (loop3): Directory bread(block 70) failed
[  127.249766][ T2751] FAT-fs (loop3): Directory bread(block 71) failed
[  127.256293][ T2751] FAT-fs (loop3): Directory bread(block 72) failed
[  127.262856][ T2751] FAT-fs (loop3): Directory bread(block 73) failed
[  127.469538][  T303] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  127.549533][   T19] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  127.628203][ T2758] xt_hashlimit: size too large, truncated to 1048576
[  127.650572][  T303] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  127.661590][  T303] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  127.676269][  T303] usb 3-1: config 0 has no interface number 0
[  127.692227][ T2762] loop5: detected capacity change from 0 to 16
[  127.706934][  T303] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  127.716385][ T2762] erofs: (device loop5): mounted with root inode @ nid 36.
[  127.731755][  T303] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.745408][  T303] usb 3-1: Product: syz
[  127.838506][  T303] usb 3-1: Manufacturer: syz
[  127.844048][  T303] usb 3-1: SerialNumber: syz
[  127.850229][  T303] usb 3-1: config 0 descriptor??
[  127.899020][ T2765] netlink: 'syz.5.739': attribute type 30 has an invalid length.
[  128.104651][ T2771] __nla_validate_parse: 2 callbacks suppressed
[  128.104679][ T2771] netlink: 12 bytes leftover after parsing attributes in process `syz.5.740'.
[  128.201946][   T39] usb 3-1: USB disconnect, device number 14
[  128.235763][ T2772] FAULT_INJECTION: forcing a failure.
[  128.235763][ T2772] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  128.248924][ T2772] CPU: 0 PID: 2772 Comm: syz.3.741 Not tainted syzkaller #0
[  128.256212][ T2772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  128.266327][ T2772] Call Trace:
[  128.269632][ T2772]  <TASK>
[  128.272570][ T2772]  __dump_stack+0x21/0x24
[  128.276905][ T2772]  dump_stack_lvl+0x110/0x170
[  128.281581][ T2772]  ? __cfi_dump_stack_lvl+0x8/0x8
[  128.286596][ T2772]  dump_stack+0x15/0x24
[  128.290741][ T2772]  should_fail_ex+0x3d4/0x520
[  128.295426][ T2772]  should_fail+0xb/0x10
[  128.299572][ T2772]  should_fail_usercopy+0x1a/0x20
[  128.304595][ T2772]  _copy_to_user+0x1e/0x90
[  128.309012][ T2772]  simple_read_from_buffer+0xe9/0x160
[  128.314376][ T2772]  proc_fail_nth_read+0x1a6/0x220
[  128.319423][ T2772]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  128.325145][ T2772]  ? security_file_permission+0x94/0xb0
[  128.330685][ T2772]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  128.336241][ T2772]  vfs_read+0x27a/0x910
[  128.340412][ T2772]  ? __cfi_vfs_read+0x10/0x10
[  128.345089][ T2772]  ? __kasan_check_write+0x14/0x20
[  128.350193][ T2772]  ? mutex_lock+0x93/0x1b0
[  128.354613][ T2772]  ? __cfi_mutex_lock+0x10/0x10
[  128.359468][ T2772]  ? __fdget_pos+0x2cd/0x380
[  128.364053][ T2772]  ? ksys_read+0x71/0x250
[  128.368378][ T2772]  ksys_read+0x149/0x250
[  128.372607][ T2772]  ? __cfi_ksys_read+0x10/0x10
[  128.377370][ T2772]  ? debug_smp_processor_id+0x17/0x20
[  128.382721][ T2772]  __x64_sys_read+0x7b/0x90
[  128.387212][ T2772]  x64_sys_call+0x2f/0x9a0
[  128.391630][ T2772]  do_syscall_64+0x4c/0xa0
[  128.396049][ T2772]  ? clear_bhb_loop+0x30/0x80
[  128.400811][ T2772]  ? clear_bhb_loop+0x30/0x80
[  128.405475][ T2772]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  128.411354][ T2772] RIP: 0033:0x7fbcaff5b58e
[  128.415770][ T2772] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  128.435376][ T2772] RSP: 002b:00007fbcb0eb4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  128.443782][ T2772] RAX: ffffffffffffffda RBX: 00007fbcb0eb56c0 RCX: 00007fbcaff5b58e
[  128.451755][ T2772] RDX: 000000000000000f RSI: 00007fbcb0eb50a0 RDI: 0000000000000005
[  128.459722][ T2772] RBP: 00007fbcb0eb5090 R08: 0000000000000000 R09: 0000000000000000
[  128.467692][ T2772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.475667][ T2772] R13: 00007fbcb0216128 R14: 00007fbcb0216090 R15: 00007ffeae07eeb8
[  128.483651][ T2772]  </TASK>
[  128.567422][ T2780] loop3: detected capacity change from 0 to 4096
[  128.574187][ T2780] EXT4-fs: quotafile must be on filesystem root
[  128.640876][ T2784] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  128.690629][  T601] usb 2-1: string descriptor 0 read error: -71
[  128.714849][  T601] usb 2-1: USB disconnect, device number 16
[  128.899800][ T2824] input: syz1 as /devices/virtual/input/input19
[  128.906100][ T2824] input: failed to attach handler leds to device input19, error: -6
[  129.019325][ T2829] loop1: detected capacity change from 0 to 128
[  129.049674][ T2829] EXT4-fs: Ignoring removed nobh option
[  129.067082][ T2833] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.089930][ T2829] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  129.098602][ T2822] loop5: detected capacity change from 0 to 40427
[  129.102664][ T2829] ext4 filesystem being mounted at /158/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  129.120587][ T2822] F2FS-fs (loop5): invalid crc value
[  129.166197][ T2822] F2FS-fs (loop5): Found nat_bits in checkpoint
[  129.194285][ T2822] F2FS-fs (loop5): Start checkpoint disabled!
[  129.201057][ T2822] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  129.208502][ T2822] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  129.219415][ T2822] FAULT_INJECTION: forcing a failure.
[  129.219415][ T2822] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.234534][ T2822] CPU: 1 PID: 2822 Comm: syz.5.761 Not tainted syzkaller #0
[  129.241826][ T2822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  129.251876][ T2822] Call Trace:
[  129.255151][ T2822]  <TASK>
[  129.258092][ T2822]  __dump_stack+0x21/0x24
[  129.262428][ T2822]  dump_stack_lvl+0x110/0x170
[  129.267100][ T2822]  ? __cfi_dump_stack_lvl+0x8/0x8
[  129.272154][ T2822]  dump_stack+0x15/0x24
[  129.276356][ T2822]  should_fail_ex+0x3d4/0x520
[  129.281043][ T2822]  should_fail+0xb/0x10
[  129.285201][ T2822]  should_fail_usercopy+0x1a/0x20
[  129.290251][ T2822]  _copy_to_user+0x1e/0x90
[  129.294677][ T2822]  simple_read_from_buffer+0xe9/0x160
[  129.300104][ T2822]  proc_fail_nth_read+0x1a6/0x220
[  129.305142][ T2822]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  129.310700][ T2822]  ? security_file_permission+0x94/0xb0
[  129.316256][ T2822]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  129.321803][ T2822]  vfs_read+0x27a/0x910
[  129.325970][ T2822]  ? __cfi_vfs_read+0x10/0x10
[  129.330667][ T2822]  ? __kasan_check_write+0x14/0x20
[  129.335783][ T2822]  ? mutex_lock+0x93/0x1b0
[  129.340206][ T2822]  ? __cfi_mutex_lock+0x10/0x10
[  129.345055][ T2822]  ? __fdget_pos+0x2cd/0x380
[  129.349623][ T2822]  ? ksys_read+0x71/0x250
[  129.353936][ T2822]  ksys_read+0x149/0x250
[  129.358159][ T2822]  ? __cfi_ksys_read+0x10/0x10
[  129.362899][ T2822]  ? fpregs_restore_userregs+0x128/0x260
[  129.368514][ T2822]  __x64_sys_read+0x7b/0x90
[  129.372994][ T2822]  x64_sys_call+0x2f/0x9a0
[  129.377390][ T2822]  do_syscall_64+0x4c/0xa0
[  129.381786][ T2822]  ? clear_bhb_loop+0x30/0x80
[  129.386446][ T2822]  ? clear_bhb_loop+0x30/0x80
[  129.391106][ T2822]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  129.396980][ T2822] RIP: 0033:0x7f7b0355b58e
[  129.401548][ T2822] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  129.421133][ T2822] RSP: 002b:00007f7b04380fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  129.429527][ T2822] RAX: ffffffffffffffda RBX: 00007f7b043816c0 RCX: 00007f7b0355b58e
[  129.437483][ T2822] RDX: 000000000000000f RSI: 00007f7b043810a0 RDI: 0000000000000005
[  129.445437][ T2822] RBP: 00007f7b04381090 R08: 0000000000000000 R09: 0000000000000000
[  129.453476][ T2822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.461425][ T2822] R13: 00007f7b03816038 R14: 00007f7b03815fa0 R15: 00007fffec1ae858
[  129.469384][ T2822]  </TASK>
[  129.473084][ T2840] netlink: 12 bytes leftover after parsing attributes in process `syz.3.766'.
[  129.498424][  T284] EXT4-fs (loop1): unmounting filesystem.
[  129.516913][  T766] kworker/u4:5: attempt to access beyond end of device
[  129.516913][  T766] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  129.569533][ T2853] loop1: detected capacity change from 0 to 512
[  129.576464][ T2853] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  129.588111][ T2853] EXT4-fs (loop1): 1 truncate cleaned up
[  129.594749][ T2853] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  129.646901][ T2863] 9pnet_fd: Insufficient options for proto=fd
[  129.736363][  T284] EXT4-fs (loop1): unmounting filesystem.
[  129.750350][ T2880] loop1: detected capacity change from 0 to 16
[  129.766535][ T2880] erofs: (device loop1): mounted with root inode @ nid 36.
[  129.819921][ T2884] loop5: detected capacity change from 0 to 512
[  129.856445][ T2884] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.782: inode #1: comm syz.5.782: iget: illegal inode #
[  129.873164][ T2884] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.782: error while reading EA inode 1 err=-117
[  129.887768][ T2884] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.782: inode #1: comm syz.5.782: iget: illegal inode #
[  129.908070][ T2894] netlink: 20 bytes leftover after parsing attributes in process `syz.2.784'.
[  129.917441][ T2884] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.782: error while reading EA inode 1 err=-117
[  129.941876][ T2884] EXT4-fs (loop5): 1 orphan inode deleted
[  129.947680][ T2884] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  129.991693][  T732] EXT4-fs error (device loop5): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  130.012376][  T732] EXT4-fs error (device loop5): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 15
[  130.024426][  T732] EXT4-fs error (device loop5): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 15
[  130.039596][  T601] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  130.110721][ T2900] EXT4-fs (loop5): unmounting filesystem.
[  130.199597][  T601] usb 2-1: device descriptor read/64, error -71
[  130.469640][  T601] usb 2-1: device descriptor read/64, error -71
[  130.710513][  T371] device bridge_slave_1 left promiscuous mode
[  130.716691][  T371] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.724093][  T371] device bridge_slave_0 left promiscuous mode
[  130.730225][  T371] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.739561][  T601] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  130.899498][  T601] usb 2-1: device descriptor read/64, error -71
[  131.179521][  T601] usb 2-1: device descriptor read/64, error -71
[  131.299569][  T601] usb usb2-port1: attempt power cycle
[  131.709562][  T601] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  131.740676][  T601] usb 2-1: device descriptor read/8, error -71
[  131.890637][  T601] usb 2-1: device descriptor read/8, error -71
[  132.159514][  T601] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  132.190495][  T601] usb 2-1: device descriptor read/8, error -71
[  132.340516][  T601] usb 2-1: device descriptor read/8, error -71
[  132.459583][  T601] usb usb2-port1: unable to enumerate USB device
[  146.530501][ T2909] loop1: detected capacity change from 0 to 256
[  146.591098][ T2914] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  146.602193][ T2909] raw_sendmsg: syz.1.788 forgot to set AF_INET. Fix it!
[  146.646053][ T2919] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.653903][ T2919] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.661548][ T2919] device bridge_slave_0 entered promiscuous mode
[  146.668746][ T2919] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.676364][ T2919] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.683990][ T2919] device bridge_slave_1 entered promiscuous mode
[  146.988653][ T2919] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.995756][ T2919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.003078][ T2919] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.010135][ T2919] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.035738][  T371] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.043706][  T371] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.051864][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  147.061385][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  147.077113][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  147.085432][  T371] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.092504][  T371] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.100796][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  147.109068][  T371] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.116160][  T371] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.132277][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  147.140660][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  147.156611][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  147.169389][ T2919] device veth0_vlan entered promiscuous mode
[  147.176090][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  147.185628][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  147.193671][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  147.208173][ T2919] device veth1_macvtap entered promiscuous mode
[  147.215954][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  147.228336][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  147.249820][  T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  147.421614][   T28] kauditd_printk_skb: 92 callbacks suppressed
[  147.421628][   T28] audit: type=1400 audit(1769189655.883:927): avc:  denied  { lock } for  pid=2942 comm="syz.3.796" path="socket:[29183]" dev="sockfs" ino=29183 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  147.859416][ T2944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.794'.
[  147.873114][   T39] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  147.980965][ T2951] netlink: 12 bytes leftover after parsing attributes in process `syz.1.797'.
[  148.079730][   T39] usb 6-1: Using ep0 maxpacket: 16
[  148.113342][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.127966][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.138194][   T39] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  148.151084][   T39] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  148.160164][   T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.168769][   T39] usb 6-1: config 0 descriptor??
[  148.246958][ T2953] loop2: detected capacity change from 0 to 16
[  148.255533][ T2953] erofs: (device loop2): mounted with root inode @ nid 36.
[  148.515167][ T2960] fuse: Unknown parameter './file0'
[  148.525560][ T2960] cgroup: No subsys list or none specified
[  148.539741][   T19] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  148.761263][   T19] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  148.795546][   T19] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  148.894568][   T19] usb 3-1: config 0 has no interface number 0
[  148.918736][ T2934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.954828][ T2934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.976030][   T19] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  149.060919][   T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.205225][   T19] usb 3-1: Product: syz
[  149.241543][   T19] usb 3-1: Manufacturer: syz
[  149.267985][   T39] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max
[  149.271058][   T19] usb 3-1: SerialNumber: syz
[  149.277257][   T39] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max
[  149.287941][   T39] microsoft 0003:045E:07DA.0008: No inputs registered, leaving
[  149.296492][   T39] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  149.308311][   T19] usb 3-1: config 0 descriptor??
[  149.316027][ T2965] netlink: 182 bytes leftover after parsing attributes in process `syz.1.802'.
[  149.319514][   T39] microsoft 0003:045E:07DA.0008: no inputs found
[  149.349477][   T39] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway
[  149.371793][   T39] usb 6-1: USB disconnect, device number 22
[  149.433397][ T2966] fido_id[2966]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  149.531633][  T846] usb 3-1: USB disconnect, device number 15
[  149.843202][ T2984] device syzkaller0 entered promiscuous mode
[  149.861144][ T2984] device syzkaller0 left promiscuous mode
[  149.864058][   T28] audit: type=1400 audit(1769189658.323:928): avc:  denied  { read } for  pid=2980 comm="syz.5.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  150.154289][ T2999] x_tables: duplicate underflow at hook 1
[  150.169639][   T28] audit: type=1400 audit(1769189658.623:929): avc:  denied  { bind } for  pid=2995 comm="syz.3.815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  150.297355][ T3002] netlink: 45349 bytes leftover after parsing attributes in process `syz.0.813'.
[  150.484962][ T3004] loop2: detected capacity change from 0 to 512
[  150.540248][ T2915] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  150.569385][ T3006] netlink: 40 bytes leftover after parsing attributes in process `syz.2.817'.
[  150.578588][ T3006] netlink: 40 bytes leftover after parsing attributes in process `syz.2.817'.
[  150.686839][ T3009] FAULT_INJECTION: forcing a failure.
[  150.686839][ T3009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.700081][ T3009] CPU: 1 PID: 3009 Comm: syz.1.818 Not tainted syzkaller #0
[  150.707456][ T3009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  150.717498][ T3009] Call Trace:
[  150.720785][ T3009]  <TASK>
[  150.723698][ T3009]  __dump_stack+0x21/0x24
[  150.728026][ T3009]  dump_stack_lvl+0x110/0x170
[  150.732679][ T3009]  ? __cfi_dump_stack_lvl+0x8/0x8
[  150.737694][ T3009]  dump_stack+0x15/0x24
[  150.741850][ T3009]  should_fail_ex+0x3d4/0x520
[  150.746514][ T3009]  should_fail+0xb/0x10
[  150.750742][ T3009]  should_fail_usercopy+0x1a/0x20
[  150.755751][ T3009]  _copy_to_user+0x1e/0x90
[  150.760330][ T3009]  simple_read_from_buffer+0xe9/0x160
[  150.765721][ T3009]  proc_fail_nth_read+0x1a6/0x220
[  150.770727][ T3009]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  150.776254][ T3009]  ? security_file_permission+0x94/0xb0
[  150.781781][ T3009]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  150.787304][ T3009]  vfs_read+0x27a/0x910
[  150.791477][ T3009]  ? __cfi_vfs_read+0x10/0x10
[  150.796136][ T3009]  ? __kasan_check_write+0x14/0x20
[  150.801240][ T3009]  ? mutex_lock+0x93/0x1b0
[  150.805640][ T3009]  ? __cfi_mutex_lock+0x10/0x10
[  150.810476][ T3009]  ? __fdget_pos+0x2cd/0x380
[  150.815056][ T3009]  ? ksys_read+0x71/0x250
[  150.819364][ T3009]  ksys_read+0x149/0x250
[  150.823650][ T3009]  ? __cfi_ksys_read+0x10/0x10
[  150.828430][ T3009]  ? fput+0x154/0x1a0
[  150.832404][ T3009]  ? debug_smp_processor_id+0x17/0x20
[  150.837768][ T3009]  __x64_sys_read+0x7b/0x90
[  150.842272][ T3009]  x64_sys_call+0x2f/0x9a0
[  150.846672][ T3009]  do_syscall_64+0x4c/0xa0
[  150.851069][ T3009]  ? clear_bhb_loop+0x30/0x80
[  150.855740][ T3009]  ? clear_bhb_loop+0x30/0x80
[  150.860402][ T3009]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  150.866286][ T3009] RIP: 0033:0x7fc2e055b58e
[  150.870685][ T3009] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  150.890270][ T3009] RSP: 002b:00007fc2e14fafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  150.898679][ T3009] RAX: ffffffffffffffda RBX: 00007fc2e14fb6c0 RCX: 00007fc2e055b58e
[  150.906690][ T3009] RDX: 000000000000000f RSI: 00007fc2e14fb0a0 RDI: 0000000000000006
[  150.914653][ T3009] RBP: 00007fc2e14fb090 R08: 0000000000000000 R09: 0000000000000000
[  150.922612][ T3009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.930564][ T3009] R13: 00007fc2e0816038 R14: 00007fc2e0815fa0 R15: 00007ffe30b507a8
[  150.938693][ T3009]  </TASK>
[  151.124112][ T3027] xt_bpf: check failed: parse error
[  151.142029][ T3025] netlink: 7 bytes leftover after parsing attributes in process `syz.3.820'.
[  151.280844][ T3029] loop1: detected capacity change from 0 to 16
[  151.315592][ T3029] erofs: (device loop1): mounted with root inode @ nid 36.
[  151.475302][ T3036] loop2: detected capacity change from 0 to 40427
[  151.493159][ T3036] F2FS-fs (loop2): fault_type options not supported
[  151.510247][ T3036] F2FS-fs (loop2): invalid crc value
[  151.524812][ T3036] F2FS-fs (loop2): Found nat_bits in checkpoint
[  151.580330][ T3036] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  151.599528][   T39] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  151.790483][   T39] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[  151.798682][   T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.809199][   T39] usb 2-1: config 0 has no interface number 0
[  151.823888][   T39] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  151.833026][   T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.841091][   T39] usb 2-1: Product: syz
[  151.845478][   T39] usb 2-1: Manufacturer: syz
[  151.850145][   T39] usb 2-1: SerialNumber: syz
[  151.879918][   T39] usb 2-1: config 0 descriptor??
[  151.971158][ T3054] netlink: 'syz.5.830': attribute type 24 has an invalid length.
[  152.080948][ T3062] loop2: detected capacity change from 0 to 256
[  152.087620][ T3062] exfat: Deprecated parameter 'utf8'
[  152.093208][ T3062] exfat: Deprecated parameter 'utf8'
[  152.098727][ T3062] exfat: Deprecated parameter 'utf8'
[  152.108437][ T3062] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  152.120884][   T39] usb 2-1: USB disconnect, device number 21
[  152.134697][   T28] audit: type=1400 audit(1769189660.593:930): avc:  denied  { mounton } for  pid=3061 comm="syz.2.835" path="/129/file0/file0" dev="loop2" ino=1048661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  152.235948][ T3066] fuse: Bad value for 'fd'
[  152.241397][ T3066] overlayfs: failed to clone upperpath
[  152.335721][ T3070] netlink: 7 bytes leftover after parsing attributes in process `syz.3.838'.
[  152.825148][ T3084] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  152.826792][ T3084] loop5: detected capacity change from 0 to 128
[  153.033399][   T28] audit: type=1400 audit(1769189661.493:931): avc:  denied  { read } for  pid=3085 comm="syz.2.843" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  153.055425][   T28] audit: type=1400 audit(1769189661.493:932): avc:  denied  { open } for  pid=3085 comm="syz.2.843" path="/130/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  153.217957][ T3096] loop2: detected capacity change from 0 to 1024
[  153.239032][ T3096] EXT4-fs: Ignoring removed nomblk_io_submit option
[  153.246819][ T3096] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  153.266984][ T3096] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  153.275380][ T3096] System zones: 0-1, 3-36
[  153.285329][ T3096] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  153.429055][  T287] EXT4-fs (loop2): unmounting filesystem.
[  153.948221][ T3105] loop5: detected capacity change from 0 to 1024
[  153.970225][ T3105] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  153.978972][ T3105] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.002097][ T3105] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.850: bg 0: block 112: padding at end of block bitmap is not set
[  154.044625][ T3105] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 54 with error 117
[  154.058459][ T3105] EXT4-fs (loop5): This should not happen!! Data will be lost
[  154.058459][ T3105] 
[  154.077700][   T28] audit: type=1400 audit(1769189662.533:933): avc:  denied  { append } for  pid=3102 comm="syz.5.850" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  154.110232][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  154.916171][ T3128] fuse: Bad value for 'fd'
[  155.035396][ T3127] device syzkaller0 entered promiscuous mode
[  155.155308][   T28] audit: type=1400 audit(1769189663.613:934): avc:  denied  { create } for  pid=3138 comm="syz.0.861" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  155.223800][ T3146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.863'.
[  155.945156][ T3163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.868'.
[  156.399521][ T3177] loop5: detected capacity change from 0 to 128
[  156.446266][ T3179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.874'.
[  156.522258][ T3177] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  156.560380][ T3177] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  156.587623][   T28] audit: type=1326 audit(1769189665.043:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3184 comm="syz.1.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e059acb9 code=0x7ffc0000
[  156.616499][ T3177] fscrypt: loop5: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  156.689025][   T28] audit: type=1326 audit(1769189665.073:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3184 comm="syz.1.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2e059acb9 code=0x7ffc0000
[  156.760337][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  156.877849][   T28] audit: type=1326 audit(1769189665.073:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3184 comm="syz.1.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc2e059acb9 code=0x7ffc0000
[  156.978978][   T28] audit: type=1326 audit(1769189665.093:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3184 comm="syz.1.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc2e059aa22 code=0x7ffc0000
[  157.273471][   T28] audit: type=1326 audit(1769189665.333:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3184 comm="syz.1.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc2e055b58e code=0x7ffc0000
[  157.589529][   T28] audit: type=1326 audit(1769189666.043:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3184 comm="syz.1.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc2e059aae7 code=0x7ffc0000
[  157.610901][ T3185] loop1: detected capacity change from 0 to 40427
[  158.748542][ T3231] loop2: detected capacity change from 0 to 128
[  158.761636][ T3231] EXT4-fs warning (device loop2): ext4_init_metadata_csum:4546: metadata_csum and uninit_bg are redundant flags; please run fsck.
[  158.775286][ T3231] EXT4-fs (loop2): Encoding requested by superblock is unknown
[  159.050588][ T3259] loop1: detected capacity change from 0 to 512
[  159.063530][   T28] kauditd_printk_skb: 31 callbacks suppressed
[  159.063547][   T28] audit: type=1400 audit(1769189667.523:972): avc:  denied  { bind } for  pid=3250 comm="syz.3.899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  159.122233][ T3259] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  159.135089][ T3259] EXT4-fs (loop1): orphan cleanup on readonly fs
[  159.146009][ T3259] EXT4-fs error (device loop1): ext4_quota_enable:7004: comm syz.1.900: inode #50331648: comm syz.1.900: iget: illegal inode #
[  159.162893][   T28] audit: type=1400 audit(1769189667.623:973): avc:  denied  { read } for  pid=3253 comm="syz.5.897" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  159.189789][ T3259] EXT4-fs error (device loop1): ext4_quota_enable:7007: comm syz.1.900: Bad quota inode: 50331648, type: 2
[  159.208530][   T28] audit: type=1400 audit(1769189667.653:974): avc:  denied  { open } for  pid=3253 comm="syz.5.897" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  159.232471][ T3259] EXT4-fs warning (device loop1): ext4_enable_quotas:7048: Failed to enable quota tracking (type=2, err=-117, ino=50331648). Please run e2fsck to fix.
[  159.253529][ T3261] futex_wake_op: syz.5.897 tries to shift op by -1; fix this program
[  159.261824][ T3259] EXT4-fs (loop1): Cannot turn on quotas: error -117
[  159.268561][ T3259] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  159.310864][  T284] EXT4-fs (loop1): unmounting filesystem.
[  159.387614][ T3274] loop5: detected capacity change from 0 to 512
[  159.459026][ T3274] EXT4-fs (loop5): failed to initialize system zone (-117)
[  159.466430][ T3274] EXT4-fs (loop5): mount failed
[  160.416768][ T3301] overlayfs: failed to clone upperpath
[  160.844801][   T28] audit: type=1400 audit(1769189668.843:975): avc:  denied  { mount } for  pid=3291 comm="syz.3.911" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  161.652637][   T28] audit: type=1400 audit(1769189670.113:976): avc:  denied  { sys_module } for  pid=3331 comm="syz.1.922" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  161.694716][ T3334] loop1: detected capacity change from 0 to 1024
[  161.704302][ T3334] EXT4-fs: Ignoring removed bh option
[  161.729893][ T3334] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  162.159483][ T3345] overlayfs: failed to clone upperpath
[  162.281016][ T3361] loop5: detected capacity change from 0 to 512
[  162.294836][ T3361] EXT4-fs: Ignoring removed mblk_io_submit option
[  162.313554][ T3361] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  162.322431][ T3361] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a003c11c, mo2=0002]
[  162.335797][ T3361] System zones: 1-12
[  162.341312][ T3361] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2196: inode #15: comm syz.5.932: corrupted in-inode xattr
[  162.415130][ T3361] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.932: couldn't read orphan inode 15 (err -117)
[  162.434403][ T3361] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  162.520327][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  162.575543][  T284] EXT4-fs (loop1): unmounting filesystem.
[  162.603085][ T3376] loop1: detected capacity change from 0 to 256
[  162.621665][ T3376] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  162.754758][ T3380] netlink: 36 bytes leftover after parsing attributes in process `syz.5.935'.
[  163.401012][ T3385] loop2: detected capacity change from 0 to 256
[  163.426217][ T3387] netlink: 'syz.3.941': attribute type 15 has an invalid length.
[  163.431892][ T3385] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  163.526623][ T3385] fuse: Bad value for 'group_id'
[  163.667601][ T3409] netlink: 36 bytes leftover after parsing attributes in process `syz.5.945'.
[  163.686987][ T3406] device batadv_slave_0 entered promiscuous mode
[  168.631914][ T3472] loop1: detected capacity change from 0 to 512
[  168.742737][ T3472] ext4: Bad value for 'max_batch_time'
[  169.042630][   T28] audit: type=1400 audit(1769189677.503:977): avc:  denied  { mount } for  pid=3481 comm="syz.0.973" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  169.377591][ T3499] loop1: detected capacity change from 0 to 512
[  169.395940][ T3499] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  169.413125][ T3499] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters
[  169.427860][ T3499] EXT4-fs (loop1): 1 truncate cleaned up
[  169.433657][ T3499] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  169.652374][ T3509] loop5: detected capacity change from 0 to 512
[  169.692875][ T3515] loop5: detected capacity change from 0 to 2048
[  169.700143][ T3515] EXT4-fs: Ignoring removed i_version option
[  169.711097][ T3515] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  169.719964][ T3515] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.519760][  T284] EXT4-fs (loop1): unmounting filesystem.
[  170.567766][ T3532] loop2: detected capacity change from 0 to 512
[  170.578670][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  170.584855][ T3532] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  170.607746][ T3534] loop1: detected capacity change from 0 to 512
[  170.614690][ T3532] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  170.620915][ T3534] EXT4-fs: dax option not supported
[  170.639511][ T3532] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  170.758537][ T3541] loop1: detected capacity change from 0 to 256
[  170.779006][ T3541] FAT-fs (loop1): Directory bread(block 64) failed
[  170.780066][ T3532] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  170.793733][ T3541] FAT-fs (loop1): Directory bread(block 65) failed
[  170.801386][ T3541] FAT-fs (loop1): Directory bread(block 66) failed
[  170.808201][ T3541] FAT-fs (loop1): Directory bread(block 67) failed
[  170.815987][ T3541] FAT-fs (loop1): Directory bread(block 68) failed
[  170.951118][ T3541] FAT-fs (loop1): Directory bread(block 69) failed
[  170.989272][ T3541] FAT-fs (loop1): Directory bread(block 70) failed
[  170.995590][ T3532] System zones: 0-2, 18-18, 34-35
[  171.001391][ T3541] FAT-fs (loop1): Directory bread(block 71) failed
[  171.008155][ T3541] FAT-fs (loop1): Directory bread(block 72) failed
[  171.012296][ T3532] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  171.023394][ T3541] FAT-fs (loop1): Directory bread(block 73) failed
[  171.039759][   T28] audit: type=1400 audit(1769189679.493:978): avc:  denied  { mount } for  pid=3533 comm="syz.1.985" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  172.076965][  T287] EXT4-fs (loop2): unmounting filesystem.
[  172.077778][   T28] audit: type=1400 audit(1769189680.523:979): avc:  denied  { unmount } for  pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  172.195151][ T3562] loop5: detected capacity change from 0 to 1024
[  172.212683][ T3563] loop2: detected capacity change from 0 to 512
[  172.260275][ T3562] EXT4-fs: Ignoring removed oldalloc option
[  172.274794][ T3562] EXT4-fs: Ignoring removed bh option
[  172.289748][ T3563] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  172.408185][ T3562] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  172.454101][ T3563] EXT4-fs error (device loop2): mb_free_blocks:1810: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  172.480107][ T3563] EXT4-fs error (device loop2): ext4_do_update_inode:5270: inode #11: comm syz.2.996: corrupted inode contents
[  172.480390][ T3562] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  172.493491][ T3563] EXT4-fs error (device loop2): ext4_dirty_inode:6135: inode #11: comm syz.2.996: mark_inode_dirty error
[  172.519854][ T3563] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.996: invalid indirect mapped block 1 (level 1)
[  172.534092][ T3563] EXT4-fs error (device loop2): ext4_do_update_inode:5270: inode #11: comm syz.2.996: corrupted inode contents
[  172.546611][ T3563] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[  172.555672][ T3563] EXT4-fs error (device loop2): ext4_do_update_inode:5270: inode #11: comm syz.2.996: corrupted inode contents
[  172.568466][ T3563] EXT4-fs error (device loop2): ext4_truncate:4320: inode #11: comm syz.2.996: mark_inode_dirty error
[  172.580172][ T3563] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem
[  172.590298][ T3563] EXT4-fs (loop2): 1 truncate cleaned up
[  172.596623][ T3563] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  172.607780][ T3563] EXT4-fs (loop2): unmounting filesystem.
[  173.000458][ T3580] loop2: detected capacity change from 0 to 2048
[  173.171431][ T3582] loop1: detected capacity change from 0 to 128
[  173.261202][ T3592] tipc: Started in network mode
[  173.262765][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  173.266149][ T3592] tipc: Node identity 4246, cluster identity 4711
[  173.278392][ T3592] tipc: Node number set to 16966
[  173.279106][ T3582] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  173.292073][ T3582] ext4 filesystem being mounted at /196/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  173.307663][ T3595] loop5: detected capacity change from 0 to 512
[  173.340573][ T3582] syz.1.1002 (pid 3582) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  173.403215][  T284] EXT4-fs (loop1): unmounting filesystem.
[  173.445335][ T3595] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  173.461858][ T3595] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.472498][   T28] audit: type=1400 audit(1769189681.923:980): avc:  denied  { append } for  pid=3606 comm="syz.1.1012" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  173.760713][   T28] audit: type=1400 audit(1769189682.223:981): avc:  denied  { read write } for  pid=3618 comm="syz.2.1016" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  173.784205][   T28] audit: type=1400 audit(1769189682.223:982): avc:  denied  { open } for  pid=3618 comm="syz.2.1016" path="/dev/raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  173.807639][   T28] audit: type=1400 audit(1769189682.223:983): avc:  denied  { ioctl } for  pid=3618 comm="syz.2.1016" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  174.029581][  T846] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  174.160422][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  174.233646][  T846] usb 3-1: config 0 has no interfaces?
[  174.282164][  T846] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  174.292096][  T846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.306274][  T846] usb 3-1: Product: syz
[  174.312951][  T846] usb 3-1: Manufacturer: syz
[  174.318248][  T846] usb 3-1: SerialNumber: syz
[  174.343518][  T846] r8152-cfgselector 3-1: config 0 descriptor??
[  174.931225][ T3619] xt_hashlimit: size too large, truncated to 1048576
[  175.004106][ T3650] binder: 3645:3650 ioctl 5427 0 returned -22
[  175.029515][  T844] usb 3-1: config 0 descriptor??
[  175.229060][  T844] usb 3-1: can't set config #0, error -71
[  175.235553][  T693] usb 3-1: USB disconnect, device number 16
[  175.289551][  T846] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  175.464208][ T3670] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1035'.
[  175.469480][  T846] usb 2-1: Using ep0 maxpacket: 8
[  175.478199][   T19] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  175.487011][  T846] usb 2-1: config 0 has too many interfaces: 65, using maximum allowed: 32
[  175.495725][  T846] usb 2-1: config 0 has an invalid interface number: 150 but max is 64
[  175.504058][  T846] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.514391][  T846] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 65
[  175.523518][  T846] usb 2-1: config 0 has no interface number 0
[  175.529688][  T846] usb 2-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  175.543112][  T846] usb 2-1: config 0 interface 150 has no altsetting 0
[  175.549943][  T846] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  175.563139][  T846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.653041][  T846] usb 2-1: config 0 descriptor??
[  175.679492][   T19] usb 6-1: Using ep0 maxpacket: 32
[  175.685725][   T19] usb 6-1: config 0 has an invalid interface number: 42 but max is 0
[  175.693927][   T19] usb 6-1: config 0 has no interface number 0
[  175.700117][   T19] usb 6-1: config 0 interface 42 has no altsetting 0
[  175.708406][   T19] usb 6-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=2e.15
[  175.717828][   T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.725885][   T19] usb 6-1: Product: syz
[  175.730172][   T19] usb 6-1: Manufacturer: syz
[  175.734966][   T19] usb 6-1: SerialNumber: syz
[  175.742206][   T19] usb 6-1: config 0 descriptor??
[  176.029970][   T39] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  176.120359][   T28] audit: type=1400 audit(1769189684.583:984): avc:  denied  { accept } for  pid=3691 comm="syz.0.1043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  176.222348][   T39] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  176.238021][   T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.262390][   T39] usb 3-1: Product: syz
[  176.274126][   T39] usb 3-1: Manufacturer: syz
[  176.287676][   T39] usb 3-1: SerialNumber: syz
[  176.323329][   T39] r8152-cfgselector 3-1: config 0 descriptor??
[  176.577780][   T28] audit: type=1400 audit(1769189685.033:985): avc:  denied  { wake_alarm } for  pid=3700 comm="syz.3.1046" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  176.639834][   T28] audit: type=1400 audit(1769189685.073:986): avc:  denied  { create } for  pid=3700 comm="syz.3.1046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  176.695327][ T3701] xt_bpf: check failed: parse error
[  176.750184][   T39] r8152-cfgselector 3-1: Unknown version 0x0000
[  176.757455][   T39] r8152-cfgselector 3-1: bad CDC descriptors
[  176.782104][   T39] r8152-cfgselector 3-1: Unknown version 0x0000
[  176.806744][   T39] r8152-cfgselector 3-1: USB disconnect, device number 17
[  177.094329][ T3715] xt_hashlimit: size too large, truncated to 1048576
[  177.569550][    T6] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  177.779493][    T6] usb 3-1: Using ep0 maxpacket: 8
[  177.785779][    T6] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  177.794333][    T6] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  177.804383][    T6] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  177.814433][    T6] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  177.824680][    T6] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  177.837939][    T6] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  177.847072][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.960388][  T846] usb 2-1: USB disconnect, device number 22
[  177.976404][   T19] usb 6-1: USB disconnect, device number 23
[  178.201253][ T2915] udevd[2915]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.150/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  178.349507][   T19] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  178.432383][ T3739] loop2: detected capacity change from 0 to 2048
[  178.448774][ T3739] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  178.484361][ T3739] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  178.529590][   T19] usb 6-1: Using ep0 maxpacket: 32
[  178.535941][   T19] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  178.544182][   T19] usb 6-1: config 0 has no interface number 0
[  178.550415][   T19] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  178.735392][   T19] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  178.744553][   T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.752718][   T19] usb 6-1: Product: syz
[  178.756905][   T19] usb 6-1: Manufacturer: syz
[  178.761529][   T19] usb 6-1: SerialNumber: syz
[  178.766808][   T19] usb 6-1: config 0 descriptor??
[  178.772115][ T3711] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  178.986010][ T3711] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  179.404137][   T19] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  179.414503][   T19] asix: probe of 6-1:0.188 failed with error -61
[  179.422210][ T2914] udevd[2914]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.42/sound/card1/controlC1/../uevent} for writing: No such file or directory
[  179.773305][ T3773] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1070'.
[  179.898284][ T3779] loop1: detected capacity change from 0 to 2048
[  179.905692][   T28] audit: type=1400 audit(1769189688.373:987): avc:  denied  { mount } for  pid=3780 comm="syz.0.1073" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  179.933826][ T3779] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1072'.
[  180.674791][ T3788] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1074'.
[  180.703683][   T39] usb 3-1: USB disconnect, device number 18
[  180.716651][  T287] EXT4-fs (loop2): unmounting filesystem.
[  180.757730][ T3792] loop2: detected capacity change from 0 to 1024
[  180.785192][ T3792] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  180.946711][ T3802] EXT4-fs (loop2): shut down requested (0)
[  180.968107][   T28] audit: type=1400 audit(1769189689.423:988): avc:  denied  { read } for  pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  180.990310][   T28] audit: type=1400 audit(1769189689.423:989): avc:  denied  { search } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  183.660618][   T28] audit: type=1400 audit(1769189689.423:990): avc:  denied  { write } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  183.695845][  T287] EXT4-fs (loop2): unmounting filesystem.
[  183.711071][   T39] usb 6-1: USB disconnect, device number 24
[  183.761353][   T28] audit: type=1400 audit(1769189689.423:991): avc:  denied  { add_name } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  183.781948][   T28] audit: type=1400 audit(1769189689.423:992): avc:  denied  { create } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  183.802409][   T28] audit: type=1400 audit(1769189689.423:993): avc:  denied  { append open } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  183.825305][   T28] audit: type=1400 audit(1769189689.423:994): avc:  denied  { getattr } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  184.087950][   T28] audit: type=1400 audit(1769189692.543:995): avc:  denied  { watch } for  pid=3811 comm="syz.5.1081" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  184.112977][ T3825] loop5: detected capacity change from 0 to 512
[  184.149010][ T3825] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  184.229898][   T28] audit: type=1400 audit(1769189692.603:996): avc:  denied  { mounton } for  pid=3811 comm="syz.5.1081" path="/bus" dev="proc" ino=4026531855 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  184.302106][ T3825] EXT4-fs (loop5): orphan cleanup on readonly fs
[  184.311805][ T3825] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.1081: bg 0: block 248: padding at end of block bitmap is not set
[  184.326512][  T846] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  184.334972][ T3825] Quota error (device loop5): write_blk: dquota write failed
[  184.342514][ T3825] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  184.352519][ T3825] EXT4-fs error (device loop5): ext4_acquire_dquot:6796: comm syz.5.1081: Failed to acquire dquot type 1
[  184.366957][ T3825] EXT4-fs (loop5): 1 truncate cleaned up
[  184.400786][ T3825] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  184.412078][ T3825] EXT4-fs (loop5): unmounting filesystem.
[  184.621762][  T846] usb 3-1: config 0 has no interfaces?
[  184.629992][  T846] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  184.674484][ T3814] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1082'.
[  184.705565][  T846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.766090][  T846] usb 3-1: Product: syz
[  184.805396][  T846] usb 3-1: Manufacturer: syz
[  184.848409][  T846] usb 3-1: SerialNumber: syz
[  184.931207][  T846] r8152-cfgselector 3-1: config 0 descriptor??
[  185.313009][ T3848] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1087'.
[  185.473647][ T3816] xt_hashlimit: size too large, truncated to 1048576
[  185.647593][ T3856] binder: 3854:3856 ioctl 5427 0 returned -22
[  185.660412][   T39] usb 3-1: USB disconnect, device number 19
[  186.023042][ T3862] binder: BINDER_SET_CONTEXT_MGR already set
[  186.029230][ T3862] binder: 3857:3862 ioctl 4018620d 200000000040 returned -16
[  186.122601][ T3864] binder: 3857:3864 ioctl 5427 0 returned -22
[  186.169979][ T3862] binder: 3857:3862 ioctl c0306201 200000000240 returned -11
[  186.215223][ T3872] x_tables: ip_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING
[  186.244418][ T3876] netlink: 'syz.2.1101': attribute type 27 has an invalid length.
[  186.563764][ T3892] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1104'.
[  186.865444][   T28] audit: type=1400 audit(1769189695.303:997): avc:  denied  { append } for  pid=3887 comm="syz.5.1105" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  186.968578][ T3898] loop2: detected capacity change from 0 to 256
[  186.991419][ T3898] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x8c4dac22, utbl_chksum : 0xe619d30d)
[  187.035377][ T3900] loop2: detected capacity change from 0 to 128
[  187.121315][ T3908] loop2: detected capacity change from 0 to 128
[  187.144205][ T3908] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  187.153731][ T3908] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.190333][  T287] EXT4-fs (loop2): unmounting filesystem.
[  187.675743][ T3933] loop2: detected capacity change from 0 to 4096
[  187.703341][ T3933] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  188.091851][  T287] EXT4-fs (loop2): unmounting filesystem.
[  188.136315][ T3951] netlink: 'syz.1.1125': attribute type 41 has an invalid length.
[  188.317343][ T3960] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1126'.
[  188.611115][ T3971] loop5: detected capacity change from 0 to 512
[  188.617707][ T3971] EXT4-fs: Ignoring removed nomblk_io_submit option
[  188.630652][ T3971] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  188.641820][ T3971] EXT4-fs (loop5): 1 truncate cleaned up
[  188.647525][ T3971] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  188.949473][   T39] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  188.969488][    T6] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  189.022067][ T3985] pic_ioport_write: 13 callbacks suppressed
[  189.022086][ T3985] kvm: pic: level sensitive irq not supported
[  189.029736][ T3985] pic_ioport_write: 7 callbacks suppressed
[  189.029750][ T3985] kvm: pic: single mode not supported
[  189.041731][ T3985] kvm: pic: level sensitive irq not supported
[  189.048437][ T3985] kvm: pic: single mode not supported
[  189.054640][ T3985] kvm: pic: level sensitive irq not supported
[  189.062129][ T3985] kvm: pic: single mode not supported
[  189.068220][ T3985] kvm: pic: level sensitive irq not supported
[  189.075635][ T3985] kvm: pic: single mode not supported
[  189.081739][ T3985] kvm: pic: level sensitive irq not supported
[  189.088335][ T3985] kvm: pic: single mode not supported
[  189.094464][ T3985] kvm: pic: level sensitive irq not supported
[  189.100837][ T3985] kvm: pic: single mode not supported
[  189.106911][ T3985] kvm: pic: level sensitive irq not supported
[  189.109481][   T39] usb 2-1: device descriptor read/64, error -71
[  189.112642][ T3985] kvm: pic: single mode not supported
[  189.124662][ T3985] kvm: pic: level sensitive irq not supported
[  189.131914][ T3985] kvm: pic: level sensitive irq not supported
[  189.138433][ T3985] kvm: pic: level sensitive irq not supported
[  189.146340][ T3985] kvm: pic: single mode not supported
[  189.160623][    T6] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  189.177149][    T6] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  189.188457][    T6] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  189.202605][    T6] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  189.211951][    T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  189.220158][    T6] usb 6-1: SerialNumber: syz
[  189.402502][   T39] usb 2-1: device descriptor read/64, error -71
[  189.431535][    T6] cdc_acm 6-1:1.0: ttyACM0: USB ACM device
[  189.457250][    T6] usb 6-1: USB disconnect, device number 25
[  189.629612][   T28] kauditd_printk_skb: 5 callbacks suppressed
[  189.629633][   T28] audit: type=1326 audit(1769189698.063:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.684449][   T28] audit: type=1326 audit(1769189698.063:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.689483][   T39] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  189.711313][   T28] audit: type=1326 audit(1769189698.063:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.739375][   T28] audit: type=1326 audit(1769189698.063:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.767502][   T28] audit: type=1326 audit(1769189698.063:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.792890][   T28] audit: type=1326 audit(1769189698.063:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.816869][   T28] audit: type=1326 audit(1769189698.063:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.840656][   T28] audit: type=1326 audit(1769189698.063:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.864335][   T28] audit: type=1326 audit(1769189698.063:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.887910][   T28] audit: type=1326 audit(1769189698.063:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3975 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ebf39acb9 code=0x7fc00000
[  189.929480][   T39] usb 2-1: device descriptor read/64, error -71
[  189.993560][ T4000] binder: 3999:4000 ioctl c018620c 200000000180 returned -22
[  190.054168][ T4001] loop2: detected capacity change from 0 to 512
[  190.061188][ T4001] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  190.070679][ T4001] EXT4-fs (loop2): orphan cleanup on readonly fs
[  190.077583][ T4001] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1141: bg 0: block 248: padding at end of block bitmap is not set
[  190.092136][ T4001] EXT4-fs error (device loop2): ext4_acquire_dquot:6796: comm syz.2.1141: Failed to acquire dquot type 1
[  190.103998][ T4001] EXT4-fs (loop2): 1 truncate cleaned up
[  190.110121][ T4001] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  190.129282][ T2919] EXT4-fs error (device loop5): mb_free_blocks:1810: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt.
[  190.146658][ T2919] EXT4-fs (loop5): unmounting filesystem.
[  190.219022][   T39] usb 2-1: device descriptor read/64, error -71
[  190.333882][ T4017] loop5: detected capacity change from 0 to 256
[  190.343948][   T39] usb usb2-port1: attempt power cycle
[  190.420754][ T4017] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  190.442371][ T4017] FAULT_INJECTION: forcing a failure.
[  190.442371][ T4017] name failslab, interval 1, probability 0, space 0, times 0
[  190.455077][ T4017] CPU: 1 PID: 4017 Comm: syz.5.1143 Not tainted syzkaller #0
[  190.462467][ T4017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  190.472515][ T4017] Call Trace:
[  190.475789][ T4017]  <TASK>
[  190.478712][ T4017]  __dump_stack+0x21/0x24
[  190.483039][ T4017]  dump_stack_lvl+0x110/0x170
[  190.487709][ T4017]  ? __cfi_dump_stack_lvl+0x8/0x8
[  190.492729][ T4017]  ? __cfi_u32_init+0x10/0x10
[  190.497403][ T4017]  ? u32_init+0x195/0x770
[  190.501734][ T4017]  dump_stack+0x15/0x24
[  190.505896][ T4017]  should_fail_ex+0x3d4/0x520
[  190.510571][ T4017]  __should_failslab+0xac/0xf0
[  190.515330][ T4017]  ? u32_init+0x195/0x770
[  190.519654][ T4017]  should_failslab+0x9/0x20
[  190.524156][ T4017]  __kmem_cache_alloc_node+0x3d/0x2c0
[  190.529525][ T4017]  ? irqentry_exit+0x37/0x40
[  190.534111][ T4017]  ? sysvec_reschedule_ipi+0x78/0x80
[  190.539393][ T4017]  ? u32_init+0x195/0x770
[  190.543724][ T4017]  kmalloc_trace+0x29/0xb0
[  190.548133][ T4017]  u32_init+0x195/0x770
[  190.552460][ T4017]  ? tcf_proto_create+0x1b4/0x310
[  190.557477][ T4017]  tcf_proto_create+0x213/0x310
[  190.562332][ T4017]  tc_new_tfilter+0xe52/0x1970
[  190.567092][ T4017]  ? __cfi_tc_new_tfilter+0x10/0x10
[  190.572468][ T4017]  ? preempt_schedule_irq+0xca/0x120
[  190.577772][ T4017]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[  190.583849][ T4017]  ? irqentry_exit+0x37/0x40
[  190.588435][ T4017]  ? sysvec_reschedule_ipi+0x78/0x80
[  190.593718][ T4017]  ? __cfi_tc_new_tfilter+0x10/0x10
[  190.598914][ T4017]  ? rtnetlink_rcv_msg+0xa8f/0xe00
[  190.604027][ T4017]  ? __cfi_tc_new_tfilter+0x10/0x10
[  190.609222][ T4017]  rtnetlink_rcv_msg+0xaad/0xe00
[  190.614155][ T4017]  ? __cfi__raw_spin_lock+0x10/0x10
[  190.619339][ T4017]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  190.624781][ T4017]  ? find_lock_lowest_rq+0x97/0x460
[  190.629967][ T4017]  ? __kasan_check_write+0x14/0x20
[  190.635057][ T4017]  ? push_rt_task+0x35f/0x5b0
[  190.639718][ T4017]  ? __cfi_push_rt_tasks+0x10/0x10
[  190.644811][ T4017]  ? _raw_spin_unlock+0x4c/0x70
[  190.649645][ T4017]  ? __cfi_push_rt_tasks+0x10/0x10
[  190.654735][ T4017]  ? finish_task_switch+0x16b/0x7b0
[  190.659920][ T4017]  ? __switch_to_asm+0x3a/0x60
[  190.664671][ T4017]  ? __schedule+0xbae/0x1500
[  190.669242][ T4017]  ? __kasan_check_write+0x14/0x20
[  190.674332][ T4017]  ? _raw_spin_lock+0x94/0xf0
[  190.678988][ T4017]  ? __cfi__raw_spin_lock+0x10/0x10
[  190.684165][ T4017]  ? release_firmware_map_entry+0x190/0x190
[  190.690051][ T4017]  ? _raw_spin_unlock_irqrestore+0x5a/0x80
[  190.695840][ T4017]  netlink_rcv_skb+0x20f/0x460
[  190.700584][ T4017]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  190.706034][ T4017]  ? __cfi_netlink_rcv_skb+0x10/0x10
[  190.711298][ T4017]  ? rcu_read_unlock_special+0xb2/0x440
[  190.716832][ T4017]  rtnetlink_rcv+0x1c/0x20
[  190.721319][ T4017]  netlink_unicast+0x8ab/0xa30
[  190.726061][ T4017]  netlink_sendmsg+0x8b9/0xbd0
[  190.730807][ T4017]  ? __cfi_netlink_sendmsg+0x10/0x10
[  190.736071][ T4017]  ? __schedule+0xbae/0x1500
[  190.740673][ T4017]  ? security_socket_sendmsg+0x93/0xb0
[  190.746113][ T4017]  ? __cfi_netlink_sendmsg+0x10/0x10
[  190.751386][ T4017]  ____sys_sendmsg+0x5cc/0x990
[  190.756312][ T4017]  ? __sys_sendmsg_sock+0x40/0x40
[  190.761318][ T4017]  ? import_iovec+0x7c/0xb0
[  190.765806][ T4017]  ___sys_sendmsg+0x2a2/0x360
[  190.770464][ T4017]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  190.776080][ T4017]  ? __sys_sendmsg+0x290/0x290
[  190.780837][ T4017]  ? __fdget+0x19c/0x220
[  190.785061][ T4017]  __x64_sys_sendmsg+0x205/0x2d0
[  190.789983][ T4017]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  190.795434][ T4017]  ? __kasan_check_write+0x14/0x20
[  190.800542][ T4017]  ? fpregs_restore_userregs+0x128/0x260
[  190.806173][ T4017]  ? switch_fpu_return+0xe/0x10
[  190.811024][ T4017]  x64_sys_call+0x171/0x9a0
[  190.815512][ T4017]  do_syscall_64+0x4c/0xa0
[  190.819911][ T4017]  ? clear_bhb_loop+0x30/0x80
[  190.824578][ T4017]  ? clear_bhb_loop+0x30/0x80
[  190.829245][ T4017]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  190.835150][ T4017] RIP: 0033:0x7f4a4179acb9
[  190.839562][ T4017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  190.859152][ T4017] RSP: 002b:00007f4a4261a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  190.867548][ T4017] RAX: ffffffffffffffda RBX: 00007f4a41a16180 RCX: 00007f4a4179acb9
[  190.875502][ T4017] RDX: 0000000024040084 RSI: 0000200000006040 RDI: 0000000000000009
[  190.883456][ T4017] RBP: 00007f4a4261a090 R08: 0000000000000000 R09: 0000000000000000
[  190.891495][ T4017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.899448][ T4017] R13: 00007f4a41a16218 R14: 00007f4a41a16180 R15: 00007ffd81d6b618
[  190.907406][ T4017]  </TASK>
[  190.982210][  T287] EXT4-fs (loop2): unmounting filesystem.
[  191.063410][ T4014] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1147'.
[  191.289628][   T39] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  191.320580][   T39] usb 2-1: device descriptor read/8, error -71
[  191.470550][   T39] usb 2-1: device descriptor read/8, error -71
[  191.620337][    T6] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  191.813249][    T6] usb 3-1: config 0 has an invalid interface number: 95 but max is 0
[  191.824825][    T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  191.844218][    T6] usb 3-1: config 0 has no interface number 0
[  191.846133][ T4059] netlink: 'syz.1.1163': attribute type 4 has an invalid length.
[  191.850401][    T6] usb 3-1: config 0 interface 95 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  191.851884][    T6] usb 3-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[  191.861408][ T4059] netlink: 'syz.1.1163': attribute type 4 has an invalid length.
[  191.867949][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.892668][    T6] usb 3-1: Product: syz
[  191.896834][    T6] usb 3-1: Manufacturer: syz
[  191.901454][    T6] usb 3-1: SerialNumber: syz
[  191.906485][    T6] usb 3-1: config 0 descriptor??
[  192.117681][ T4050] loop2: detected capacity change from 0 to 2048
[  192.131314][ T4050] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  192.140409][ T4050] EXT4-fs (loop2): unmounting filesystem.
[  192.250099][ T4078] netlink: 808 bytes leftover after parsing attributes in process `syz.0.1171'.
[  192.287660][ T4050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.306106][ T4050] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.330110][    T6] usb 3-1: MIDIStreaming interface descriptor not found
[  192.362486][    T6] usb 3-1: USB disconnect, device number 20
[  192.554557][ T4113] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1183'.
[  192.564661][ T4113] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1183'.
[  192.576880][ T4113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4113 comm=syz.5.1183
[  193.219507][   T39] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  193.369558][   T39] usb 6-1: device descriptor read/64, error -71
[  195.279560][   T39] usb 6-1: device descriptor read/64, error -71
[  195.321179][ T4147] xt_hashlimit: size too large, truncated to 1048576
[  195.331554][ T4149] loop2: detected capacity change from 0 to 4096
[  195.387756][ T4149] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  195.441895][ T4149] fs-verity (loop2, inode 15): Unsupported log_blocksize: 13
[  195.528048][  T287] EXT4-fs (loop2): unmounting filesystem.
[  195.540272][ T4161] binder: BINDER_SET_CONTEXT_MGR already set
[  195.546733][ T4161] binder: 4159:4161 ioctl 4018620d 200000000040 returned -16
[  195.549517][   T39] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  195.554961][ T4161] binder: 4159:4161 ioctl 5427 0 returned -22
[  195.631232][ T4163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1203'.
[  195.709528][   T39] usb 6-1: device descriptor read/64, error -71
[  195.886431][ T4172] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1206'.
[  196.719521][  T416] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  196.930525][  T416] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.949476][  T416] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.971775][  T416] usb 2-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  196.977245][ T4184] fuse: Unknown parameter '0x0000000000000003'
[  196.989534][  T416] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.004779][  T416] usb 2-1: config 0 descriptor??
[  197.130919][   T28] kauditd_printk_skb: 50 callbacks suppressed
[  197.130935][   T28] audit: type=1400 audit(1769189705.593:1061): avc:  denied  { watch watch_reads } for  pid=4171 comm="syz.5.1206" path="/" dev="ramfs" ino=34846 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  197.398253][  T416] usbhid 2-1:0.0: can't add hid device: -71
[  197.404285][  T416] usbhid: probe of 2-1:0.0 failed with error -71
[  197.412068][  T416] usb 2-1: USB disconnect, device number 27
[  197.536675][ T4207] binder: 4203:4207 ioctl 5427 0 returned -22
[  197.603826][ T4209] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1217'.
[  197.902057][   T28] audit: type=1400 audit(1769189706.363:1062): avc:  denied  { attach_queue } for  pid=4205 comm="syz.1.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  197.948904][ T4222] overlayfs: failed to clone upperpath
[  198.360109][ T4234] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1228'.
[  198.369097][ T4234] tipc: Invalid UDP bearer configuration
[  198.369121][ T4234] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  198.524835][ T4238] loop1: detected capacity change from 0 to 2048
[  198.551790][   T28] audit: type=1400 audit(1769189707.003:1063): avc:  denied  { execute_no_trans } for  pid=4243 comm="syz.5.1231" path="/68/file1" dev="tmpfs" ino=389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  198.552360][ T4238] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1229'.
[  198.845773][ T4255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1235'.
[  199.079619][  T416] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  199.259451][  T416] usb 6-1: Using ep0 maxpacket: 16
[  199.269802][  T416] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  199.280712][  T416] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  199.291107][  T416] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  199.304251][  T416] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  199.313443][  T416] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.325033][ T4246] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  199.349960][  T416] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  199.575631][ T4271] loop1: detected capacity change from 0 to 4096
[  199.586073][ T4271] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  199.899510][  T363] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  200.057385][  T416] cdc_acm 6-1:1.0: ttyACM0: USB ACM device
[  200.073468][  T416] usb 6-1: USB disconnect, device number 28
[  200.079517][  T363] usb 2-1: Using ep0 maxpacket: 16
[  200.086993][  T363] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  200.098906][  T363] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  200.109321][  T363] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  200.120912][  T363] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  200.130228][  T363] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.138268][  T363] usb 2-1: Product: syz
[  200.142491][  T363] usb 2-1: Manufacturer: syz
[  200.147101][  T363] usb 2-1: SerialNumber: syz
[  200.170502][   T28] audit: type=1326 audit(1769189708.633:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4292 comm="syz.5.1249" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x0
[  200.212686][   T28] audit: type=1400 audit(1769189708.673:1065): avc:  denied  { read } for  pid=4297 comm="syz.0.1250" path="socket:[34991]" dev="sockfs" ino=34991 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  200.288184][ T4300] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1249'.
[  200.316155][   T28] audit: type=1400 audit(1769189708.773:1066): avc:  denied  { ioctl } for  pid=4297 comm="syz.0.1250" path="socket:[34991]" dev="sockfs" ino=34991 ioctlcmd=0x9421 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  200.499272][ T4305] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1251'.
[  200.624881][  T363] usb 2-1: 0:2 : does not exist
[  201.206736][ T4314] xt_hashlimit: size too large, truncated to 1048576
[  201.220144][ T3806] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  201.239311][ T4271] fs-verity (loop1, inode 15): Unsupported log_blocksize: 13
[  201.267713][  T363] usb 2-1: USB disconnect, device number 28
[  201.409465][ T3806] usb 3-1: Using ep0 maxpacket: 16
[  201.415678][ T3806] usb 3-1: config 0 interface 0 has no altsetting 0
[  201.423978][ T3806] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  201.439460][ T3806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.475243][ T2915] udevd[2915]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  201.504427][ T3806] usb 3-1: config 0 descriptor??
[  201.911216][  T284] EXT4-fs (loop1): unmounting filesystem.
[  201.993001][ T4328] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1258'.
[  202.043680][ T3806] hid (null): unknown global tag 0xe
[  202.156467][   T28] audit: type=1400 audit(1769189710.613:1067): avc:  denied  { create } for  pid=4326 comm="syz.1.1258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  202.189991][ T4293] Bluetooth: hci0: Opcode 0x080f failed: -110
[  202.901757][ T4342] loop1: detected capacity change from 0 to 16
[  202.909029][ T4342] erofs: (device loop1): mounted with root inode @ nid 36.
[  203.144424][ T4354] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1267'.
[  203.199710][ T3806] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  203.842649][ T4350] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1265'.
[  203.863241][  T416] usb 3-1: USB disconnect, device number 21
[  204.166739][ T4361] binder: 4358:4361 ioctl 5427 0 returned -22
[  204.219544][ T3806] usb 2-1: device descriptor read/64, error -71
[  204.449464][  T363] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  204.489519][ T3806] usb 2-1: device descriptor read/64, error -71
[  204.630576][  T363] usb 6-1: config 0 has no interfaces?
[  204.637635][  T363] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  204.646982][  T363] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.655008][  T363] usb 6-1: Product: syz
[  204.659181][  T363] usb 6-1: Manufacturer: syz
[  204.663823][  T363] usb 6-1: SerialNumber: syz
[  204.669194][  T363] r8152-cfgselector 6-1: config 0 descriptor??
[  204.720074][ T4375] loop2: detected capacity change from 0 to 256
[  204.735647][ T4375] netlink: 'syz.2.1274': attribute type 9 has an invalid length.
[  204.743503][ T4375] netlink: 'syz.2.1274': attribute type 6 has an invalid length.
[  204.759504][ T3806] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  204.821783][ T4380] binder: 4376:4380 ioctl 5427 0 returned -22
[  204.929716][ T3806] usb 2-1: device descriptor read/64, error -71
[  205.081437][ T4365] xt_hashlimit: size too large, truncated to 1048576
[  205.259463][ T3806] usb 2-1: device descriptor read/64, error -71
[  205.379539][ T3806] usb usb2-port1: attempt power cycle
[  205.508285][  T363] usb 6-1: USB disconnect, device number 29
[  205.799534][ T3806] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  205.847650][ T4404] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1280'.
[  206.030740][ T3806] usb 2-1: device descriptor read/8, error -71
[  206.193936][ T3806] usb 2-1: device descriptor read/8, error -71
[  206.479734][ T3806] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  206.615620][ T3806] usb 2-1: device descriptor read/8, error -71
[  206.626299][ T4411] overlayfs: failed to clone upperpath
[  206.644445][ T4411] overlayfs: missing 'lowerdir'
[  206.759513][  T363] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  206.778413][ T3806] usb 2-1: device descriptor read/8, error -71
[  206.899510][ T3806] usb usb2-port1: unable to enumerate USB device
[  206.940453][  T363] usb 6-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[  206.950854][  T363] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  206.963802][  T363] usb 6-1: New USB device found, idVendor=056a, idProduct=0018, bcdDevice= 0.00
[  206.972878][  T363] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.981365][  T363] usb 6-1: config 0 descriptor??
[  206.987003][  T363] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  207.079496][   T24] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  207.236466][ T4436] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4436 comm=syz.1.1294
[  207.270469][   T24] usb 3-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  207.280889][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  207.290701][   T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  207.299932][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  207.319452][   T24] usb 3-1: SerialNumber: syz
[  207.462943][   T28] audit: type=1400 audit(1769189715.923:1068): avc:  denied  { setattr } for  pid=4438 comm="syz.1.1295" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  207.529811][   T24] usb 3-1: 0:2 : does not exist
[  207.538366][   T24] usb 3-1: USB disconnect, device number 22
[  207.580685][ T4442] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1296'.
[  207.672928][ T4446] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1299'.
[  207.716024][ T4449] loop1: detected capacity change from 0 to 2048
[  207.821049][ T4463] loop1: detected capacity change from 0 to 512
[  207.834604][ T4463] EXT4-fs: Ignoring removed nomblk_io_submit option
[  207.845699][ T4463] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  207.865968][ T4463] EXT4-fs (loop1): 1 truncate cleaned up
[  207.871754][ T4463] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  208.352833][  T416] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  208.553046][  T416] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  208.581285][  T416] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  208.594181][  T416] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  208.614464][  T416] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  208.649609][  T416] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  208.658456][  T416] usb 2-1: SerialNumber: syz
[  208.935640][  T416] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  208.981702][  T416] usb 2-1: USB disconnect, device number 33
[  209.046364][ T4485] binder: 4483:4485 ioctl 5427 0 returned -22
[  209.219126][  T416] usb 6-1: USB disconnect, device number 30
[  209.368334][ T4489] netlink: 27 bytes leftover after parsing attributes in process `syz.5.1312'.
[  209.390204][   T28] audit: type=1326 audit(1769189717.853:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413842][   T28] audit: type=1326 audit(1769189717.853:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413874][   T28] audit: type=1326 audit(1769189717.853:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413894][   T28] audit: type=1326 audit(1769189717.853:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413914][   T28] audit: type=1326 audit(1769189717.853:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413934][   T28] audit: type=1326 audit(1769189717.853:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413955][   T28] audit: type=1326 audit(1769189717.853:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413977][   T28] audit: type=1326 audit(1769189717.853:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.413999][   T28] audit: type=1326 audit(1769189717.853:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4494 comm="syz.5.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x7ffc0000
[  209.513942][  T284] EXT4-fs error (device loop1): mb_free_blocks:1810: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt.
[  209.623541][  T284] EXT4-fs (loop1): unmounting filesystem.
[  209.687345][ T4511] FAULT_INJECTION: forcing a failure.
[  209.687345][ T4511] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.729474][ T4511] CPU: 0 PID: 4511 Comm: syz.1.1321 Not tainted syzkaller #0
[  209.736896][ T4511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  209.746968][ T4511] Call Trace:
[  209.750248][ T4511]  <TASK>
[  209.753190][ T4511]  __dump_stack+0x21/0x24
[  209.757528][ T4511]  dump_stack_lvl+0x110/0x170
[  209.762211][ T4511]  ? __cfi_dump_stack_lvl+0x8/0x8
[  209.767249][ T4511]  dump_stack+0x15/0x24
[  209.771484][ T4511]  should_fail_ex+0x3d4/0x520
[  209.776177][ T4511]  should_fail+0xb/0x10
[  209.780356][ T4511]  should_fail_usercopy+0x1a/0x20
[  209.785399][ T4511]  _copy_to_user+0x1e/0x90
[  209.789823][ T4511]  simple_read_from_buffer+0xe9/0x160
[  209.795196][ T4511]  proc_fail_nth_read+0x1a6/0x220
[  209.800228][ T4511]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  209.805787][ T4511]  ? security_file_permission+0x94/0xb0
[  209.811370][ T4511]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  209.816927][ T4511]  vfs_read+0x27a/0x910
[  209.821099][ T4511]  ? __cfi_vfs_read+0x10/0x10
[  209.825787][ T4511]  ? __kasan_check_write+0x14/0x20
[  209.830900][ T4511]  ? mutex_lock+0x93/0x1b0
[  209.835328][ T4511]  ? __cfi_mutex_lock+0x10/0x10
[  209.840188][ T4511]  ? __fdget_pos+0x2cd/0x380
[  209.844785][ T4511]  ? ksys_read+0x71/0x250
[  209.849114][ T4511]  ksys_read+0x149/0x250
[  209.853378][ T4511]  ? __cfi_ksys_read+0x10/0x10
[  209.858158][ T4511]  ? debug_smp_processor_id+0x17/0x20
[  209.863546][ T4511]  __x64_sys_read+0x7b/0x90
[  209.868055][ T4511]  x64_sys_call+0x2f/0x9a0
[  209.872480][ T4511]  do_syscall_64+0x4c/0xa0
[  209.876906][ T4511]  ? clear_bhb_loop+0x30/0x80
[  209.881588][ T4511]  ? clear_bhb_loop+0x30/0x80
[  209.886277][ T4511]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.892172][ T4511] RIP: 0033:0x7fc2e055b58e
[  209.896593][ T4511] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  209.916204][ T4511] RSP: 002b:00007fc2e14fafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  209.924803][ T4511] RAX: ffffffffffffffda RBX: 00007fc2e14fb6c0 RCX: 00007fc2e055b58e
[  209.932788][ T4511] RDX: 000000000000000f RSI: 00007fc2e14fb0a0 RDI: 0000000000000004
[  209.940774][ T4511] RBP: 00007fc2e14fb090 R08: 0000000000000000 R09: 0000000000000000
[  209.948844][ T4511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.956830][ T4511] R13: 00007fc2e0816038 R14: 00007fc2e0815fa0 R15: 00007ffe30b507a8
[  209.964812][ T4511]  </TASK>
[  210.078553][ T4519] loop2: detected capacity change from 0 to 2048
[  210.119492][  T416] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  210.133820][ T4519] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1324'.
[  210.230929][ T4543] netlink: 'syz.0.1331': attribute type 4 has an invalid length.
[  210.259507][ T4543] netlink: 'syz.0.1331': attribute type 4 has an invalid length.
[  210.520768][  T846] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  210.550468][  T416] usb 6-1: config 0 has no interfaces?
[  210.557466][  T416] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  210.566750][  T416] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.574973][  T416] usb 6-1: Product: syz
[  210.579161][  T416] usb 6-1: Manufacturer: syz
[  210.584174][  T416] usb 6-1: SerialNumber: syz
[  210.592633][  T416] r8152-cfgselector 6-1: config 0 descriptor??
[  210.700513][  T846] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  210.711448][  T846] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  210.722531][  T846] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  210.736435][  T846] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  210.745671][  T846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  210.753749][  T846] usb 2-1: SerialNumber: syz
[  210.938706][ T4559] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1337'.
[  210.963959][  T846] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  210.970207][  T844] usb 6-1: config 0 descriptor??
[  210.976936][  T846] usb 2-1: USB disconnect, device number 34
[  211.002057][ T4514] xt_hashlimit: size too large, truncated to 1048576
[  211.263419][ T4575] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1343'.
[  211.279783][ T4575] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1343'.
[  211.323951][  T844] usb 6-1: can't set config #0, error -71
[  211.323951][  T363] usb 6-1: USB disconnect, device number 31
[  211.545299][ T4601] netlink: 4168 bytes leftover after parsing attributes in process `syz.1.1354'.
[  211.852933][ T4606] xt_hashlimit: size too large, truncated to 1048576
[  212.040774][ T4615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1358'.
[  212.252205][ T4619] binder: 4616:4619 ioctl 5427 0 returned -22
[  212.256041][ T4620] loop2: detected capacity change from 0 to 128
[  212.271981][ T4619] binder: 4616:4619 ioctl c0306201 200000000240 returned -11
[  212.609535][  T416] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  212.799471][  T416] usb 3-1: Using ep0 maxpacket: 32
[  212.870428][  T416] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  212.894120][  T416] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  212.948851][  T416] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  212.968344][  T416] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.989448][  T416] usb 3-1: Product: syz
[  212.993651][  T416] usb 3-1: Manufacturer: syz
[  212.998334][  T416] usb 3-1: SerialNumber: syz
[  213.030299][  T416] usb 3-1: config 0 descriptor??
[  213.329560][ T3806] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  213.630518][ T3806] usb 6-1: config 0 has no interfaces?
[  213.637547][ T3806] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  213.661604][ T3806] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.675378][ T3806] usb 6-1: Product: syz
[  213.685588][ T4659] device syz_tun entered promiscuous mode
[  213.690178][ T3806] usb 6-1: Manufacturer: syz
[  213.697559][ T3806] usb 6-1: SerialNumber: syz
[  213.704542][ T4659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1373'.
[  213.717474][ T3806] r8152-cfgselector 6-1: config 0 descriptor??
[  213.778866][ T4669] binder: 4667:4669 ioctl 5427 0 returned -22
[  213.785513][ T4669] binder: 4667:4669 ioctl c0306201 200000000240 returned -11
[  213.793386][ T4658] device syz_tun left promiscuous mode
[  213.929143][ T4640] xt_hashlimit: size too large, truncated to 1048576
[  214.115807][ T3806] r8152-cfgselector 6-1: Unknown version 0x0000
[  214.125406][ T3806] r8152-cfgselector 6-1: USB disconnect, device number 32
[  214.546751][ T4676] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1379'.
[  214.611226][ T4682] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1381'.
[  215.327303][    T6] usb 3-1: USB disconnect, device number 23
[  215.750141][ T4710] loop2: detected capacity change from 0 to 128
[  215.899273][ T4717] binder: BINDER_SET_CONTEXT_MGR already set
[  215.908475][ T4717] binder: 4715:4717 ioctl 4018620d 200000000040 returned -16
[  215.923422][ T4717] binder: 4715:4717 ioctl 5427 0 returned -22
[  215.952888][   T28] kauditd_printk_skb: 46 callbacks suppressed
[  215.952902][   T28] audit: type=1400 audit(1769189980.413:1124): avc:  denied  { map } for  pid=4718 comm="syz.2.1395" path="socket:[37198]" dev="sockfs" ino=37198 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  216.110164][ T4725] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1396'.
[  216.771984][ T4740] binder: 4738:4740 ioctl 5427 0 returned -22
[  217.519531][   T28] audit: type=1400 audit(1769189981.983:1125): avc:  denied  { mount } for  pid=4747 comm="syz.5.1403" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  217.940607][   T28] audit: type=1400 audit(1769189982.403:1126): avc:  denied  { associate } for  pid=4747 comm="syz.5.1403" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  218.068764][ T4762] binder: 4760:4762 ioctl 5427 0 returned -22
[  218.142398][ T4764] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  218.219548][   T28] audit: type=1400 audit(1769189982.673:1127): avc:  denied  { create } for  pid=4777 comm="syz.3.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  218.450459][ T4790] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1419'.
[  218.588399][ T4791] netlink: 45349 bytes leftover after parsing attributes in process `syz.3.1418'.
[  219.177956][ T4811] overlayfs: failed to resolve './file0': -2
[  219.312592][ T4820] futex_wake_op: syz.0.1431 tries to shift op by 32; fix this program
[  219.355288][ T4825] 9pnet_fd: Insufficient options for proto=fd
[  219.958447][   T28] audit: type=1400 audit(1769192032.413:1128): avc:  denied  { mounton } for  pid=4840 comm="syz.0.1439" path="/359/file0" dev="tmpfs" ino=1954 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  220.037902][ T4844] overlayfs: missing 'workdir'
[  220.060309][ T4844] x_tables: duplicate underflow at hook 1
[  220.222537][ T4846] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1441'.
[  220.419466][    T6] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  220.463539][ T4871] tipc: Enabling of bearer <ib:ipvlan0> rejected, media not registered
[  220.630666][    T6] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  220.641595][    T6] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  220.890899][    T6] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  220.904871][    T6] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  220.914086][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  220.922168][    T6] usb 2-1: SerialNumber: syz
[  220.928235][    T6] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  221.080659][ T4889] binder: 4884:4889 ioctl 5427 0 returned -22
[  221.129777][    T6] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  221.141870][    T6] usb 2-1: USB disconnect, device number 35
[  221.187592][ T4886] loop2: detected capacity change from 0 to 40427
[  221.201554][ T4886] F2FS-fs (loop2): Invalid log_blocksize (64), supports only 12
[  221.217501][ T4886] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  221.237936][ T4886] F2FS-fs (loop2): invalid crc value
[  221.264631][ T4886] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  221.363659][ T4886] F2FS-fs (loop2): Start checkpoint disabled!
[  221.398514][ T4886] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  221.418003][ T4886] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  221.456036][ T4886] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  221.499061][   T10] kworker/u4:1: attempt to access beyond end of device
[  221.499061][   T10] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  222.024787][ T4895] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1457'.
[  222.109945][ T4902] 9pnet_fd: Insufficient options for proto=fd
[  222.175957][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  222.592182][   T28] audit: type=1326 audit(1769192035.043:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4906 comm="syz.5.1460" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a4179acb9 code=0x0
[  222.642449][ T4913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1458'.
[  222.690262][ T4921] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1460'.
[  222.789486][  T474] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  222.960651][   T28] audit: type=1400 audit(1769192035.423:1130): avc:  denied  { setattr } for  pid=4918 comm="syz.0.1466" name="NETLINK" dev="sockfs" ino=38336 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  222.995267][ T4923] loop2: detected capacity change from 0 to 512
[  223.007701][ T4923] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  223.020465][  T474] usb 2-1: Using ep0 maxpacket: 32
[  223.027375][  T474] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  223.039540][ T4923] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  223.047748][  T474] usb 2-1: config 0 has no interface number 0
[  223.048355][ T4923] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  223.059472][  T474] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  223.069310][ T4923] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  223.082259][  T474] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  223.083546][ T4923] System zones: 0-2, 18-18, 34-35
[  223.097415][ T4923] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  223.103358][  T474] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.158257][  T474] usb 2-1: Product: syz
[  223.169445][  T474] usb 2-1: Manufacturer: syz
[  223.174069][  T474] usb 2-1: SerialNumber: syz
[  223.196576][  T474] usb 2-1: config 0 descriptor??
[  223.201852][ T4909] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  223.451341][ T4909] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  223.848182][  T287] EXT4-fs (loop2): unmounting filesystem.
[  223.859646][  T474] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  223.879003][  T474] asix: probe of 2-1:0.188 failed with error -61
[  224.035728][ T4958] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1476'.
[  224.189593][ T4295] Bluetooth: hci0: command 0x1003 tx timeout
[  224.196516][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  224.203660][ T4910] Bluetooth: hci0: Opcode 0x080f failed: -22
[  224.297286][   T28] audit: type=1400 audit(1769192036.753:1131): avc:  denied  { connect } for  pid=4966 comm="syz.5.1482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  224.826302][ T4976] loop2: detected capacity change from 0 to 2048
[  224.840580][ T4976] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  224.861091][ T4976] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  224.892052][  T287] EXT4-fs (loop2): unmounting filesystem.
[  224.927624][ T4981] loop2: detected capacity change from 0 to 512
[  224.942307][ T4981] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  224.951532][ T4981] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  224.960683][ T4981] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  224.971061][ T4981] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  224.986129][ T4981] System zones: 0-2, 18-18, 34-35
[  224.991354][    C0] ==================================================================
[  224.991370][    C0] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[  224.991404][    C0] Write of size 8 at addr ffff888112988a00 by task syz.2.1486/4981
[  224.991423][    C0] 
[  224.991430][    C0] CPU: 0 PID: 4981 Comm: syz.2.1486 Not tainted syzkaller #0
[  224.991450][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  224.991463][    C0] Call Trace:
[  224.991470][    C0]  <IRQ>
[  224.991477][    C0]  __dump_stack+0x21/0x24
[  224.991502][    C0]  dump_stack_lvl+0x110/0x170
[  224.991522][    C0]  ? __cfi_dump_stack_lvl+0x8/0x8
[  224.991545][    C0]  ? enqueue_timer+0xae/0x480
[  224.991569][    C0]  print_address_description+0x71/0x200
[  224.991591][    C0]  print_report+0x4a/0x60
[  224.991610][    C0]  kasan_report+0x122/0x150
[  224.991634][    C0]  ? enqueue_timer+0xae/0x480
[  224.991659][    C0]  __asan_report_store8_noabort+0x17/0x20
[  224.991678][    C0]  enqueue_timer+0xae/0x480
[  224.991704][    C0]  __mod_timer+0x84c/0xc00
[  224.991728][    C0]  mod_timer+0x1f/0x30
[  224.991748][    C0]  ip6_fl_gc+0x422/0x440
[  224.991769][    C0]  ? __cfi_ip6_fl_gc+0x10/0x10
[  224.991788][    C0]  call_timer_fn+0x46/0x2a0
[  224.991812][    C0]  ? __cfi_ip6_fl_gc+0x10/0x10
[  224.991832][    C0]  __run_timers+0x65b/0x9f0
[  224.991859][    C0]  ? calc_index+0x200/0x200
[  224.991883][    C0]  ? kvm_sched_clock_read+0x18/0x40
[  224.991914][    C0]  run_timer_softirq+0x6a/0xf0
[  224.991937][    C0]  handle_softirqs+0x1d7/0x600
[  224.991960][    C0]  ? irqtime_account_irq+0xc4/0x240
[  224.991987][    C0]  __irq_exit_rcu+0x52/0xf0
[  224.992007][    C0]  irq_exit_rcu+0x9/0x10
[  224.992026][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  224.992055][    C0]  </IRQ>
[  224.992061][    C0]  <TASK>
[  224.992068][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  224.992096][    C0] RIP: 0010:console_emit_next_record+0x8a1/0xab0
[  224.992125][    C0] Code: de 48 81 e6 00 02 00 00 31 ff e8 7a 86 19 00 48 81 e3 00 02 00 00 75 07 e8 ac 81 19 00 eb 06 e8 a5 81 19 00 fb 0f b6 5c 24 17 <66> 43 c7 44 25 20 f8 f8 43 c6 44 25 22 f8 4f 89 74 25 10 66 43 c7
[  224.992144][    C0] RSP: 0018:ffffc90010b3f320 EFLAGS: 00000283
[  224.992163][    C0] RAX: ffffffff8157c81b RBX: 0000000000000001 RCX: 0000000000080000
[  224.992178][    C0] RDX: ffffc9000229d000 RSI: 000000000000c75a RDI: 000000000000c75b
[  224.992192][    C0] RBP: ffffc90010b3f510 R08: 0000000000000003 R09: 0000000000000004
[  224.992206][    C0] R10: dffffc0000000000 R11: fffff52002167e54 R12: dffffc0000000000
[  224.992221][    C0] R13: 1ffff92002167e70 R14: f8f8f8f8f8f8f8f8 R15: ffffc90010b3f55f
[  224.992239][    C0]  ? console_emit_next_record+0x89b/0xab0
[  224.992276][    C0]  ? info_print_prefix+0x360/0x360
[  224.992305][    C0]  ? _raw_spin_lock_irqsave+0xc2/0x130
[  224.992327][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  224.992351][    C0]  ? __cfi_vprintk_store+0x10/0x10
[  224.992374][    C0]  console_unlock+0x246/0x560
[  224.992395][    C0]  ? down_trylock+0x52/0xb0
[  224.992422][    C0]  ? __cfi_console_unlock+0x10/0x10
[  224.992444][    C0]  ? __kasan_check_write+0x14/0x20
[  224.992462][    C0]  vprintk_emit+0x14d/0x420
[  224.992482][    C0]  ? __cfi_vprintk_emit+0x10/0x10
[  224.992505][    C0]  vprintk_default+0x26/0x30
[  224.992526][    C0]  vprintk+0x7a/0x80
[  224.992550][    C0]  _printk+0xda/0x128
[  224.992578][    C0]  ? __cfi__printk+0x8/0x8
[  224.992605][    C0]  ? add_system_zone+0x47a/0x610
[  224.992634][    C0]  debug_print_tree+0x161/0x190
[  224.992655][    C0]  ext4_setup_system_zone+0x69c/0x980
[  224.992685][    C0]  ? __cfi_ext4_setup_system_zone+0x10/0x10
[  224.992714][    C0]  ? __cleancache_init_fs+0x6e/0xb0
[  224.992734][    C0]  ? ext4_setup_super+0x6f6/0xb50
[  224.992756][    C0]  ? ext4_set_resv_clusters+0x91/0x240
[  224.992777][    C0]  ext4_fill_super+0x6354/0x7a30
[  224.992804][    C0]  ? __cfi_ext4_fill_super+0x10/0x10
[  224.992828][    C0]  ? __cfi_snprintf+0x10/0x10
[  224.992849][    C0]  ? mutex_unlock+0x8f/0x230
[  224.992874][    C0]  ? set_blocksize+0x1cf/0x350
[  224.992900][    C0]  ? sb_set_blocksize+0xaa/0xf0
[  224.992926][    C0]  get_tree_bdev+0x447/0x690
[  224.992952][    C0]  ? __cfi_ext4_fill_super+0x10/0x10
[  224.992974][    C0]  ext4_get_tree+0x1c/0x20
[  224.992992][    C0]  vfs_get_tree+0x9a/0x270
[  224.993019][    C0]  do_new_mount+0x25a/0xa20
[  224.993047][    C0]  path_mount+0x659/0xfc0
[  224.993074][    C0]  ? user_path_at_empty+0x161/0x1c0
[  224.993097][    C0]  __se_sys_mount+0x320/0x390
[  224.993124][    C0]  ? __this_cpu_preempt_check+0x13/0x20
[  224.993144][    C0]  ? __x64_sys_mount+0xd0/0xd0
[  224.993172][    C0]  ? __kasan_check_write+0x14/0x20
[  224.993190][    C0]  ? fpregs_restore_userregs+0x128/0x260
[  224.993214][    C0]  __x64_sys_mount+0xbf/0xd0
[  224.993241][    C0]  x64_sys_call+0x65d/0x9a0
[  224.993271][    C0]  do_syscall_64+0x4c/0xa0
[  224.993292][    C0]  ? clear_bhb_loop+0x30/0x80
[  224.993318][    C0]  ? clear_bhb_loop+0x30/0x80
[  224.993345][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  224.993372][    C0] RIP: 0033:0x7f5088d9bf4a
[  224.993388][    C0] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.993405][    C0] RSP: 002b:00007f5089ba2e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  224.993426][    C0] RAX: ffffffffffffffda RBX: 00007f5089ba2ee0 RCX: 00007f5088d9bf4a
[  224.993441][    C0] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f5089ba2ea0
[  224.993456][    C0] RBP: 00002000000000c0 R08: 00007f5089ba2ee0 R09: 0000000000808080
[  224.993471][    C0] R10: 0000000000808080 R11: 0000000000000246 R12: 0000200000000080
[  224.993484][    C0] R13: 00007f5089ba2ea0 R14: 0000000000000525 R15: 0000200000000000
[  224.993502][    C0]  </TASK>
[  224.993509][    C0] 
[  224.993519][    C0] Allocated by task 4910:
[  224.993527][    C0]  kasan_set_track+0x4b/0x70
[  224.993546][    C0]  kasan_save_alloc_info+0x25/0x30
[  224.993571][    C0]  __kasan_kmalloc+0x95/0xb0
[  224.993592][    C0]  __kmalloc+0xb1/0x1e0
[  224.993618][    C0]  hci_alloc_dev_priv+0x27/0x1bd0
[  224.993641][    C0]  hci_uart_tty_ioctl+0x3d6/0xa20
[  224.993664][    C0]  tty_ioctl+0x8ef/0xc60
[  224.993684][    C0]  __se_sys_ioctl+0x12f/0x1b0
[  224.993702][    C0]  __x64_sys_ioctl+0x7b/0x90
[  224.993719][    C0]  x64_sys_call+0x58b/0x9a0
[  224.993740][    C0]  do_syscall_64+0x4c/0xa0
[  224.993759][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  224.993785][    C0] 
[  224.993789][    C0] Freed by task 4910:
[  224.993798][    C0]  kasan_set_track+0x4b/0x70
[  224.993817][    C0]  kasan_save_free_info+0x31/0x50
[  224.993843][    C0]  ____kasan_slab_free+0x132/0x180
[  224.993864][    C0]  __kasan_slab_free+0x11/0x20
[  224.993885][    C0]  slab_free_freelist_hook+0xc2/0x190
[  224.993911][    C0]  __kmem_cache_free+0xb7/0x1b0
[  224.993934][    C0]  kfree+0x6f/0xf0
[  224.993948][    C0]  hci_release_dev+0x12a3/0x13b0
[  224.993972][    C0]  bt_host_release+0x82/0x90
[  224.993998][    C0]  device_release+0xa4/0x1d0
[  224.994019][    C0]  kobject_put+0x19d/0x280
[  224.994042][    C0]  put_device+0x1f/0x30
[  224.994064][    C0]  hci_dev_cmd+0x279/0x740
[  224.994081][    C0]  hci_sock_ioctl+0x41e/0x7f0
[  224.994105][    C0]  sock_do_ioctl+0x114/0x330
[  224.994132][    C0]  sock_ioctl+0x4ca/0x720
[  224.994157][    C0]  __se_sys_ioctl+0x12f/0x1b0
[  224.994175][    C0]  __x64_sys_ioctl+0x7b/0x90
[  224.994192][    C0]  x64_sys_call+0x58b/0x9a0
[  224.994213][    C0]  do_syscall_64+0x4c/0xa0
[  224.994232][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  224.994258][    C0] 
[  224.994269][    C0] Last potentially related work creation:
[  224.994275][    C0]  kasan_save_stack+0x3a/0x60
[  224.994295][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[  224.994321][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[  224.994348][    C0]  insert_work+0x51/0x300
[  224.994364][    C0]  __queue_work+0x9b1/0xd30
[  224.994385][    C0]  queue_work_on+0xde/0x150
[  224.994402][    C0]  __hci_cmd_sync_sk+0xa7f/0xd30
[  224.994422][    C0]  hci_cmd_sync_status+0x53/0x120
[  224.994444][    C0]  hci_dev_cmd+0x648/0x740
[  224.994460][    C0]  hci_sock_ioctl+0x41e/0x7f0
[  224.994482][    C0]  sock_do_ioctl+0x114/0x330
[  224.994512][    C0]  sock_ioctl+0x4ca/0x720
[  224.994535][    C0]  __se_sys_ioctl+0x12f/0x1b0
[  224.994552][    C0]  __x64_sys_ioctl+0x7b/0x90
[  224.994568][    C0]  x64_sys_call+0x58b/0x9a0
[  224.994589][    C0]  do_syscall_64+0x4c/0xa0
[  224.994607][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  224.994630][    C0] 
[  224.994633][    C0] Second to last potentially related work creation:
[  224.994640][    C0]  kasan_save_stack+0x3a/0x60
[  224.994659][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[  224.994685][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[  224.994711][    C0]  insert_work+0x51/0x300
[  224.994726][    C0]  __queue_work+0x9b1/0xd30
[  224.994746][    C0]  queue_work_on+0xde/0x150
[  224.994766][    C0]  hci_cmd_timeout+0x191/0x200
[  224.994788][    C0]  process_one_work+0x71f/0xc40
[  224.994801][    C0]  worker_thread+0xa29/0x11e0
[  224.994815][    C0]  kthread+0x281/0x320
[  224.994831][    C0]  ret_from_fork+0x1f/0x30
[  224.994850][    C0] 
[  224.994853][    C0] The buggy address belongs to the object at ffff888112988000
[  224.994853][    C0]  which belongs to the cache kmalloc-8k of size 8192
[  224.994869][    C0] The buggy address is located 2560 bytes inside of
[  224.994869][    C0]  8192-byte region [ffff888112988000, ffff88811298a000)
[  224.994889][    C0] 
[  224.994893][    C0] The buggy address belongs to the physical page:
[  224.994901][    C0] page:ffffea00044a6200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112988
[  224.994920][    C0] head:ffffea00044a6200 order:3 compound_mapcount:0 compound_pincount:0
[  224.994936][    C0] flags: 0x4000000000010200(slab|head|zone=1)
[  224.994970][    C0] raw: 4000000000010200 ffffea000454ac00 dead000000000002 ffff888100043500
[  224.994988][    C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  224.994997][    C0] page dumped because: kasan: bad access detected
[  224.995006][    C0] page_owner tracks the page as allocated
[  224.995017][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2007, tgid 1995 (syz.3.493), ts 102047648294, free_ts 102033423778
[  224.995053][    C0]  post_alloc_hook+0x1f5/0x210
[  224.995076][    C0]  prep_new_page+0x1c/0x110
[  224.995099][    C0]  get_page_from_freelist+0x2d12/0x2d80
[  224.995122][    C0]  __alloc_pages+0x1d9/0x480
[  224.995144][    C0]  alloc_slab_page+0x6e/0xf0
[  224.995169][    C0]  new_slab+0x98/0x3d0
[  224.995193][    C0]  ___slab_alloc+0x6bd/0xb20
[  224.995215][    C0]  __slab_alloc+0x5e/0xa0
[  224.995237][    C0]  __kmem_cache_alloc_node+0x203/0x2c0
[  224.995267][    C0]  __kmalloc_node+0xa1/0x1e0
[  224.995293][    C0]  bpf_map_area_alloc+0x4b/0xe0
[  224.995312][    C0]  prealloc_init+0x146/0x8f0
[  224.995334][    C0]  htab_map_alloc+0xb24/0xfd0
[  224.995352][    C0]  map_create+0x49c/0xd80
[  224.995367][    C0]  __sys_bpf+0x34e/0x850
[  224.995383][    C0]  __x64_sys_bpf+0x7c/0x90
[  224.995408][    C0] page last free stack trace:
[  224.995414][    C0]  free_unref_page_prepare+0x742/0x750
[  224.995437][    C0]  free_unref_page+0x95/0x540
[  224.995459][    C0]  __free_pages+0x67/0x100
[  224.995480][    C0]  __free_slab+0xca/0x1a0
[  224.995505][    C0]  discard_slab+0x29/0x40
[  224.995527][    C0]  __slab_free+0x201/0x280
[  224.995551][    C0]  ___cache_free+0xbf/0xd0
[  224.995569][    C0]  qlist_free_all+0xc6/0x140
[  224.995585][    C0]  kasan_quarantine_reduce+0x14a/0x170
[  224.995600][    C0]  __kasan_slab_alloc+0x24/0x80
[  224.995615][    C0]  slab_post_alloc_hook+0x4f/0x2d0
[  224.995634][    C0]  kmem_cache_alloc_node+0x181/0x340
[  224.995651][    C0]  __alloc_skb+0xea/0x4b0
[  224.995665][    C0]  netlink_sendmsg+0x635/0xbd0
[  224.995681][    C0]  ____sys_sendmsg+0x5cc/0x990
[  224.995700][    C0]  ___sys_sendmsg+0x2a2/0x360
[  224.995720][    C0] 
[  224.995723][    C0] Memory state around the buggy address:
[  224.995732][    C0]  ffff888112988900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  224.995744][    C0]  ffff888112988980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  224.995755][    C0] >ffff888112988a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  224.995761][    C0]                    ^
[  224.995770][    C0]  ffff888112988a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  224.995780][    C0]  ffff888112988b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  224.995788][    C0] ==================================================================
[  224.995795][    C0] Disabling lock debugging due to kernel taint
[  225.013623][ T4986] xt_hashlimit: size too large, truncated to 1048576
[  225.032782][ T4981] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  225.516539][  T363] usb 2-1: USB disconnect, device number 36
[  226.242858][  T287] EXT4-fs (loop2): unmounting filesystem.
[  226.269541][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  226.281293][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  226.289691][    C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B              syzkaller #0
[  226.298180][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  226.308217][    C0] RIP: 0010:__queue_work+0x575/0xd30
[  226.313488][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 44 29 00 4c 89 ff e8 a0 80 b7 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 ec 70 6e 00 49 8b 7d 00 e8 33 7c
[  226.333132][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[  226.339182][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c680
[  226.347164][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  226.355127][    C0] RBP: ffffc90000007d08 R08: 0000000000000007 R09: fffffffffffffffb
[  226.363088][    C0] R10: dffffc0000000000 R11: ffffed1022531139 R12: dffffc0000000000
[  226.371041][    C0] R13: 0000000000000000 R14: ffff8881129889c8 R15: 0000000000000008
[  226.378993][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  226.387905][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  226.394471][    C0] CR2: 0000555574ce9908 CR3: 0000000118476000 CR4: 00000000003506b0
[  226.402429][    C0] Call Trace:
[  226.405689][    C0]  <IRQ>
[  226.408514][    C0]  delayed_work_timer_fn+0x61/0x80
[  226.413614][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  226.419511][    C0]  call_timer_fn+0x46/0x2a0
[  226.424082][    C0]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  226.429875][    C0]  __run_timers+0x689/0x9f0
[  226.434366][    C0]  ? calc_index+0x200/0x200
[  226.438851][    C0]  ? kvm_sched_clock_read+0x18/0x40
[  226.444037][    C0]  run_timer_softirq+0x6a/0xf0
[  226.448795][    C0]  handle_softirqs+0x1d7/0x600
[  226.453541][    C0]  ? irqtime_account_irq+0xc4/0x240
[  226.458725][    C0]  __irq_exit_rcu+0x52/0xf0
[  226.463205][    C0]  irq_exit_rcu+0x9/0x10
[  226.467431][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  226.473056][    C0]  </IRQ>
[  226.476062][    C0]  <TASK>
[  226.478979][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  226.485035][    C0] RIP: 0010:default_idle+0xf/0x20
[  226.490040][    C0] Code: 67 1c b7 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 53 d8 46 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[  226.509726][    C0] RSP: 0018:ffffffff86e07d58 EFLAGS: 00000257
[  226.515779][    C0] RAX: ffff8881f7000000 RBX: ffffffff86e1c680 RCX: 3f018cdf24cccb00
[  226.523728][    C0] RDX: 0000000000000001 RSI: ffffffff85aa6980 RDI: ffffffff85aa6940
[  226.531678][    C0] RBP: ffffffff86e07d58 R08: ffff8881f70348b3 R09: 1ffff1103ee06916
[  226.539725][    C0] R10: 0000000000000000 R11: ffffffff84ff5aa0 R12: 0000000000000000
[  226.547673][    C0] R13: 0000000000000000 R14: ffffffff86e1c680 R15: dffffc0000000000
[  226.555630][    C0]  ? __cfi_default_idle+0x10/0x10
[  226.560639][    C0]  arch_cpu_idle+0x1c/0x20
[  226.565034][    C0]  default_idle_call+0x71/0x1d0
[  226.569865][    C0]  do_idle+0x1a7/0x560
[  226.573915][    C0]  ? ct_irq_exit+0x9/0x10
[  226.578230][    C0]  ? idle_inject_timer_fn+0x60/0x60
[  226.583408][    C0]  cpu_startup_entry+0x43/0x60
[  226.588154][    C0]  rest_init+0x10a/0x130
[  226.592373][    C0]  ? __cfi_x86_late_time_init+0x8/0x8
[  226.597729][    C0]  arch_call_rest_init+0xe/0x10
[  226.602600][    C0]  start_kernel+0x47e/0x4ec
[  226.607087][    C0]  x86_64_start_reservations+0x2a/0x2c
[  226.612546][    C0]  x86_64_start_kernel+0x7c/0x81
[  226.617557][    C0]  secondary_startup_64_no_verify+0xce/0xdb
[  226.623457][    C0]  </TASK>
[  226.626473][    C0] Modules linked in:
[  226.630352][    C0] ---[ end trace 0000000000000000 ]---
[  226.635778][    C0] RIP: 0010:__queue_work+0x575/0xd30
[  226.641045][    C0] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 44 29 00 4c 89 ff e8 a0 80 b7 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 ec 70 6e 00 49 8b 7d 00 e8 33 7c
[  226.660717][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[  226.666764][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c680
[  226.674724][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  226.682672][    C0] RBP: ffffc90000007d08 R08: 0000000000000007 R09: fffffffffffffffb
[  226.690634][    C0] R10: dffffc0000000000 R11: ffffed1022531139 R12: dffffc0000000000
[  226.698603][    C0] R13: 0000000000000000 R14: ffff8881129889c8 R15: 0000000000000008
[  226.706564][    C0] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  226.715474][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  226.722039][    C0] CR2: 0000555574ce9908 CR3: 0000000118476000 CR4: 00000000003506b0
[  226.730000][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  226.737537][    C0] Kernel Offset: disabled
[  226.741880][    C0] Rebooting in 86400 seconds..