last executing test programs:

4m20.583578566s ago: executing program 3 (id=1285):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x5f1, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x30}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xd, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5b", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4m18.077401647s ago: executing program 3 (id=1295):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x181100)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, <r3=>r1})
r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3})
ioctl$DRM_IOCTL_GEM_FLINK(r4, 0xc008640a, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000100))
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r6=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r6, 0x1, 0xffff, 0xa, 0x1ff, 0x1})

4m16.902940917s ago: executing program 3 (id=1299):
r0 = io_uring_setup(0x4aa5, &(0x7f0000000200)={0x0, 0x0, 0x40})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f00000001c0)=[@ioring_restriction_sqe_op={0x1, 0xc}], 0x1)

4m15.688516659s ago: executing program 3 (id=1302):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}, 0x1, 0x0, 0x0, 0x4040895}, 0x20000080)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x34, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfe, {0x0, 0x0, 0x0, r3, {0xf}, {}, {0x7, 0x1}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}}, 0x24040084)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r4)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x64044000)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
process_mrelease(0xffffffffffffffff, 0x0)
request_key(&(0x7f00000011c0)='big_key\x00', &(0x7f0000001200)={'syz', 0x1}, &(0x7f0000001240)='\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980), 0x0, 0xfffffffffffffffb)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

4m9.232883599s ago: executing program 3 (id=1321):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x80)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)={[{@quota}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x37]}}]})
chdir(&(0x7f0000000240)='./file0\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000001800), 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)

4m7.591429379s ago: executing program 3 (id=1325):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r1 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

3m51.222767368s ago: executing program 32 (id=1325):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r1 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

1m39.876397355s ago: executing program 5 (id=1682):
bind$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(0xffffffffffffffff, 0x7fff)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

1m39.337058639s ago: executing program 5 (id=1685):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)

1m38.857093745s ago: executing program 5 (id=1689):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
shutdown(r0, 0x1)
recvmsg$inet_nvme(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/178, 0xb2}], 0x1}, 0x10241)

1m38.32594148s ago: executing program 5 (id=1695):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1m37.582114649s ago: executing program 5 (id=1701):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)

1m37.096575108s ago: executing program 5 (id=1704):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x40001f9, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_procfs(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000700)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r4, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x549, &(0x7f0000001800)="$eJzs3c9vI1cdAPDvTH65222zCz1ABewChQWt1t5421XVS8sFhKpKiIoD4rANiTcKseMQO6UJkUj/BpBA4gR/AgckDkg9ceDGEYkDQpQDUoEItEHiYDRjJ+smNmtqx+7Gn480O/Pmzcz3PWdn3vNz4hfA1LoeEQcRMR8Rb0TEYmd/0lnilfaSHffgcH/l6HB/JYlW6/W/J3l+ti+6zsk82blmISK+/pWIbydn4zZ29zaWq9XKdiddata2So3dvVvrteW1ylpls1y+u3T39ot3XiiPrK7Xar9478vrr37j17/65Lu/O/ji97NiXe7kdddjlNpVnzuJk5mNiFfPI9gEzHTW8xMuBx9MGhEfiYjP5Pf/Yszk/zsBgIus1VqM1mJ3GgC46NJ8DCxJixGRpp1OQLE9hvdMXEqr9Ubz5v36zuZqe6zsSsyl99erldtXF/7w3fzguSRLL+V5eX6eLp9K34mIqxHxo4Un8nRxpV5dnUyXBwCm3pPd7X9E/GshTYvFgU7t8akeAPDYKEy6AADA2Gn/AWD6aP8BYPoM0P53Puw/OPeyAADj4f0/AEwf7T8ATB/tPwBMla+99lq2tI4633+9+ubuzkb9zVurlcZGsbazUlypb28V1+r1tfw7e2qPul61Xt9aej523io1K41mqbG7d69W39ls3su/1/teZW4stQIA/per1975fRIRBy89kS/RNZeDthoutnSERwGPl5lhTtZBgMea2b5geg3UhOedhN+ee1mAyej5Zd6Fnpvv95P/I4jfM4IPlRsfH3z83xzPcLEY2Yfp9cHG/18eeTmA8TP+D9Or1UpOz/k/f5IFAFxIQ/wKX+sHo+qEABP1qMm8R/L5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwwlyPiO5GkxXwu8DT7Ny0WI56KiCsxl9xfr1ZuR8TTcS0i5hay9NKkCw0ADCn9a9KZ/+vG4nOXT+fOJ/9eyNcR8b2fvv7jt5abze2lbP8/TvYvHE8fVn543hDzCgIAg/vzIAfl7Xe5s+56I//gcH/leDnHMp7x3pdOJh9dOTrcz5d2zmy0Wq1WRCHvS1z6ZxKznXMKEfFsRMyMIP7B2xHxsV71T/KxkSudmU+740cn9lNjjZ++L36a57XX2cv30RGUBabNO9nz55Ve918a1/N17/u/kD+hhpc//woRx8++o674s51IMz3iZ/f89UFjPP+br57Z2Vps570d8exsr/jJSfykT/znBoz/x0986ocv98lr/SziRvSO3x2r1KxtlRq7e7fWa8trlbXKZrl8d+nu7RfvvFAu5WPUpeOR6rP+9tLNp/uVLav/pT7xCz3rP39y7ucGrP/P//PGtz79MLlwOv4XPtv75/9Mz/htWZv4+QHjL1/6Zd/pu7P4q33q/6if/80B47/7l73VAQ8FAMagsbu3sVytVraH2sjehY7iOmc2siIOdvBxd3G4oH+KfGNEL0ufjawzNsjBc+f1qp77xuxJX3G0V/5mdsUxVycdeS2G2ngwrliTeyYB4/Hwpp90SQAAAAAAAAAAAAAAgH7G8adLk64jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9d/AwAA//8+JMPM")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000001c0)='./file1\x00', 0x204bc2f, 0x0, 0x1, 0x0, &(0x7f0000000240))
r5 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
close_range(r6, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)

1m32.862071555s ago: executing program 1 (id=1721):
socket(0x80000000000000a, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004500004400000000002190337bf58400ffffffff050090780a0101026a0000000000000000000000ac"], 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)}, &(0x7f0000000100)=0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'team0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006261746164760000", @ANYRES32=r6, @ANYRES32=r3], 0x3c}}, 0x0)

1m25.727203374s ago: executing program 1 (id=1739):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x1c, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2}}, 0x1c}}, 0x0)

1m24.72229245s ago: executing program 1 (id=1742):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = dup2(r0, r0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000840)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x81)

1m24.468789117s ago: executing program 1 (id=1744):
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x200000, &(0x7f0000000440)={[{@utf8}, {@iocharset={'iocharset', 0x3d, 'cp863'}}, {@gid}, {@errors_remount}, {@dmask={'dmask', 0x3d, 0x1}}, {@keep_last_dots}, {@errors_continue}, {@allow_utime={'allow_utime', 0x3d, 0x8}}, {@errors_remount}]}, 0x1, 0x14e1, &(0x7f0000002ac0)="$eJzs3Al0VkW2KODaVXUgxIi/EZlr1z7wiwGKiIjIICIyiIiICIjMIiBiRERERISATCICIgIyRkSGEAGRIUDEMM/zPBhpREREZJJJoN7C7r7cbvsu7uvXt3nvZX9r1UrtnLP3X5Wd5D/nrJX81HVYjcY1qzYgIvHPUH+dwJ8/JAshYoQQA4UQtwkhAiFE2fiy8deO51KQ/E+9CPsf0jD1Zq+A3Uzc/+yN+5+9cf+zN+5/9sb9z964/9kb9z974/4zlq2lFbidR/YdN3j+n/NG3z78/P//Zfz+n71x/7M37n/2xv3P3rj/2Rv3P3vj/mdv3P//j8kbn8L9Zyxb+7/gGTSPmzgYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLF/gwv+Oi2E+Ov8Zq+LMcYYY4wxxhhj/zo+581eAWOMMcYYY4wxxv7ngZBCCS0CkUPkFDEil4gVt4g4cavILW4TEXG7iBd3iDziTpFX5BP5RQFRUBQShYURKKwgEYoioqiIirtEMXG3SBDFRQlRUjhRSiSKe0Rpca8oI+4TZcX9opx4QJQXFURFUUk8KCqLh0QV8bCoKh4R1UR1UUPUFI+KWuIxUVs8LuqIJ0Rd8aSoJ54S9cXTooFoKBqJZ0Rj8axoIpqKZqK5aCFailb/VP5bood4W/QUvUSy6C36iHdEX9FP9BcDxEDxrhgk3hODxftiiBgqhokPxHDxoRghPhIjxSgxWnwsxoixYpwYLyaIiSJFfCImiU/FZPGZmCKmimliukgVM0Sa+FzMFLPEbPGFmCO+FHPFPDFfLBDpYqFYJBaLDPGVWCK+FpliqVgmlosVYqVYJVaLNWKtWCfWiw1io9gkNostYqvYJraLHWKn2CV2iz1ir9gn9osD4huRJb7938w//3f53UCAAAkSNGjIATkgBmIgFmIhDuIgN+SGCEQgHuIhD+SBvJAX8kN+KAgFoTAUBgQEAoIiUASiEIViUAwSIAFKQAlw4CAREqE03AtloAyUhbJQDspBeagAFaASVILKUBmqQBWoClWhGlSDGlADHoVH4TGoDbWhDtSBulAX6kE9qA/1oQE0gEbQCBpDY2gCTaAZNIMW0AJaQStoDa2hDbSBdtAO2kN76AAdIAmSoCN0hE7QCTpDZ+gCXaArdIVu8Ca8CW/BW/A2vA29oJrsDX2gD/SFvtAfBsAAeBcGwXvwHrwPQ2AoDIMP4AP4EEbAORgJo2A0jIbKciyMg/FAciKkQApMgkkwGSbDFJgKU2E6pMIMSIM0mAmzYBZ8AXPgS/gS5sE8WADpkA6LYDFkQAYsgfOQCUthGSyHFbASVsBqWAOrYR2sh3WwETbCZtgMW2ErbIftsBN2wm7YDXthL+yH/TAEsiALDsJBOASH4DAchiNwBI7CUTgGx+A4HIcTcAJOwik4DafgLJyFc3AeLsAFuASX4DJchqtw9doPv7xGSy1zyBwyRsbIWBkr42SczC1zy4iMyHgZL/PIPDKvzCvzy/yyoCwoC8vCEiVKkqEsIovIqIzKYrKYTJAJsoQsIZ10MlEmytKytCwjy8iy8n5ZTj4gy8sKsq2rJCvJyrKdqyIfllVlVVlNVpc1ZE1ZU9aStWRtWVvWkXVkXVlX1pNPyfqyN/SHhvJaZxrLodBEDoNmsrlsIVvKD+E52VqOgDayrWwnX5CjYCR0kK1dknxZdpTjoJN8VY6H12QXORG6yjdkN/mm7C7fkj1kG9dT9pJToLfsI6dDX9lP9pcD5EyoLq91rIZ8Xw6RQ+Uw+YFcAB/KEfIjOVKOkqPlx3KMHCvHyfFygpwoU+QncpL8VE6Wn8kpcqqcJqfLVDlDpsnP5Uw5S86WX8g58ks5V86T8+UCmS4XykVyscyQX8kl8muZKZfKZXK5XCFXylVytVwj18p1cr3cIDfKTXKz3CK3ym1yu9whd8pdcrfcI/fKfXK/PCC/kVnyW3lQ/kkekt/Jw/J7eUT+II/KH+Ux+ZM8Ln+WJ+Qv8qQ8JU/LM/Ks/FWek+flBXlRXpK/ycvyirwqvRQKlFRKaRWoHCqnilG5VKy6RcWpW1VudZuKqNtVvLpD5VF3qrwqn8qvCqiCqpAqrIxCZRWpUBVRRVVU3aWKqbtVgiquSqiSyqlSKlHdo0qre1UZdZ8qq+5X5dQDqryqoCqqSupBVVk9pKqoh1VV9YiqpqqrGqqmelTVUo+p2upxVUc9oeqqJ1U99ZSqr55WDVRD1Ug9oxqrZ1UT1VQ1U81VC9VStVLPqdbqedVGtVXt1AuqvXpRdVAvqST1suqoXlGd1Kuqs3pNdVGvq67qDdVNvam6qyvqqvKqp+qlklVv1Ue9o/qqfqq/GqAGqnfVIPWeGqzeV0PUUDVMfaCGqw/VCPWRGqlGqdHqYzVGjVXj1Hg1QU1UKeoTNUl9qiarz9QUNVVNU9NVqpqh+v+l0uz/Rv6n/yB/8O+vvlltUVvVNrVd7VA71S61W+1Re9Q+tU8dUAdUlspSB9VBdUgdUofVYXVEHVFH1VF1TB1Tx9VxdUKdUCfVKXVRnVFn1a/qnDqvzquL6pK6pC7/5WsgNGipldY60Dl0Th2jc+lYfYuO07fq3Po2HdG363h9h86j79R5dT6dXxfQBXUhXVgbjdpq0qEuoovqqL5LF9N36wRdXJfQJbXTpXSivuf/OP9G62ulW+nWurVuo9vodrqdbq/b6w66g07SSbqj7qg76U66s+6su+guuqvuqrvpbrq77q576B66p+6pk3Wy7qPf0X11P91fD9AD9bt6kB6kB+vBeogeoofpYXq4Hq5H6BF6pB6pR+vReoweo8fpcXqCnqBTdIqepCfpyXqynqKn6Gl6mk7VqTpNp+mZeqaerWfrOXqOnqvn6vl6vk7X6XqRXqQzdIZeopfoTL1UL9XL9XK9Uq/Uq/VqvVav1ev1er1Rb9SZeoveorfpbXqH3qF36V16j96j9+l9+oA+oLN0lj6oD+pD+pA+rA/rI/qIPqqP6mP6mD6uj+sT+oQ+qU/q0/q0PqvP6nP6nL6gL+hL+pK+rC/rq/rqtcu+QAYy0IEOcgQ5gpggJogNYoO4IC7IHeQOIkEkiA/igzzBnUHeIF+QPygQFAwKBYUDE2BgAwrCoEhQNIgGdwXFgruDhKB4UCIoGbigVJAY3BOUDu4NygT3BWWD+4NywQNB+aBCUDGoFDwYVA4eCqoEDwdVg0eCakH1oEZQM3g0qBU8FtQOHg/qBE8EdYMng3rBU0H94OmgQdAwaBQ8EzQOng2aBE2DZkHzoEXQMmj1L63v/bl8z7ueppdJNr1NH/OO6Wv6mf5mgBlo3jWDzHtmsHnfDDFDzTDzgRluPjQjzEdmpBllRpuPzRgz1owz480EM9GkmE/MJPOpmWw+M1PMVDPNTDepZoZJM5+bmWaWmW2+MHPMl2aumWfmmwUm3Sw0i8xik2G+MkvM1ybTLDXLzHKzwqw0q8xqs8asNevMerPBbDSbzGazxWw128x2s8PsNLvMbrPH7DX7zH5zwHxjssy35qD5kzlkvjOHzffmiPnBHDU/mmPmJ3Pc/GxOmF/MSXPKnDZnzFnzqzlnzpsL5qK5ZH4zl80Vc9X4axf3197eUaPGHJgDYzAGYzEW4zAOc2NujGAE4zEe82AezIt5MT/mx4JYEAtjYbyGkLAIFsEoRrEYFsMETMASWAIdOkzERCyNpbEMlsGyWBbLYTksj+WxIlbEB/FBfAgfwofxYXwEH8HqWB1rYk2shbWwNtbGOlgH62JdrIf1sD7WxwbYABthI2yMjbEJNsFm2AxbYAtsha2wNbbGNtgG22E7bI/tsQN2wCRMwo7YETthJ+yMnbELdsGu2BW7YTfsjt2xB/bAntgTkzEZ+2Af7It9sT/2x4E4EAfhIByMg3EIDsFhOAyH43AcgSNwJI7C0fgxjsGxOA7H4wSciCmYgpNwEk7GyTgFp+A0nIapmIppmIYzcSbOxtk4B+fgXJyL83E+pmM6LsJFmIEZuASXYCZm4jJchitwBa7CVbgG1+A6XIcbcANuwk24BbfgNtyGO3AH7sJduAf34D7chwfwAGZhFh7Eg3gID+FhPIxH8AgexaN4DI/hcTyOJ/AEnsSTeBpP41k8i+fwHF7AC3gJf8PLeAWvoscYm8vG2ltsnL3V5ra32b+P89sCtqAtZAtbY/PafH8To7U2wRa3JWxJ62wpm2jv+UNc3lawFW0l+6CtbB+yVf4Q17KP2dr2cVvHPmFr2kf/Jq5rn7T17LO2vm1qG9jmtpFtaRvbZ20T29Q2s81tC9vStrcv2g72JZtkX7Yd7St/iBfZxXaNXWvX2fV2n91vL9iL9pj9yV6yv9metpcdaN+1g+x7drB93w6xQ/8Qj7Yf2zF2rB1nx9sJduIf4ml2uk21M2ya/dzOtLP+EKfbhXaOzbBz7Tw73y74Pb62pgz7lV1iv7aZdqldZpfbFXalXWVX/8dal9uNdpPdbPfYvXab3W532J12l939e3xtHwfsNzbLfmuP2h/tIfudPWyP2yP2h9/ja/s7bn+2J+wv9qQ9ZU/bM/as/dWes+d/3/+1vZ+xV+xV660gIEmKNAWUg3JSDOWiWLqF4uhWyk23UYRup3i6g/LQnZSX8lF+KkAFqRAVJkNIlohCKkJFKUp3UTG6mxKoOJWgkuSoFCXSPVSa7qUydB+VpfupHD1A5akCVaRK9CBVpoeoCj1MVekRqkbVqQbVpEepFj1GtelxqkNPUF16kurRU1SfnqYG1JAa0TPUmJ6lJtSUmlFzakEtqRU9R63peWpDbakdvUDt6UXqQC9REr1MHekV6kSvUmd6jbrQ69SV3qBu9CZ1p7eoB71NPakXJVNv6kPvUF/qR/1pAA2kd2kQvUeD6X0aQkNpGH1Aw+lDGkEf0UgaRaPpYxpDY2kcjacJNJFS6BOaRJ/SZPqMptBUmkbTKZVmUBp9TjNpFs2mL2gOfUlzaR7NpwWUTgtpES2mDPqKltDXlElLaRktpxW0klbRalpDa2kdracNtJE20WbaQltpG22nHbSTdtFu2kN7aR/tpwP0DWXRt3SQ/kSH6Ds6TN/TEfqBjtKPdIx+ouP0M52gX+gknaLTdIbO0q90js7TBbpIl+g3ukxX6Cp5EiGEMlShDoMwR5gzjAlzhbHhLWFceGuYO7wtjIS3h/HhHWGe8M4wb5gvzB8WCAuGhcLCoQkxtCGFYVgkLBpGw7vCYuHdYUJYPCwRlgxdWCpMDO8JS4f3hmXC+8Ky4f1hufCBsHxYIawYVgofDCuHD4VVwofDquEjYbWwelgjrBk+GtYKHwtrh4+HdcInwjLhk2G98Kmwfvh02CBsGDYKnwkbh8+GTcKmYbOwedgibBm2Cp8LW4fPh23CtmG78IWwffhi2CF8KUwKXw47hq/c8Hhy2DvsE74TvhN6/7iaH10QTY8ujC6KLo5mRL+KLol+Hc2MLo0uiy6ProiujK6Kro6uia6Nrouuj26Iboxuim6Oel8zp3DgpFNOu8DlcDldjMvlYt0tLs7d6nK721zE3e7i3R0uj7vT5XX5XH5XwBV0hVxhZxw668iFrogr6qLuLlfM3e0SXHFXwpV0zpVyia6la+VaudbuedfGtXXt3AvuBfeie9G95F5yL7uO7hXXyb3qOrvXXBf3unvdveG6uTddd/eW6+Hedj1dL5fskl0f18f1dX1df9ffDXQD3SA3yA12g90QN8QNc8PccDfcjXAj3Eg30o12o90YN8aNc+PcBDfBpbgUN8lNcpPdZDfFTXHT3DSX6lJdmktzM91MN9vNdnPcHDfXzXXz3XyX7tLdIrfIZbgMt8QtcZku0y1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73B63x+1z+9wBd8BluSx30B10h9whd9h97464H9xR96M75n5yx93P7oT7xZ10p9xpd8addb+6c+68u+AuukvuN3fZXXFXnXcpkU8ikyKfRiZHPotMiUyNTItMj6RGZkTSIp9HZkZmRWZHvojMiXwZmRuZF5kfWRBJjyyMLIosjmREvoosiXwdyYwsjSyLLI+siKyMeF9oW+iL+KI+6u/yxfzdPsEX9yV8Se98KZ/o7/Gl/b2+jL/Pl/X3+3L+AV/eV/AVfVPfzDf3LXxL38o/51v7530b39a38y/49v5F38G/5JP8y76jf8V38q/6zv4138W/7rv6N3w3/6bv7t/yPfzbvqfv5ZN9b9/Hv+P7+n6+vx/gB/p3/SD/nh/s3/dD/FA/zH/gh/sP/Qj/kR/pR/nR/mM/xo/14/x4P8FP9Cn+Ez/Jf+on+8/8FD/VT/PTfaqf4dP8536mn+Vn+y/8HP+ln+vn+fl+gU/3C/0iv9hn+K/8Ev+1z/RL/TK/3K/wK/0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v93v8Dv9Lr/b7/F7/T6/3x/w3/gs/60/6P/kD/nv/GH/vT/if/BH/Y/+mP/JH/c/+xP+F3/Sn/Kn/Rl/1v/qz/nz/oK/6C/53/xlf8Vf5b9ZY4wxxhj7b1E3ON77H3xO/mVc00cIcev2Akf+vuaGvH+e95P7OkaEEC/36trwr6Nhw+Tk5L+cm6lEUHSeECJyPT+HuB4vFe3EiyJJtBWl/+H6+smKQDeoH71fiNj/lBMj/hzH/E39e/+L+k0X3rD+PCESil7PySWux9frl/kv6u9uf4P6ub5LEaLNf8qJE9fj6/UTxfPiFZH0N2cyxhhjjDHGGGN/1k9e6naj+9tr9+cF9fWcnOJ6fKP7c8YYY4wxxhhjjN18r73Z/aXnkpLaduYJT3jCk/+Y3OzfTIwxxhhjjLF/tesX/Td7JYwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPb17/h3Yjd7j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtjN9r8CAAD//3myaBA=")
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x3010080, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xc40b2, 0x0)

1m23.999154248s ago: executing program 1 (id=1747):
socket$nl_route(0x10, 0x3, 0x0)
r0 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = socket(0x400000000010, 0x800, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
io_setup(0x2007, &(0x7f0000000980)=<r6=>0x0)
io_pgetevents(r6, 0x1, 0x1, &(0x7f0000000800)=[{}], 0x0, 0x0)
openat$cgroup_procs(r1, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0)

1m23.53820896s ago: executing program 1 (id=1752):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

1m20.86898148s ago: executing program 33 (id=1752):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

1m20.679533219s ago: executing program 34 (id=1704):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x40001f9, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_procfs(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000700)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r4, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x549, &(0x7f0000001800)="$eJzs3c9vI1cdAPDvTH65222zCz1ABewChQWt1t5421XVS8sFhKpKiIoD4rANiTcKseMQO6UJkUj/BpBA4gR/AgckDkg9ceDGEYkDQpQDUoEItEHiYDRjJ+smNmtqx+7Gn480O/Pmzcz3PWdn3vNz4hfA1LoeEQcRMR8Rb0TEYmd/0lnilfaSHffgcH/l6HB/JYlW6/W/J3l+ti+6zsk82blmISK+/pWIbydn4zZ29zaWq9XKdiddata2So3dvVvrteW1ylpls1y+u3T39ot3XiiPrK7Xar9478vrr37j17/65Lu/O/ji97NiXe7kdddjlNpVnzuJk5mNiFfPI9gEzHTW8xMuBx9MGhEfiYjP5Pf/Yszk/zsBgIus1VqM1mJ3GgC46NJ8DCxJixGRpp1OQLE9hvdMXEqr9Ubz5v36zuZqe6zsSsyl99erldtXF/7w3fzguSRLL+V5eX6eLp9K34mIqxHxo4Un8nRxpV5dnUyXBwCm3pPd7X9E/GshTYvFgU7t8akeAPDYKEy6AADA2Gn/AWD6aP8BYPoM0P53Puw/OPeyAADj4f0/AEwf7T8ATB/tPwBMla+99lq2tI4633+9+ubuzkb9zVurlcZGsbazUlypb28V1+r1tfw7e2qPul61Xt9aej523io1K41mqbG7d69W39ls3su/1/teZW4stQIA/per1975fRIRBy89kS/RNZeDthoutnSERwGPl5lhTtZBgMea2b5geg3UhOedhN+ee1mAyej5Zd6Fnpvv95P/I4jfM4IPlRsfH3z83xzPcLEY2Yfp9cHG/18eeTmA8TP+D9Or1UpOz/k/f5IFAFxIQ/wKX+sHo+qEABP1qMm8R/L5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwwlyPiO5GkxXwu8DT7Ny0WI56KiCsxl9xfr1ZuR8TTcS0i5hay9NKkCw0ADCn9a9KZ/+vG4nOXT+fOJ/9eyNcR8b2fvv7jt5abze2lbP8/TvYvHE8fVn543hDzCgIAg/vzIAfl7Xe5s+56I//gcH/leDnHMp7x3pdOJh9dOTrcz5d2zmy0Wq1WRCHvS1z6ZxKznXMKEfFsRMyMIP7B2xHxsV71T/KxkSudmU+740cn9lNjjZ++L36a57XX2cv30RGUBabNO9nz55Ve918a1/N17/u/kD+hhpc//woRx8++o674s51IMz3iZ/f89UFjPP+br57Z2Vps570d8exsr/jJSfykT/znBoz/x0986ocv98lr/SziRvSO3x2r1KxtlRq7e7fWa8trlbXKZrl8d+nu7RfvvFAu5WPUpeOR6rP+9tLNp/uVLav/pT7xCz3rP39y7ucGrP/P//PGtz79MLlwOv4XPtv75/9Mz/htWZv4+QHjL1/6Zd/pu7P4q33q/6if/80B47/7l73VAQ8FAMagsbu3sVytVraH2sjehY7iOmc2siIOdvBxd3G4oH+KfGNEL0ufjawzNsjBc+f1qp77xuxJX3G0V/5mdsUxVycdeS2G2ngwrliTeyYB4/Hwpp90SQAAAAAAAAAAAAAAgH7G8adLk64jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9d/AwAA//8+JMPM")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000001c0)='./file1\x00', 0x204bc2f, 0x0, 0x1, 0x0, &(0x7f0000000240))
r5 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
close_range(r6, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)

11.239470501s ago: executing program 0 (id=1892):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000008000000040000000000000700000000030000000000000801000000000000000000"], 0x0, 0x44}, 0x28)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_coalesce={0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x400000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x3, 0x4}})

11.002384254s ago: executing program 6 (id=1893):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000003340)=ANY=[@ANYBLOB="5c0000000301010300000000000000000a0000020c0019"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)

10.953265642s ago: executing program 4 (id=1894):
r0 = socket$inet(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="bcbe0000", @ANYRES16=r6, @ANYBLOB="040e2bbd7000ffdbdf255700000006009500050000000600950004000000060095000200000006009500060000000600950003000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48dc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r8 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000003c0)=0x14, 0xc0000)
connect$packet(r8, &(0x7f0000000480)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @broadcast}, 0x14)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="84000000180001002cbd7000ffdbdf251d0107000c000b00040000a00300008015000100030000a006000000bac45f9ce14233bd0000000008000900", @ANYRES32=r10, @ANYBLOB="0c000b00000000e0020000a015000200010000a0070300007f15f0386605000b0200000008000a00", @ANYRES64], 0x84}}, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r9, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20)
r11 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r11, 0xc0f85403, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'})
sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}, 0xfffffffd}], 0x2, 0x2004000)

10.746480562s ago: executing program 6 (id=1895):
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$xdp(0x2c, 0x3, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmsg$unix(r1, &(0x7f0000000200)={&(0x7f00000000c0), 0x6e, &(0x7f0000000040)=[{&(0x7f0000000180)=""/108, 0x6c}], 0x1, &(0x7f0000000300)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x80)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x5, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700", @ANYBLOB="d5f732c4e63554e510d734e77693"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]})
gettid()
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000200)={r3, 0x0, 0x0}, 0x10)

10.042259817s ago: executing program 0 (id=1896):
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$xdp(0x2c, 0x3, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmsg$unix(r1, &(0x7f0000000200)={&(0x7f00000000c0), 0x6e, &(0x7f0000000040)=[{&(0x7f0000000180)=""/108, 0x6c}], 0x1, &(0x7f0000000300)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x80)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x5, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700", @ANYBLOB="d5f732c4e63554e510d734e77693"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]})
r3 = getpid()
rt_tgsigqueueinfo(r3, 0x0, 0x1f, &(0x7f0000000080)={0x11, 0x0, 0x2})

9.391513804s ago: executing program 4 (id=1897):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000080000000000000000000080850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000725e85000000010000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1, 0xffffffffffffffff, 0x6000}, 0xc)

9.06092254s ago: executing program 6 (id=1898):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x8, &(0x7f0000000340), 0x1, 0x77f, &(0x7f0000001f40)="$eJzs3c1rHOUfAPDvbJKmTfv7JYKg9RQQNFCamBpbBQ8VDyJYKOjZNiTbULPJluymNCFQiwheBBUPgl569qXevPpy1f/Cg1iqpsGKoKzM7my7aXbTTZpkq/v5wGSfZ2Y2z/PdmWfm2Z2HmQC61nD6JxdxOCLeSyIGs/lJRPRVU70RJ2vr3VpdmUqnJCqVV39Nquusra5MRcN7UgezzKMR8e3bEUdyG8stLS3PThYK+YUsP1aeuzBWWlo+en5uciY/k58/Pj4xcezEMyeO71ysv/+wfOj6+y89+cXJP9965Nq73yVxMg5lyxrj2CnDMZx9Jn3pR7jOiztdWIclna4A25I2zZ5aK4/DMRg91RQA8F92OSIqAECXSZz/AaDLVH8EqFyOWF2ZWsumTv8msZduvBAR+2vX/+rXN2tLerNrdvur10EH1pJ1V0aSiBjagfKHI+KTr17/LJ1il65DAjTz5pWIODs0vLbh+J9sGLOwVU9tsmxf9jp813zHP9g7X6f9n2dr7W59+8/d7v9Ek/5Pf5O2ux33bP8HdqCQTaT9v+cbxrbdaog/M9ST5f5X7fP1JefOF/Lpse3/ETESff1pfnyTMkZu/n2z1bLG/t9vH7zxaVp++npnjdzPvf3r3zM9WZ68n5gb3bgS8Vhvs/iT29s/adH/Pd1mGS8/987HrZal8afx1qeN8Uc2Oml3VK5GPNF0+98Z0ZZsOj5xrLo7jNV3iia+/PGjgVblN27/dErLr38X2Avp9h/YPP6hpHG8ZmnrZXx/dfCbVsvuHX/z/X9f8lo1Xe9HXJoslxfGI/Ylr2ycf+zOe+v5+vpp/COPN2//m+3/6XfCs23G33v9l8+3H//uSuOf3tL233ri2q3Znlblt7f9J6qpkWxOO8e/dit4P58dAAAAAAAAAAAAAAAAAAAAAAAAALQrFxGHIsmN3k7ncqOjtWd4PxwDuUKxVD5yrrg4Px3VZ2UPRV+ufqvLwYb7oY5n98Ov54/dlX86Ih6KiA/7DyT1+yhOdzh2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg72OL5/6mf+jtdOwBg1+zvdAUAgD3n/A8A3cf5HwC6j/M/AHQf538A6D7O/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyy06dOpVPlj9WVqTQ/fXFpcbZ48eh0vjQ7Orc4NTpVXLgwOlMszhTyo1PFuXv9v0KxeGEi5hcvjZXzpfJYaWn5zFxxcb585vzc5Ez+TL4v4q9KzZ7EBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADtKC0tz04WCvkFiW0kKg9GNTqf6Ml2pwelPnuaSB6MauxwosMHJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/iX8CAAD//8yKK38=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x3c9)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
ftruncate(r3, 0x800)

8.857226254s ago: executing program 4 (id=1899):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@bridge_newvlan={0x24, 0x76, 0x709, 0x0, 0x0, {0x7, 0x2}, [@BRIDGE_VLANDB_ENTRY={0x7, 0xd, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x1, 0x3}}}]}, 0x24}, 0x1, 0x5502000000000000, 0x0, 0x15}, 0x23f58e5b666a3f02)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003400000100e14000580050001"], 0x80}}, 0x0)
unshare(0x62040200)

7.371368548s ago: executing program 2 (id=1901):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24040084)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x44084)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0)
pwritev2(r0, 0x0, 0x0, 0xe, 0xff, 0x4)

6.771737094s ago: executing program 6 (id=1902):
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000010600)='./bus\x00', 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c66617374626f6f742c746573745f64756d6d795f656e6372797074696f6e2c6673796e635f6d6f64653d7374726963742c00200da779e57c52e33a83fdbd563a5b7c6b958cb6e49387a5ba5a89b0887c0292eb888cc8efa81040100dc3ba748033542625bc334eaf791a982a7422a6f7b863c0a5f0af254a5bd1f4b81d0c5188ddcadf07eff7b49004e0b243a8a4d93632fbe9ab868d88310829d8e04a3c0572143a3d3d1472cc5da6f72bb097f5f7b95a09e442c0a1463aaa90db7dcbc542dc5bced278eda11583f810469b706968e793db3230"], 0x1, 0x1059a, &(0x7f0000010640)="$eJzs3M1rI2UcB/Bftu6r61pkX/TkgAgNmNC03aIgUnUXXbBL8eXgSdNkGrKbZEqTvrhnPemf4FUQ8ebf4MV/Y/EgeBK8rSiZmcpW96A226zbzwem32eePPPL84RcnkyZAI6t2eTXXypxIc5GxExEnI/I25XyyK0U8WxEPB8RJ+47KmX/nx2nIuJcRFwYFy9qVsqXln+7e++r5268+vk3d6uNn77+cnqrBqbtxYjobxbt3X6RWafIW2V/c6ebZ39pp8zihf7t8jwrcjddzyvsNvfHNfNc7BTjs83t4Tg3es3WODvdjbx/c1C84XCns18nv+BWcys/b6freXaHWZ6dO8W89sq8MxwVddplvU/y8jEa7WfRn+6lxXo2b+fZGozK/qJu1k73xrlTZvl20cp67Xwe6//5Y37kvdMdbO8lO+nWsJsNkqv1xsv1xnKtsZW101G6VGv228tLyVynNx5WG6XN/konyzq9tN7K+tVkrtNq1RqNZO5aut5tDpJGo75Yn69drZatl5K3bn6Q9NrJ3Djf6A62R93eMNnItpLiimqyUF98pZq80EjeW11L1t69fn117f2Prn148/XVG2+Wg/42rWRuYX5hodaYry00qtZ/GJXDXc5x5wsE8K/Z/wPTYP9v/x/2v8d+/bZvHIovEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAsfXjye/ezhuzxfmTZf9TZdczEXElIi5HxKWI+P0BZuLUgZoXI6JSth80/uRf5vB9JfIK42tOl8e5iFgpj3tPP+xPAQAAAB5f3/7w6WcRM+Nm/ue1aU+Io1T+aHNmUvXyn3yemFS1i3mxvQlVu7RfciIuR8TJ2Z8nVO1KRJw4//GEqv0jMwfizH1RKeLEUc4GAAA4Ggd3AhPbvQEAAPDI+WLaE2A68vu15f/il/eCTxdR3hA8e+AMAAAA+B+qTHsCAAAAwEOX7/89/w8AAAAeb8Xz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YuZfcNGI4DsB/oFPoS0UVj6uwqrpkwSF6hC57gPY22XGGSIhzkF2OEEHEjIMyhN2YAZHvkwbbI/jJRmJhmzEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACc00OxnN+t//1vmrPdNZNnNAAAAMApm2I5LyvDqv0l3f+Wbv2IiGlETCJiHBGn5u69+FjLHEVEJ9VPvb846sN9RJmw/0w/XZ8j4le6nr6f+1sAAACA27VezRYRvX21fPl5qPEOpEWbQa68csnnQ660URn2N1Pa+CUyi0lEFMPHTGnTiOh+/Z1arfz+erVi8KroVEW3jV4AAADtqs8Ess3eAAAAuDp/Lt0BLqPcr03/xU97wf2qSBuCn2otAAAA4HodP21/0Gm3HwAAAMAFlPP/N+f/pVUB5/8BAADAbajO/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCcNsVyvl7NFk1ztrtm8owGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntmfdxQIgTAIg73r+06D9z+WNGhqalIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALz53V/+T0yNM8nca2PpeSRZOzW2To29c+PoD+Pr1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzP3QmEQBCEwb7zP6fF/MOSBo1BhCpY+JhhHhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GIHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgr7c2+bMBDGcfi1kyhxm4yQ3uJjBhoqBCPwISFZ8gwMwEI0VLQWi8AKIOCgpTMFz9P8fzpdcQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+n09MZHRGSfj8wjH67+DpeDr8jXTTP4vma2Oe7rn1tOtrtRyt8Y/xcRUUTWwm8AANpX3jfFYlnNO2m7aXtp+2nLaV3NXvloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzuzcsWpTURgA4JOkiVYnRyuI4KCLjU2sRsjiUOguCLqFNpZiqpJmaEuXPoHo5Oor2E1fwRcQHLTg4NBBwUUQJclNeoJBUoR7Q/0++O/9c4dzz8kQ+O9/bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgWA73wtlBngshzM0c5V3vv+6ujDu/ffZhbhBf7ry5GI/ZHaIYQni43mpeT3Et025ze+dRo9VqtiUSiWSYZP3LBADASVNMolvXfyruL3ev5eoh/Ho1Wv9fifLwl/r/88vzFwbxc+tdJ75XXP8vpLbC6VfubDwtb27vXFvfaKw115qPq9XK4s3FG7dvVcq9ZyVlT0wAAAD4N6Uk4vo/X/+z/38mysOE9f+9pQf343sV1P9jHTX9sp4JAADA/+3cpe/fcmOu50qlsNXodNoL/ePwc6V/zGCqx3Yqibj+L9SznhUAAACQhsO93Ej/fzXKw4T9//nXuwfxmIUQwmzS/59fedJaTW85Uy2N14mzXiMAAADZmk0i7v8Xe/v/88MtD/kQwtXL/Tz5G8CJ6v+PL+6OvLQe7/+vprfEqZSv9b+P3rkWwkwt6xkBAABwkp1OolvsHxT3l9s/ni+V7P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDf7NgxSgNBFAbgzW5WKzFgpVZeQLSzClgIYuMhREHwBCKIBxBbS+9g6R1SK9hYWKbwBvJmd1TSBCx2lXwfTN4jDJmXSZN/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgrun+d1/Fy6jpy/a954+rk6gvMzW8369vxop+0OXQ/9Bgr+8JAAAAWARVzvdFUbzVj4dRy3HK/3XeE5n/YaXpc56fzf25Pt29buT8f328dfl10Kg5Jz707PzidKezb/j3rc7dMUw3n569VOkHKY9u1qZ1us/B7WRysJTa5S6mBQB+YzvXtsn/h6Lu9jkYAAtj2K7iR/6vxv3OBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCFzwAAAP//OCtiEg==")
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)

6.439845826s ago: executing program 0 (id=1903):
r0 = socket$netlink(0x10, 0x3, 0x12)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r1, 0x8008f512, &(0x7f00000022c0))
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000150000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000034c0)=""/202, 0xca}, 0x100)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[])
sendmsg$nl_route(r0, 0x0, 0x0)

5.342446999s ago: executing program 0 (id=1904):
socket$nl_route(0x10, 0x3, 0x0)
r0 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
socket(0x400000000010, 0x800, 0x0)
io_setup(0x2007, &(0x7f0000000980)=<r5=>0x0)
io_pgetevents(r5, 0x1, 0x1, &(0x7f0000000800)=[{}], 0x0, 0x0)
r6 = openat$cgroup_procs(r1, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0)
readv(r6, &(0x7f0000000340)=[{&(0x7f00000004c0)=""/205, 0xcd}], 0x1)

5.27404897s ago: executing program 2 (id=1905):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7030000000000008500000007000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

4.91739114s ago: executing program 4 (id=1906):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000008000000040000000000000700000000030000000000000801000000000000000000"], 0x0, 0x44}, 0x28)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_coalesce={0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x400000, 0x0, 0x0, 0x401, 0x0, 0x0, 0x3, 0x4}})

3.888105793s ago: executing program 2 (id=1907):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

2.606855953s ago: executing program 2 (id=1908):
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$xdp(0x2c, 0x3, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmsg$unix(r1, &(0x7f0000000200)={&(0x7f00000000c0), 0x6e, &(0x7f0000000040)=[{&(0x7f0000000180)=""/108, 0x6c}], 0x1, &(0x7f0000000300)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x80)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x5, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700", @ANYBLOB="d5f732c4e63554e510d734e77693"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000200)={r3, 0x0, 0x0}, 0x10)

2.423550479s ago: executing program 4 (id=1909):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000080000000000000000000080850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000725e85000000010000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1, 0xffffffffffffffff, 0x6000}, 0xc)

2.222079821s ago: executing program 6 (id=1910):
r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f00000007c0)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r1 = add_key$fscrypt_provisioning(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000100)=ANY=[@ANYBLOB="02"], 0x48, 0xffffffffffffffff)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000140)={@desc={0x1, 0x0, @auto="b0f4e51a957ec6b3"}, 0x40, r1, '\x00', @a})

1.346577365s ago: executing program 0 (id=1911):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0x4, 0x0, 0x70bd27, 0x0, [@sadb_key={0x2, 0x17, 0x18, 0x0, "01d787"}]}, 0x20}, 0x1, 0x7}, 0x10)

1.335127868s ago: executing program 2 (id=1912):
socket$nl_route(0x10, 0x3, 0x0)
openat$ttynull(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0)

1.161556005s ago: executing program 6 (id=1913):
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$xdp(0x2c, 0x3, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmsg$unix(r1, &(0x7f0000000200)={&(0x7f00000000c0), 0x6e, &(0x7f0000000040)=[{&(0x7f0000000180)=""/108, 0x6c}], 0x1, &(0x7f0000000300)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}, 0x80)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x5, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700", @ANYBLOB="d5f732c4e63554e510d734e77693"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]})
r3 = getpid()
rt_tgsigqueueinfo(r3, 0x0, 0x1f, &(0x7f0000000080)={0x11, 0x0, 0x2})

930.956936ms ago: executing program 0 (id=1914):
unshare(0x20000400)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000000)=0x6, 0x4)

930.637556ms ago: executing program 4 (id=1915):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800740, &(0x7f0000000400)={[{@bh}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@dioread_lock}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f00000004c0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==")

0s ago: executing program 2 (id=1916):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000540)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000001280)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00@', 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @time_exceed={0x3, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "d2c4c6", 0x4, 0x2f, 0xff, @empty, @private1}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  543.790345][   T31] audit: type=1326 audit(1769196637.588:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.1.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  543.826814][   T31] audit: type=1326 audit(1769196637.588:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.1.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  543.859980][   T31] audit: type=1326 audit(1769196637.598:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.1.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  543.920671][   T31] audit: type=1326 audit(1769196637.598:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.1.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  545.320831][T10410] Bluetooth: hci6: command tx timeout
[  547.075443][T10421] loop0: detected capacity change from 0 to 40427
[  547.186225][T10421] F2FS-fs (loop0): invalid crc value
[  547.400831][T10410] Bluetooth: hci6: command tx timeout
[  547.879114][T10421] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  547.945984][T10421] F2FS-fs (loop0): Start checkpoint disabled!
[  547.979199][T10421] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  548.847643][T10443] netlink: 260 bytes leftover after parsing attributes in process `syz.5.1365'.
[  549.499858][T10410] Bluetooth: hci6: command tx timeout
[  550.054631][ T7026] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  550.213769][ T7026] usb 1-1: Using ep0 maxpacket: 32
[  550.229662][ T7026] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  550.243194][ T7026] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  550.252991][ T7026] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  550.261864][ T7026] usb 1-1: Product: syz
[  550.266047][ T7026] usb 1-1: Manufacturer: syz
[  550.270679][ T7026] usb 1-1: SerialNumber: syz
[  550.290090][ T7026] usb 1-1: config 0 descriptor??
[  550.296158][T10439] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  550.430295][T10414] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.438046][T10414] bridge0: port 1(bridge_slave_0) entered disabled state
[  550.676424][T10414] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  550.693733][T10414] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  551.200874][ T7026] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  551.238796][T10414] team0: left allmulticast mode
[  551.248036][T10414] team_slave_0: left allmulticast mode
[  551.257546][T10414] team_slave_1: left allmulticast mode
[  551.268195][T10414] team0: left promiscuous mode
[  551.276739][T10414] team_slave_0: left promiscuous mode
[  551.288749][T10414] team_slave_1: left promiscuous mode
[  551.303130][T10414] macvtap1: left promiscuous mode
[  551.308203][T10414] macvtap1: left allmulticast mode
[  551.360923][ T7026] usb 3-1: Using ep0 maxpacket: 32
[  551.368788][ T7026] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  551.385862][ T7026] usb 3-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  551.395372][ T7026] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.403921][ T7026] usb 3-1: Product: syz
[  551.411922][ T7026] usb 3-1: Manufacturer: syz
[  551.421110][ T7026] usb 3-1: SerialNumber: syz
[  551.451152][ T7026] usb 3-1: config 0 descriptor??
[  551.457485][T10415] 8021q: adding VLAN 0 to HW filter on device bond0
[  551.478429][T10415] 8021q: adding VLAN 0 to HW filter on device team0
[  551.504962][T10415] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  551.542217][ T7026] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench found
[  551.549449][ T7026] usb 3-1: selecting invalid altsetting 1
[  551.559381][ T7026] snd_usb_variax 3-1:0.0: set_interface failed
[  551.563657][T10410] Bluetooth: hci6: command tx timeout
[  551.611878][ T7026] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench now disconnected
[  551.636423][ T7026] snd_usb_variax 3-1:0.0: probe with driver snd_usb_variax failed with error -22
[  551.696268][ T6571] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  552.190265][T10451] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1367'.
[  552.204244][ T7026] usb 1-1: USB disconnect, device number 48
[  552.255706][T10452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.266116][T10452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.417307][ T6571] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  552.493955][   T60] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.695722][ T6571] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  552.776491][ T6571] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  552.857520][T10467] loop4: detected capacity change from 0 to 128
[  552.887803][   T60] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.197976][   T60] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  553.364962][   T60] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  554.323408][   T60] bridge_slave_1: left allmulticast mode
[  554.372026][   T60] bridge_slave_1: left promiscuous mode
[  554.383780][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.471808][   T60] bridge_slave_0: left allmulticast mode
[  554.520394][   T60] bridge_slave_0: left promiscuous mode
[  554.536525][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.640853][ T5903] usb 3-1: USB disconnect, device number 49
[  555.190798][ T7026] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  555.362616][ T7026] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  555.404623][ T7026] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  555.442844][ T7026] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  555.464863][ T7026] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  555.474255][ T7026] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.492019][ T7026] usb 3-1: Product: syz
[  555.506829][ T7026] usb 3-1: Manufacturer: syz
[  555.522947][ T7026] usb 3-1: SerialNumber: syz
[  555.569805][ T7026] usb 3-1: config 0 descriptor??
[  555.632647][T10478] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  555.704888][ T7026] dm9601 3-1:0.0: probe with driver dm9601 failed with error -22
[  555.867389][ T7026] usb 3-1: USB disconnect, device number 50
[  556.016468][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  556.057146][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  556.083830][   T60] bond0 (unregistering): Released all slaves
[  556.352716][T10489] loop5: detected capacity change from 0 to 256
[  556.493448][T10495] loop4: detected capacity change from 0 to 256
[  557.197817][T10495] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d)
[  557.487795][T10489] FAT-fs (loop5): Directory bread(block 64) failed
[  557.598189][T10408] chnl_net:caif_netlink_parms(): no params data found
[  557.638063][T10489] FAT-fs (loop5): Directory bread(block 65) failed
[  557.706749][T10489] FAT-fs (loop5): Directory bread(block 66) failed
[  557.725837][T10489] FAT-fs (loop5): Directory bread(block 67) failed
[  557.769659][T10489] FAT-fs (loop5): Directory bread(block 68) failed
[  557.810928][T10489] FAT-fs (loop5): Directory bread(block 69) failed
[  557.828918][T10489] FAT-fs (loop5): Directory bread(block 70) failed
[  557.874381][T10489] FAT-fs (loop5): Directory bread(block 71) failed
[  557.921406][T10489] FAT-fs (loop5): Directory bread(block 72) failed
[  557.927989][T10489] FAT-fs (loop5): Directory bread(block 73) failed
[  558.545216][T10514] loop4: detected capacity change from 0 to 1024
[  558.595967][T10514] EXT4-fs: inline encryption not supported
[  558.734115][T10514] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  558.793965][T10522] xt_hashlimit: size too large, truncated to 1048576
[  559.250839][ T5903] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  559.560809][ T5903] usb 3-1: Using ep0 maxpacket: 32
[  559.605923][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  559.758330][ T5903] usb 3-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  559.809556][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.900410][ T5903] usb 3-1: Product: syz
[  559.923665][ T5903] usb 3-1: Manufacturer: syz
[  559.928305][ T5903] usb 3-1: SerialNumber: syz
[  559.981662][ T5903] usb 3-1: config 0 descriptor??
[  560.039285][ T5903] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench found
[  560.081350][ T5903] usb 3-1: selecting invalid altsetting 1
[  560.089350][ T5903] snd_usb_variax 3-1:0.0: set_interface failed
[  560.109259][ T5903] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench now disconnected
[  560.184325][ T5903] snd_usb_variax 3-1:0.0: probe with driver snd_usb_variax failed with error -22
[  560.359000][   T60] hsr_slave_0: left promiscuous mode
[  560.418937][T10525] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1388'.
[  560.451276][   T60] hsr_slave_1: left promiscuous mode
[  560.481880][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  560.489335][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  560.553716][T10546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  560.600449][T10546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  560.692116][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  560.710188][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  560.907262][   T60] veth1_macvtap: left promiscuous mode
[  560.929474][   T60] veth0_macvtap: left promiscuous mode
[  560.950815][ T5955] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  560.966541][   T60] veth1_vlan: left promiscuous mode
[  560.988802][   T60] veth0_vlan: left promiscuous mode
[  561.129935][ T5955] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  561.149427][ T5955] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  561.199508][ T5955] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  561.250120][ T5955] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  561.293346][ T5955] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.336223][ T5955] usb 1-1: Product: syz
[  561.369197][ T5955] usb 1-1: Manufacturer: syz
[  561.398059][ T5955] usb 1-1: SerialNumber: syz
[  561.423780][ T5955] usb 1-1: config 0 descriptor??
[  561.425209][   T31] audit: type=1326 audit(1769196655.418:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  561.472658][T10550] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  561.537681][ T5955] dm9601 1-1:0.0: probe with driver dm9601 failed with error -22
[  561.560106][   T31] audit: type=1326 audit(1769196655.448:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  561.560831][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  561.682284][   T31] audit: type=1326 audit(1769196655.458:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  561.759640][   T31] audit: type=1326 audit(1769196655.458:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  561.872515][ T6759] usb 1-1: USB disconnect, device number 49
[  561.954225][   T60] team0 (unregistering): Port device batadv1 removed
[  561.977997][   T31] audit: type=1326 audit(1769196655.458:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  562.020660][T10559] loop1: detected capacity change from 0 to 512
[  562.040928][   T31] audit: type=1326 audit(1769196655.468:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  562.091338][   T31] audit: type=1326 audit(1769196655.468:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  562.155166][   T31] audit: type=1326 audit(1769196655.468:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  562.198161][ T7026] usb 3-1: USB disconnect, device number 51
[  562.205972][T10559] EXT4-fs: Ignoring removed orlov option
[  562.238176][   T31] audit: type=1326 audit(1769196655.468:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  562.261183][T10559] EXT4-fs: Ignoring removed mblk_io_submit option
[  562.320024][   T31] audit: type=1326 audit(1769196655.468:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.1.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f644319acb9 code=0x7ffc0000
[  562.436569][T10559] EXT4-fs error (device loop1): ext4_iget_extra_inode:5072: inode #15: comm syz.1.1397: corrupted in-inode xattr: e_value size too large
[  562.452558][T10559] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.1397: couldn't read orphan inode 15 (err -117)
[  562.467873][T10559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.657868][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.970979][   T24] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  563.134988][   T24] usb 1-1: config 0 has no interfaces?
[  563.146198][   T24] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  563.166280][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.203469][   T24] usb 1-1: config 0 descriptor??
[  563.418309][T10581] loop2: detected capacity change from 0 to 256
[  563.444991][T10570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.484665][T10570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.517980][ T7026] usb 1-1: USB disconnect, device number 50
[  563.621668][   T60] team0 (unregistering): Port device team_slave_1 removed
[  563.831207][   T60] team0 (unregistering): Port device team_slave_0 removed
[  564.033829][ T6014] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  564.297570][ T6014] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[  564.309891][ T6014] usb 1-1: config 0 has no interface number 0
[  564.320625][ T6014] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 511
[  564.342638][ T6014] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  564.387129][ T6014] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  564.399307][ T6014] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.417149][ T6014] usb 1-1: Product: syz
[  564.424824][ T6014] usb 1-1: Manufacturer: syz
[  564.436196][ T6014] usb 1-1: SerialNumber: syz
[  564.463743][ T6014] usb 1-1: config 0 descriptor??
[  564.529494][ T6014] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  564.622729][ T6014] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  564.740538][ T6014] usb 1-1: USB disconnect, device number 51
[  564.869516][ T6014] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  564.941147][ T6014] cyberjack 1-1:0.69: device disconnected
[  565.468364][T10596] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1408'.
[  566.450838][   T24] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  566.637974][T10596] bridge_slave_1: left allmulticast mode
[  566.641257][   T24] usb 5-1: Using ep0 maxpacket: 32
[  566.679866][T10596] bridge_slave_1: left promiscuous mode
[  566.702099][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  566.721448][T10596] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.788120][   T24] usb 5-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  566.815078][T10596] bridge_slave_0: left allmulticast mode
[  566.863377][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.880805][T10596] bridge_slave_0: left promiscuous mode
[  566.907059][T10596] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.942545][T10609] loop2: detected capacity change from 0 to 256
[  566.969162][   T24] usb 5-1: Product: syz
[  566.991573][   T24] usb 5-1: Manufacturer: syz
[  567.006585][   T24] usb 5-1: SerialNumber: syz
[  567.056139][   T24] usb 5-1: config 0 descriptor??
[  567.123675][   T24] snd_usb_variax 5-1:0.0: Line 6 Variax Workbench found
[  567.167073][   T24] usb 5-1: selecting invalid altsetting 1
[  567.230805][   T24] snd_usb_variax 5-1:0.0: set_interface failed
[  567.257701][   T24] snd_usb_variax 5-1:0.0: Line 6 Variax Workbench now disconnected
[  567.291160][   T24] snd_usb_variax 5-1:0.0: probe with driver snd_usb_variax failed with error -22
[  567.356563][T10603] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1409'.
[  567.406449][T10603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  567.417901][T10603] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  567.601808][ T5955] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  567.617102][T10614] loop2: detected capacity change from 0 to 512
[  567.630051][T10408] bridge0: port 1(bridge_slave_0) entered blocking state
[  567.641418][T10614] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  567.679847][T10614] EXT4-fs error (device loop2): ext4_free_branches:1020: inode #16: comm syz.2.1414: invalid indirect mapped block 4294967295 (level 0)
[  567.714904][T10614] EXT4-fs error (device loop2): ext4_free_branches:1020: inode #16: comm syz.2.1414: invalid indirect mapped block 4294967295 (level 1)
[  567.730872][T10408] bridge0: port 1(bridge_slave_0) entered disabled state
[  567.763591][T10408] bridge_slave_0: entered allmulticast mode
[  567.773457][ T5955] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  567.794414][T10408] bridge_slave_0: entered promiscuous mode
[  567.819498][ T5955] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  567.861558][T10614] EXT4-fs (loop2): 1 orphan inode deleted
[  567.867515][ T5955] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  567.881299][T10614] EXT4-fs (loop2): 1 truncate cleaned up
[  567.897594][T10614] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  567.905000][T10408] bridge0: port 2(bridge_slave_1) entered blocking state
[  567.935661][ T5955] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  567.970197][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.976032][T10408] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.013319][ T5955] usb 2-1: Product: syz
[  568.025235][T10614] EXT4-fs error (device loop2): htree_dirblock_to_tree:1077: inode #2: block 13: comm syz.2.1414: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  568.066151][ T5955] usb 2-1: Manufacturer: syz
[  568.069537][T10408] bridge_slave_1: entered allmulticast mode
[  568.071180][ T5955] usb 2-1: SerialNumber: syz
[  568.084289][ T5955] usb 2-1: config 0 descriptor??
[  568.090264][T10612] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  568.102231][ T5955] dm9601 2-1:0.0: probe with driver dm9601 failed with error -22
[  568.140920][T10408] bridge_slave_1: entered promiscuous mode
[  568.390373][ T5955] usb 2-1: USB disconnect, device number 37
[  569.164730][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  569.186219][ T6759] usb 5-1: USB disconnect, device number 40
[  569.374490][T10408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.504159][T10408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  569.740259][T10408] team0: Port device team_slave_0 added
[  569.879301][T10630] syzkaller0: entered promiscuous mode
[  569.981375][T10630] syzkaller0: entered allmulticast mode
[  570.018556][T10408] team0: Port device team_slave_1 added
[  570.202778][ T6759] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  570.376250][ T6759] usb 3-1: config 0 has no interfaces?
[  570.386589][ T6759] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  570.422201][ T6759] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.480522][ T6759] usb 3-1: config 0 descriptor??
[  570.747936][T10638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  570.761965][T10638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  570.817898][ T6759] usb 3-1: USB disconnect, device number 52
[  571.280591][ T6759] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  571.463202][ T6759] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  571.499494][ T6759] usb 3-1: config 0 has no interface number 0
[  571.520837][ T6759] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 511
[  571.547479][ T6759] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  571.581128][ T6759] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  571.598346][ T6759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.617035][ T6759] usb 3-1: Product: syz
[  571.656411][ T6759] usb 3-1: Manufacturer: syz
[  571.668288][ T6759] usb 3-1: SerialNumber: syz
[  571.700365][ T6759] usb 3-1: config 0 descriptor??
[  571.724083][ T6759] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  571.765052][ T6759] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  571.933558][ T6759] usb 3-1: USB disconnect, device number 53
[  571.966790][ T6759] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  572.019462][ T6759] cyberjack 3-1:0.69: device disconnected
[  572.541334][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  572.690865][   T24] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  572.853578][T10670] binder: 10669:10670 ioctl c0306201 0 returned -14
[  572.875254][   T24] usb 2-1: Using ep0 maxpacket: 16
[  572.885606][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  572.912944][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  572.963880][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  573.018811][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.040828][   T24] usb 2-1: Product: syz
[  573.046493][   T24] usb 2-1: Manufacturer: syz
[  573.060735][   T24] usb 2-1: SerialNumber: syz
[  573.506029][   T24] usb 2-1: cannot find UAC_HEADER
[  573.680432][   T24] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  573.734076][   T24] usb 2-1: USB disconnect, device number 38
[  573.785754][ T7928] udevd[7928]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  573.845701][ T6759] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  574.042699][ T6759] usb 3-1: Using ep0 maxpacket: 32
[  574.102514][ T6759] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  574.193171][ T6759] usb 3-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  574.242295][ T6759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.250358][ T6759] usb 3-1: Product: syz
[  574.304146][ T6759] usb 3-1: Manufacturer: syz
[  574.311067][ T6759] usb 3-1: SerialNumber: syz
[  574.361843][ T6759] usb 3-1: config 0 descriptor??
[  574.402023][ T6759] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench found
[  574.409027][ T6759] usb 3-1: selecting invalid altsetting 1
[  574.954917][ T6759] snd_usb_variax 3-1:0.0: set_interface failed
[  575.451111][ T6759] snd_usb_variax 3-1:0.0: Line 6 Variax Workbench now disconnected
[  575.459362][ T6759] snd_usb_variax 3-1:0.0: probe with driver snd_usb_variax failed with error -22
[  575.605641][T10674] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1429'.
[  575.657358][T10675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.666439][T10675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  576.455694][T10408] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.488881][T10408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.569471][T10408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.688790][T10408] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.724063][T10408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  576.784799][T10408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.802155][ T6759] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  577.008533][ T6759] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  577.025064][ T6759] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  577.053986][ T6759] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  577.151280][ T6759] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  577.249715][ T6759] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.286939][ T6759] usb 6-1: Product: syz
[  577.328834][ T6759] usb 6-1: Manufacturer: syz
[  577.362828][ T6759] usb 6-1: SerialNumber: syz
[  577.396380][ T7026] usb 3-1: USB disconnect, device number 54
[  577.413417][ T6759] usb 6-1: config 0 descriptor??
[  577.419203][T10688] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  577.483986][ T6759] dm9601 6-1:0.0: probe with driver dm9601 failed with error -22
[  577.702957][T10408] hsr_slave_0: entered promiscuous mode
[  577.703117][  T792] usb 6-1: USB disconnect, device number 47
[  577.735840][T10408] hsr_slave_1: entered promiscuous mode
[  577.769948][T10408] debugfs: 'hsr0' already exists in 'hsr'
[  577.791653][T10702] loop4: detected capacity change from 0 to 128
[  577.806592][T10408] Cannot create hsr debugfs directory
[  578.063185][T10706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1439'.
[  578.577413][T10720] loop5: detected capacity change from 0 to 256
[  578.606821][T10720] exfat: Deprecated parameter 'namecase'
[  578.649625][T10720] exfat: Deprecated parameter 'namecase'
[  578.856866][T10720] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf794f3fa, utbl_chksum : 0xe619d30d)
[  579.846018][T10408] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  580.152888][T10408] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  580.232240][T10408] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  580.297286][T10408] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  580.712411][T10744] syzkaller0: entered promiscuous mode
[  580.717911][T10744] syzkaller0: entered allmulticast mode
[  581.126476][T10408] 8021q: adding VLAN 0 to HW filter on device bond0
[  581.256009][T10408] 8021q: adding VLAN 0 to HW filter on device team0
[  581.423878][ T1129] bridge0: port 1(bridge_slave_0) entered blocking state
[  581.431224][ T1129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  581.517019][ T1129] bridge0: port 2(bridge_slave_1) entered blocking state
[  581.524243][ T1129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  583.940784][ T6199] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  584.132928][ T6199] usb 1-1: Using ep0 maxpacket: 32
[  584.150155][ T6199] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  584.221952][ T6199] usb 1-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  584.261142][ T6199] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.269196][ T6199] usb 1-1: Product: syz
[  584.310808][ T6199] usb 1-1: Manufacturer: syz
[  584.315578][ T6199] usb 1-1: SerialNumber: syz
[  584.326463][ T6199] usb 1-1: config 0 descriptor??
[  584.452821][ T6199] snd_usb_variax 1-1:0.0: Line 6 Variax Workbench found
[  584.489819][ T6199] usb 1-1: selecting invalid altsetting 1
[  584.547766][ T6199] snd_usb_variax 1-1:0.0: set_interface failed
[  584.577479][ T6199] snd_usb_variax 1-1:0.0: Line 6 Variax Workbench now disconnected
[  584.622980][ T6199] snd_usb_variax 1-1:0.0: probe with driver snd_usb_variax failed with error -22
[  584.663747][ T6199] usb 1-1: USB disconnect, device number 52
[  585.135315][T10792] loop1: detected capacity change from 0 to 512
[  585.188171][T10792] EXT4-fs (loop1): Invalid log cluster size: 393218
[  585.197403][T10408] 8021q: adding VLAN 0 to HW filter on device batadv0
[  585.590981][ T7026] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  585.794053][ T7026] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  585.845294][ T7026] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  585.894121][ T7026] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  585.913545][ T7026] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.954100][ T7026] usb 2-1: Product: syz
[  585.958993][ T7026] usb 2-1: Manufacturer: syz
[  586.010569][ T7026] usb 2-1: SerialNumber: syz
[  586.033436][T10771] loop4: detected capacity change from 0 to 40427
[  586.101165][T10771] F2FS-fs (loop4): build fault injection rate: 174
[  586.107810][T10771] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  586.165193][T10771] F2FS-fs (loop4): invalid crc value
[  586.190834][ T8887] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  586.384998][ T8887] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  586.430834][ T8887] usb 6-1: config 0 has no interfaces?
[  586.440785][ T8887] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  586.480369][ T8887] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.524093][T10771] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  586.556365][ T8887] usb 6-1: config 0 descriptor??
[  586.581081][T10771] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  586.689703][T10771] syz.4.1453: attempt to access beyond end of device
[  586.689703][T10771] loop4: rw=2049, sector=45096, nr_sectors = 40 limit=40427
[  586.822135][ T8887] usb 6-1: USB disconnect, device number 48
[  587.010485][ T5842] syz-executor: attempt to access beyond end of device
[  587.010485][ T5842] loop4: rw=2049, sector=45136, nr_sectors = 8 limit=40427
[  587.077391][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  587.077439][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  587.077462][ T5842] Call Trace:
[  587.077473][ T5842]  <TASK>
[  587.077487][ T5842]  dump_stack_lvl+0x100/0x190
[  587.077541][ T5842]  f2fs_handle_critical_error+0x5d7/0x970
[  587.077603][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.077646][ T5842]  ? f2fs_build_fault_attr+0x53/0x1f0
[  587.077710][ T5842]  f2fs_write_end_io+0xc24/0xf00
[  587.077774][ T5842]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  587.077839][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.077899][ T5842]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  587.077957][ T5842]  bio_endio+0x755/0x8b0
[  587.078016][ T5842]  submit_bio_noacct+0x1b7/0x1e80
[  587.078071][ T5842]  __submit_merged_bio+0x331/0x6f0
[  587.078136][ T5842]  __submit_merged_write_cond+0x31a/0x3f0
[  587.078209][ T5842]  f2fs_write_cache_pages+0x21c8/0x2720
[  587.078278][ T5842]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  587.078331][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.078373][ T5842]  ? __lock_acquire+0xd73/0x2630
[  587.078459][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.078525][ T5842]  ? debug_check_no_obj_freed+0x31f/0x630
[  587.078631][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.078687][ T5842]  f2fs_write_data_pages+0x5a7/0x1060
[  587.078741][ T5842]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  587.078803][ T5842]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  587.078848][ T5842]  do_writepages+0x278/0x600
[  587.078909][ T5842]  ? __pfx_do_writepages+0x10/0x10
[  587.078953][ T5842]  ? do_raw_spin_unlock+0x145/0x1e0
[  587.078995][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.079038][ T5842]  ? _raw_spin_unlock+0x28/0x50
[  587.079086][ T5842]  filemap_writeback+0x22d/0x2e0
[  587.079141][ T5842]  ? __pfx_filemap_writeback+0x10/0x10
[  587.079189][ T5842]  ? check_noncircular+0x97/0x160
[  587.079302][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.079346][ T5842]  ? find_held_lock+0x2b/0x80
[  587.079391][ T5842]  ? f2fs_sync_dirty_inodes+0x3a7/0x940
[  587.079435][ T5842]  ? f2fs_sync_dirty_inodes+0x3a7/0x940
[  587.079478][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.079537][ T5842]  f2fs_sync_dirty_inodes+0x46a/0x940
[  587.079603][ T5842]  block_operations+0x2a6/0xfc0
[  587.079662][ T5842]  ? __pfx_block_operations+0x10/0x10
[  587.079704][ T5842]  ? check_noncircular+0x97/0x160
[  587.079817][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.079871][ T5842]  ? ktime_get+0x200/0x300
[  587.079923][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.079966][ T5842]  ? lockdep_hardirqs_on+0x78/0x100
[  587.080011][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.080058][ T5842]  ? rcu_is_watching+0x12/0xc0
[  587.080111][ T5842]  f2fs_write_checkpoint+0x47d/0x5240
[  587.080162][ T5842]  ? __pfx_try_to_wake_up+0x10/0x10
[  587.080213][ T5842]  ? kfree+0x1c7/0x690
[  587.080259][ T5842]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  587.080297][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.080347][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.080391][ T5842]  ? rcu_is_watching+0x12/0xc0
[  587.080435][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.080478][ T5842]  ? kthread_stop+0x280/0x5c0
[  587.080545][ T5842]  kill_f2fs_super+0x3d0/0x480
[  587.080592][ T5842]  ? __pfx_kill_f2fs_super+0x10/0x10
[  587.080659][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.080721][ T5842]  deactivate_locked_super+0xc1/0x1b0
[  587.080776][ T5842]  deactivate_super+0xe7/0x110
[  587.080830][ T5842]  cleanup_mnt+0x21f/0x450
[  587.080899][ T5842]  task_work_run+0x150/0x240
[  587.080942][ T5842]  ? __pfx_task_work_run+0x10/0x10
[  587.080983][ T5842]  ? srso_alias_return_thunk+0x5/0xfbef5
[  587.081026][ T5842]  ? __x64_sys_umount+0x124/0x1a0
[  587.081076][ T5842]  exit_to_user_mode_loop+0x100/0x4b0
[  587.081111][ T5842]  ? rcu_is_watching+0x12/0xc0
[  587.081159][ T5842]  do_syscall_64+0x4fe/0xf80
[  587.081210][ T5842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.081247][ T5842] RIP: 0033:0x7f33a199bf17
[  587.081277][ T5842] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  587.081313][ T5842] RSP: 002b:00007ffe83127e28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  587.081348][ T5842] RAX: 0000000000000000 RBX: 00007f33a1a0471f RCX: 00007f33a199bf17
[  587.081373][ T5842] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe83127ee0
[  587.081396][ T5842] RBP: 00007ffe83127ee0 R08: 00007ffe83128ee0 R09: 00000000ffffffff
[  587.081420][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe83128f70
[  587.081443][ T5842] R13: 00007f33a1a0471f R14: 000000000008f3ee R15: 00007ffe83128fb0
[  587.081497][ T5842]  </TASK>
[  587.107741][ T7026] cdc_ncm 2-1:1.0: bind() failure
[  587.394879][T10408] veth0_vlan: entered promiscuous mode
[  587.399607][ T5842] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  587.464212][T10408] veth1_vlan: entered promiscuous mode
[  587.839837][T10408] veth0_macvtap: entered promiscuous mode
[  588.027691][T10820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'.
[  588.724840][ T7026] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  588.759857][ T7026] cdc_ncm 2-1:1.1: bind() failure
[  588.790175][T10408] veth1_macvtap: entered promiscuous mode
[  588.906997][T10408] batman_adv: batadv0: Interface activated: batadv_slave_0
[  588.928062][ T7026] usb 2-1: USB disconnect, device number 39
[  589.007458][T10408] batman_adv: batadv0: Interface activated: batadv_slave_1
[  589.108718][   T60] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.190889][   T60] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.199948][   T60] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.292024][   T60] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.876500][ T4523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  589.958699][ T4523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.970950][ T7026] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  590.161376][ T7026] usb 2-1: Using ep0 maxpacket: 32
[  590.174828][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.219047][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.265934][ T7026] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  590.414233][ T7026] usb 2-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  590.445720][ T7026] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.500373][ T7026] usb 2-1: Product: syz
[  590.526512][ T7026] usb 2-1: Manufacturer: syz
[  590.594516][ T7026] usb 2-1: SerialNumber: syz
[  590.624022][ T7026] usb 2-1: config 0 descriptor??
[  590.658578][ T7026] snd_usb_variax 2-1:0.0: Line 6 Variax Workbench found
[  590.688934][ T7026] usb 2-1: selecting invalid altsetting 1
[  590.815157][ T7026] snd_usb_variax 2-1:0.0: set_interface failed
[  590.861407][ T7026] snd_usb_variax 2-1:0.0: Line 6 Variax Workbench now disconnected
[  590.967037][ T7026] snd_usb_variax 2-1:0.0: probe with driver snd_usb_variax failed with error -22
[  590.999680][T10841] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1467'.
[  593.285892][T10865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.297029][T10865] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.053682][T10875] loop2: detected capacity change from 0 to 16
[  595.085886][T10875] erofs (device loop2): mounted with root inode @ nid 36.
[  595.151173][T10875] erofs (device loop2): readahead error at folio 3600 @ nid 36
[  595.200847][T10875] erofs (device loop2): readahead error at folio 3599 @ nid 36
[  595.237248][T10876] erofs (device loop2): read error -117 @ 8200 of nid 36
[  595.292359][T10875] erofs (device loop2): read error -117 @ 8200 of nid 36
[  595.310880][ T6014] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  595.586125][ T6014] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  595.630919][ T6014] usb 7-1: config 0 has no interfaces?
[  595.675094][ T6014] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  595.731813][ T6014] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.850894][ T6014] usb 7-1: config 0 descriptor??
[  596.165218][ T6014] usb 7-1: USB disconnect, device number 2
[  597.861201][T10123] usb 2-1: USB disconnect, device number 40
[  598.804042][T10905] overlayfs: missing 'workdir'
[  599.023400][T10909] loop4: detected capacity change from 0 to 16
[  599.053754][T10909] erofs (device loop4): invalid checksum 0xa952a44d, 0x7bbbea8c expected
[  599.157323][ T7928] udevd[7928]: incorrect erofs checksum on /dev/loop4
[  599.700794][ T8887] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  599.712453][T10921] netlink: 'syz.2.1485': attribute type 27 has an invalid length.
[  599.902908][ T8887] usb 2-1: config 0 has no interfaces?
[  599.927412][ T8887] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  599.972855][ T8887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.013165][ T8887] usb 2-1: config 0 descriptor??
[  600.057727][T10921] bridge0: port 2(bridge_slave_1) entered disabled state
[  600.065249][T10921] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.240908][ T6014] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  600.269528][T10913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  600.305425][T10913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.333698][ T8887] usb 2-1: USB disconnect, device number 41
[  600.413052][ T6014] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  601.025973][ T6014] usb 5-1: config 0 has no interfaces?
[  601.093417][ T6014] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  601.123103][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.152018][ T6014] usb 5-1: config 0 descriptor??
[  601.309517][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  601.313962][T10937] loop0: detected capacity change from 0 to 1024
[  601.336686][T10937] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  601.352440][T10937] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  601.361304][ T6014] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  601.373311][T10937] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  601.391505][T10937] EXT4-fs error (device loop0): ext4_get_journal_inode:5849: inode #32: comm syz.0.1491: iget: special inode unallocated
[  601.392100][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  601.406379][T10937] EXT4-fs (loop0): no journal found
[  601.490490][ T6199] usb 5-1: USB disconnect, device number 41
[  601.491531][T10937] EXT4-fs (loop0): can't get journal size
[  601.540043][T10937] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a840e118, mo2=0002]
[  601.590764][ T6014] usb 7-1: Using ep0 maxpacket: 32
[  601.599358][ T6014] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  601.612973][ T6014] usb 7-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  601.623187][ T6014] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.625705][T10937] EXT4-fs error (device loop0): ext4_protect_reserved_inode:160: inode #32: comm syz.0.1491: iget: special inode unallocated
[  601.631306][ T6014] usb 7-1: Product: syz
[  601.631337][ T6014] usb 7-1: Manufacturer: syz
[  601.631364][ T6014] usb 7-1: SerialNumber: syz
[  601.662296][ T6014] usb 7-1: config 0 descriptor??
[  601.765902][ T6014] snd_usb_variax 7-1:0.0: Line 6 Variax Workbench found
[  601.803848][ T6014] usb 7-1: selecting invalid altsetting 1
[  601.810036][T10937] EXT4-fs (loop0): failed to initialize system zone (-117)
[  601.848784][ T6014] snd_usb_variax 7-1:0.0: set_interface failed
[  601.868992][ T6014] snd_usb_variax 7-1:0.0: Line 6 Variax Workbench now disconnected
[  601.869674][T10937] EXT4-fs (loop0): mount failed
[  601.898470][T10933] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1490'.
[  601.994868][T10935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  602.001076][ T6014] snd_usb_variax 7-1:0.0: probe with driver snd_usb_variax failed with error -22
[  602.013327][T10935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.272885][T10942] overlayfs: missing 'lowerdir'
[  604.184881][T10922] 8021q: adding VLAN 0 to HW filter on device bond0
[  604.526435][T10123] usb 7-1: USB disconnect, device number 3
[  604.535512][T10922] 8021q: adding VLAN 0 to HW filter on device team0
[  604.614461][T10922] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  604.820931][T10929] tc_dump_action: action bad kind
[  604.862671][ T6144] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  604.895036][   T50] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  604.948330][   T50] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  605.003607][   T50] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  605.820891][ T6014] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  605.880805][ T5955] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  606.053209][ T6014] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  606.095035][ T5955] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  606.119963][ T6014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  606.272466][ T5955] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  606.314260][ T6014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  606.355158][ T5955] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  606.372906][ T6014] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  606.435919][ T5955] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  606.468674][ T6014] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  606.726328][ T5955] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  606.811163][T10996] : Can't lookup blockdev
[  607.536246][ T6014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.573407][ T6014] usb 3-1: config 0 descriptor??
[  607.579932][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.621567][ T5955] usb 5-1: config 0 descriptor??
[  607.712047][T10999] netlink: 260 bytes leftover after parsing attributes in process `syz.1.1506'.
[  609.124159][ T5955] usb 5-1: can't set config #0, error -71
[  609.153163][ T6014] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  609.205213][T11005] overlayfs: missing 'lowerdir'
[  609.236019][ T5955] usb 5-1: USB disconnect, device number 42
[  611.420844][ T9012] usb 3-1: reset high-speed USB device number 55 using dummy_hcd
[  611.543710][T11018] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1510'.
[  613.332388][ T5955] usb 3-1: USB disconnect, device number 55
[  613.553977][T11035] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1516'.
[  613.970826][ T5955] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  614.171045][ T5955] usb 5-1: Using ep0 maxpacket: 32
[  614.268126][ T5955] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  614.438217][ T5955] usb 5-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=58.d6
[  614.499433][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.648915][ T5955] usb 5-1: Product: syz
[  614.661114][ T5955] usb 5-1: Manufacturer: syz
[  614.670732][ T5955] usb 5-1: SerialNumber: syz
[  614.708820][ T5955] usb 5-1: config 0 descriptor??
[  614.784843][ T5955] snd_usb_variax 5-1:0.0: Line 6 Variax Workbench found
[  614.832554][ T5955] usb 5-1: selecting invalid altsetting 1
[  614.852848][ T5955] snd_usb_variax 5-1:0.0: set_interface failed
[  614.859330][ T5955] snd_usb_variax 5-1:0.0: Line 6 Variax Workbench now disconnected
[  615.070021][T11043] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1512'.
[  615.090965][ T5955] snd_usb_variax 5-1:0.0: probe with driver snd_usb_variax failed with error -22
[  615.138153][T11043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  615.148608][T11043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  615.887584][T11045] loop6: detected capacity change from 0 to 40427
[  616.021957][T11045] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  616.118947][T11045] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  616.738394][T11045] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  617.160821][ T6199] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  617.380723][ T6199] usb 1-1: Using ep0 maxpacket: 8
[  617.410035][ T6199] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  617.474046][ T6199] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  617.570844][ T6199] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  617.612335][ T6199] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  617.670759][ T6199] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  617.738952][ T6199] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  617.826580][ T6199] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.129597][T11073] loop2: detected capacity change from 0 to 128
[  618.186241][ T6199] usb 1-1: GET_CAPABILITIES returned 0
[  618.211062][ T6199] usbtmc 1-1:16.0: can't read capabilities
[  618.397980][ T7171] usb 1-1: USB disconnect, device number 53
[  618.540845][ T6199] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  618.759885][ T6199] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  618.787884][ T6199] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.806277][ T6199] usb 3-1: Product: syz
[  618.826565][ T6199] usb 3-1: Manufacturer: syz
[  618.831520][ T6199] usb 3-1: SerialNumber: syz
[  618.933073][ T7171] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  619.113773][ T9012] usb 5-1: USB disconnect, device number 43
[  619.134625][ T7171] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  619.188838][T11085] netlink: 'syz.5.1524': attribute type 27 has an invalid length.
[  619.204048][ T7171] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  619.255224][ T7171] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  619.342436][ T7171] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  619.515437][ T7171] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  619.737033][ T7171] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.751787][ T6038] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  620.065273][ T7171] usb 7-1: config 0 descriptor??
[  620.083631][   T31] kauditd_printk_skb: 3 callbacks suppressed
[  620.083687][   T31] audit: type=1326 audit(1769196714.068:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f213279acb9 code=0x7ffc0000
[  620.114135][ T6199] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  620.168792][   T31] audit: type=1326 audit(1769196714.078:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f213279acb9 code=0x7ffc0000
[  620.192214][ T6038] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  620.217926][ T6038] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  620.239382][ T6038] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  620.258802][   T31] audit: type=1326 audit(1769196714.078:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f213279acb9 code=0x7ffc0000
[  620.296278][ T6038] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  620.363101][T11073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.381359][T11073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.405279][ T6038] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  620.422413][   T31] audit: type=1326 audit(1769196714.108:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f213279a94b code=0x7ffc0000
[  620.460277][ T6038] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.506696][ T6038] usb 2-1: config 0 descriptor??
[  620.557139][   T31] audit: type=1326 audit(1769196714.108:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f213279a94b code=0x7ffc0000
[  620.597220][T11085] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.604712][T11085] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.665562][ T7171] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  620.721057][   T31] audit: type=1326 audit(1769196714.118:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f213275b58e code=0x7ffc0000
[  620.831101][   T31] audit: type=1326 audit(1769196714.338:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f213279acb9 code=0x7ffc0000
[  621.027988][ T6038] plantronics 0003:047F:FFFF.0016: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  621.050770][   T31] audit: type=1326 audit(1769196714.338:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f213275b58e code=0x7ffc0000
[  621.158555][   T31] audit: type=1326 audit(1769196714.338:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f213279a94b code=0x7ffc0000
[  621.295849][   T31] audit: type=1326 audit(1769196714.338:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11072 comm="syz.2.1522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f213279a94b code=0x7ffc0000
[  621.579892][T11085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  621.643611][T11085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  621.877205][T11102] usb 7-1: USB disconnect, device number 4
[  623.068321][T11102] usb 2-1: USB disconnect, device number 42
[  624.053822][T11085] ip6gre1: left promiscuous mode
[  624.074322][T11085] ip6gre1: left allmulticast mode
[  624.130207][T11135] loop1: detected capacity change from 0 to 1024
[  624.167381][T11135] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  624.227250][T11135] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  624.274574][T11135] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[  624.311926][T11135] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  624.344628][T11135] EXT4-fs error (device loop1): ext4_get_journal_inode:5849: comm syz.1.1535: inode #1: comm syz.1.1535: iget: illegal inode #
[  624.400853][T11135] EXT4-fs (loop1): Remounting filesystem read-only
[  624.436574][T11092] 8021q: adding VLAN 0 to HW filter on device bond0
[  624.460530][T11135] EXT4-fs (loop1): no journal found
[  624.484757][T11092] 8021q: adding VLAN 0 to HW filter on device team0
[  624.600082][T11092] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  624.793911][ T6199] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  624.818235][   T12] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  624.881098][   T12] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  624.932457][   T12] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  624.935210][ T6199] usb 3-1: USB disconnect, device number 56
[  625.029255][   T12] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  625.048020][ T6199] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  625.475476][T11129] loop6: detected capacity change from 0 to 40427
[  625.540440][T11129] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  625.550428][ T9012] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  625.571266][T11129] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  625.602120][T11129] F2FS-fs (loop6): invalid crc value
[  625.762815][ T9012] usb 2-1: Using ep0 maxpacket: 8
[  625.794556][ T9012] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  625.842731][ T9012] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  625.885884][ T9012] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  625.959504][ T9012] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  626.017894][ T9012] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  626.107615][T11157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1539'.
[  626.150428][T11157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1539'.
[  627.058709][ T9012] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  627.100130][ T9012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.127654][T11129] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  628.184579][ T9012] usb 2-1: GET_CAPABILITIES returned 0
[  628.195249][ T9012] usbtmc 2-1:16.0: can't read capabilities
[  628.727048][T11175] serio: Serial port ttyS3
[  629.443223][ T5955] usb 2-1: USB disconnect, device number 43
[  629.850231][ T5931] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  630.103175][ T5931] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.199599][ T5931] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  630.239596][ T5931] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  630.335474][ T5931] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  630.379446][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.435610][ T5931] usb 1-1: Product: syz
[  630.466004][ T5931] usb 1-1: Manufacturer: syz
[  630.669427][ T5931] usb 1-1: SerialNumber: syz
[  630.690098][ T5931] usb 1-1: config 0 descriptor??
[  630.702971][T11180] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  630.744660][ T5931] dm9601 1-1:0.0: probe with driver dm9601 failed with error -22
[  631.726174][ T5955] usb 1-1: USB disconnect, device number 54
[  632.110931][ T5931] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  632.237258][T11199] loop6: detected capacity change from 0 to 512
[  632.312925][ T5931] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  632.326821][T11199] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  632.392211][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  632.443899][T11199] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  632.454763][ T5931] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  632.478489][T11199] EXT4-fs (loop6): 1 truncate cleaned up
[  632.516287][T11199] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  632.527390][T11203] loop1: detected capacity change from 0 to 1024
[  632.536418][T11203] EXT4-fs: Ignoring removed nomblk_io_submit option
[  632.558886][ T5931] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  632.594346][T11203] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  632.714686][T11203] System zones: 0-1, 3-36
[  632.797236][ T5931] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  632.807078][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.822068][ T5931] usb 5-1: config 0 descriptor??
[  632.846847][T11203] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  633.971101][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  634.988606][ T5931] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  636.146616][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  636.446316][T10408] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  636.468110][ T5931] usb 5-1: USB disconnect, device number 44
[  636.888607][ T6199] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  637.108962][ T6199] usb 1-1: Using ep0 maxpacket: 8
[  637.116563][ T6199] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  637.188201][ T6199] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  637.189921][T11245] loop1: detected capacity change from 0 to 1024
[  637.231903][ T6199] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  637.298717][ T6199] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  637.321407][T11245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  637.349914][T11245] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  637.387137][ T6199] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  637.477768][ T6199] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  637.561979][ T6199] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.804398][ T5955] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  637.833096][ T6199] usb 1-1: GET_CAPABILITIES returned 0
[  637.845860][ T6199] usbtmc 1-1:16.0: can't read capabilities
[  637.972423][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  638.070877][T11256] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1564'.
[  638.080091][T11256] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1564'.
[  638.100944][T11133] usb 1-1: USB disconnect, device number 55
[  638.117622][ T5955] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  638.140351][ T5955] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  638.154892][ T5955] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  638.406534][ T5955] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  638.429010][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.452604][ T5955] usb 3-1: Product: syz
[  638.470673][ T5955] usb 3-1: Manufacturer: syz
[  638.492078][ T5955] usb 3-1: SerialNumber: syz
[  638.519324][ T5955] usb 3-1: config 0 descriptor??
[  638.539310][T11252] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  638.615570][ T5955] dm9601 3-1:0.0: probe with driver dm9601 failed with error -22
[  638.823648][ T5955] usb 3-1: USB disconnect, device number 57
[  639.082102][T11264] loop5: detected capacity change from 0 to 1024
[  639.136750][T11264] EXT4-fs: Ignoring removed nomblk_io_submit option
[  640.332780][T11264] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  640.411786][T11264] System zones: 0-1, 3-36
[  640.461134][T11264] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  641.753787][ T6199] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  641.766671][ T5833] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  641.963089][ T6199] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  642.007387][ T6199] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  642.047366][ T6199] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  642.057160][ T6199] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  642.165440][ T6199] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  642.181336][T11280] loop5: detected capacity change from 0 to 512
[  642.222857][ T6199] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.265398][ T6199] usb 3-1: config 0 descriptor??
[  642.356746][T11280] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  642.397381][T11280] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  642.571202][   T31] kauditd_printk_skb: 16 callbacks suppressed
[  642.571228][   T31] audit: type=1804 audit(1769199314.564:52): pid=11280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1572" name="/newroot/265/file1/file2" dev="loop5" ino=16 res=1 errno=0
[  642.756137][ T5833] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  642.808930][ T6199] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  643.627919][ T6199] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  643.711540][T11311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1582'.
[  643.752980][T11311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1582'.
[  644.597094][ T6199] usb 7-1: Using ep0 maxpacket: 16
[  644.606584][ T6199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  644.629255][ T6199] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  644.638635][ T6199] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.646662][ T6199] usb 7-1: Product: syz
[  644.652709][ T6199] usb 7-1: Manufacturer: syz
[  644.657402][ T6199] usb 7-1: SerialNumber: syz
[  644.676456][ T6199] usb 7-1: config 0 descriptor??
[  644.686914][ T6199] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  644.696329][ T6199] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  644.754809][ T5955] usb 3-1: USB disconnect, device number 58
[  645.125555][T11319] loop5: detected capacity change from 0 to 512
[  645.813878][T11324] ptrace attach of ""[11325] was attempted by "./syz-executor exec"[11324]
[  646.095433][ T6199] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  646.127749][T11318] loop1: detected capacity change from 0 to 4096
[  646.144561][T11319] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  646.186382][T11318] EXT4-fs: Ignoring removed nomblk_io_submit option
[  646.213644][T11319] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  646.288871][T11319] System zones: 0-1, 15-15, 18-18, 34-34
[  646.294954][T11319] EXT4-fs (loop5): orphan cleanup on readonly fs
[  646.328339][T11318] EXT4-fs (loop1): Test dummy encryption mode enabled
[  646.335305][T11318] EXT4-fs (loop1): stripe (97) is not aligned with cluster size (16), stripe is disabled
[  646.355926][T11319] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=0
[  646.406302][T11318] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[  646.451169][T11318] System zones: 0-5
[  646.458589][T11319] EXT4-fs warning (device loop5): ext4_enable_quotas:7217: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  646.482099][T11318] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  646.508524][T11319] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  646.579409][T11319] EXT4-fs (loop5): 1 truncate cleaned up
[  646.618914][T11319] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  646.734971][ T6199] em28xx 7-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  646.746365][T11319] fscrypt (loop5, inode 16): Error -61 getting encryption context
[  646.787714][T11340] fscrypt (loop5, inode 16): Error -61 getting encryption context
[  646.794093][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  646.805906][ T6199] em28xx 7-1:0.0: board has no eeprom
[  646.987997][ T5833] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  647.079568][ T6199] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  647.103574][ T6199] em28xx 7-1:0.0: dvb set to bulk mode.
[  647.133374][ T5931] em28xx 7-1:0.0: Binding DVB extension
[  647.176787][ T6199] usb 7-1: USB disconnect, device number 5
[  647.334464][ T6199] em28xx 7-1:0.0: Disconnecting em28xx
[  647.336743][ T5988] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  647.431514][ T5931] em28xx 7-1:0.0: Registering input extension
[  647.761515][ T6199] em28xx 7-1:0.0: Closing input extension
[  647.828716][ T5988] usb 3-1: unable to get BOS descriptor or descriptor too short
[  647.874603][ T5988] usb 3-1: config 5 has an invalid interface number: 57 but max is 0
[  647.888136][ T6199] em28xx 7-1:0.0: Freeing device
[  647.925162][ T5988] usb 3-1: config 5 has no interface number 0
[  647.956397][ T5988] usb 3-1: config 5 interface 57 has no altsetting 0
[  647.993632][ T5988] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=d3.87
[  648.056355][ T5988] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.093069][ T5988] usb 3-1: Product: syz
[  648.115630][ T5988] usb 3-1: Manufacturer: syz
[  648.135241][ T5988] usb 3-1: SerialNumber: syz
[  648.438285][ T5988] usb 3-1: selecting invalid altsetting 0
[  648.520239][ T5988] usb 3-1: USB disconnect, device number 59
[  648.566644][T11365] tipc: Started in network mode
[  648.585486][T11365] tipc: Node identity 00000011000000000000000000000001, cluster identity 4711
[  648.597803][ T7928] udevd[7928]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:5.57/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  648.687329][T11365] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  648.746925][T11369] fuse: Bad value for 'fd'
[  650.827323][T11391] binder: 11389:11391 ioctl c0306201 0 returned -14
[  652.980566][T11416] loop5: detected capacity change from 0 to 512
[  653.031064][T11416] EXT4-fs: Ignoring removed bh option
[  653.088188][T11416] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  653.158178][T11416] EXT4-fs error (device loop5): ext4_iget_extra_inode:5072: inode #15: comm syz.5.1617: corrupted in-inode xattr: e_value size too large
[  653.176103][T11419] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1619'.
[  653.185117][T11419] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1619'.
[  653.187530][T11416] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.1617: couldn't read orphan inode 15 (err -117)
[  653.328793][T11416] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  653.786749][T11430] loop4: detected capacity change from 0 to 256
[  653.897946][ T5833] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  654.149717][T11435] loop1: detected capacity change from 0 to 128
[  654.428799][T11436] ./file0: Can't open blockdev
[  655.226510][T11438] binder: 11437:11438 ioctl c0306201 0 returned -14
[  655.611923][T11443] loop5: detected capacity change from 0 to 1024
[  655.660111][T11444] loop2: detected capacity change from 0 to 1024
[  655.685128][T11443] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[  655.703946][T11444] EXT4-fs (loop2): invalid inodes per group: 0
[  655.703946][T11444] 
[  658.278474][T11470] kAFS: unable to lookup cell 'ÿ'
[  658.360045][T11475] kAFS: unable to lookup cell '(,c¾Ì'
[  658.516466][T11472] loop6: detected capacity change from 0 to 512
[  658.551375][T11476] loop2: detected capacity change from 0 to 256
[  658.609044][T11472] EXT4-fs error (device loop6): ext4_validate_block_bitmap:440: comm syz.6.1636: bg 0: block 393: padding at end of block bitmap is not set
[  658.714777][T11472] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  658.769606][T11472] EXT4-fs (loop6): 2 truncates cleaned up
[  658.809705][T11472] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  660.276046][T11490] binder: 11489:11490 ioctl c0306201 0 returned -14
[  660.406354][T10408] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  661.821996][T11535] loop5: detected capacity change from 0 to 128
[  663.184858][T11545] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  663.192560][T11545] IPv6: NLM_F_CREATE should be set when creating new route
[  663.442101][ T6008] kworker/u8:16: attempt to access beyond end of device
[  663.442101][ T6008] loop5: rw=1, sector=145, nr_sectors = 896 limit=128
[  664.318522][T11560] loop5: detected capacity change from 0 to 256
[  664.438109][T11560] vfat: Deprecated parameter 'posix'
[  664.564805][T11560] FAT-fs: "posix" option is obsolete, not supported now
[  667.262084][T11574] loop6: detected capacity change from 0 to 512
[  667.390442][T11574] EXT4-fs (loop6): Test dummy encryption mode enabled
[  667.482984][T11574] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  667.521913][T11574] EXT4-fs (loop6): SIPHASH is not a valid default hash value
[  667.633163][ T5839] Bluetooth: hci6: command 0x0406 tx timeout
[  667.868436][T11586] loop2: detected capacity change from 0 to 2048
[  668.011017][ T7864]  loop2: p3 < > p4 < >
[  668.017899][ T7864] loop2: partition table partially beyond EOD, truncated
[  668.053212][ T7864] loop2: p3 start 4284289 is beyond EOD, truncated
[  668.136198][T11588] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1665'.
[  668.163582][T11586]  loop2: p3 < > p4 < >
[  668.167801][T11586] loop2: partition table partially beyond EOD, truncated
[  668.186075][T11586] loop2: p3 start 4284289 is beyond EOD, truncated
[  671.723685][T11621] kAFS: unable to lookup cell 'ÿ'
[  671.729430][T11621] kAFS: unable to lookup cell '(,c¾Ì'
[  671.862583][T11620] loop4: detected capacity change from 0 to 1024
[  672.050880][T11620] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  672.293297][T11628] loop2: detected capacity change from 0 to 512
[  672.316604][T11628] EXT4-fs: Ignoring removed i_version option
[  672.354983][T11628] EXT4-fs: Ignoring removed bh option
[  672.459573][T11620] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1303: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  672.581580][T11628] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  672.622331][T11628] ext4 filesystem being mounted at /280/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  672.646815][T11620] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  672.772436][T11638] loop1: detected capacity change from 0 to 512
[  672.791346][T11638] EXT4-fs: Ignoring removed nobh option
[  672.852403][   T31] audit: type=1800 audit(1769199344.849:53): pid=11628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1677" name="file1" dev="loop2" ino=15 res=0 errno=0
[  672.857762][T11638] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.1679: iget: bad i_size value: 38620345925642
[  673.102390][T11620] EXT4-fs (loop4): This should not happen!! Data will be lost
[  673.102390][T11620] 
[  673.136978][T11620] EXT4-fs (loop4): Total free blocks count 0
[  673.143661][T11638] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.1679: couldn't read orphan inode 15 (err -117)
[  673.241046][T11620] EXT4-fs (loop4): Free/Dirty block details
[  673.266321][T11638] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  673.477973][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  673.507821][T11620] EXT4-fs (loop4): free_blocks=68451041280
[  673.551002][T11620] EXT4-fs (loop4): dirty_blocks=80
[  673.607811][T11620] EXT4-fs (loop4): Block reservation details
[  673.652777][T11638] EXT4-fs error (device loop1): ext4_validate_block_bitmap:431: comm syz.1.1679: bg 0: block 5: invalid block bitmap
[  673.662308][T11620] EXT4-fs (loop4): i_reserved_data_blocks=5
[  673.755004][T11638] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 12 with max blocks 16 with error 28
[  673.831986][T11638] EXT4-fs (loop1): This should not happen!! Data will be lost
[  673.831986][T11638] 
[  673.924257][T11638] EXT4-fs (loop1): Total free blocks count 0
[  673.930393][T11638] EXT4-fs (loop1): Free/Dirty block details
[  673.972028][T11638] EXT4-fs (loop1): free_blocks=0
[  673.981553][T11638] EXT4-fs (loop1): dirty_blocks=236
[  674.025312][T11523] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  674.048633][T11638] EXT4-fs (loop1): Block reservation details
[  674.061898][T11638] EXT4-fs (loop1): i_reserved_data_blocks=236
[  674.080514][T11507] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 12 with error 28
[  675.022695][T11669] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1693'.
[  675.091143][T11668] loop2: detected capacity change from 0 to 4096
[  675.153063][T11668] EXT4-fs: inline encryption not supported
[  675.158957][T11668] EXT4-fs: Ignoring removed i_version option
[  675.179249][T11672] loop4: detected capacity change from 0 to 2048
[  675.247519][T11668] EXT4-fs (loop2): Test dummy encryption mode enabled
[  675.276938][T11672] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  675.338457][T11668] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  675.342626][T11672] ext4 filesystem being mounted at /267/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  675.542877][   T31] audit: type=1804 audit(1769199347.550:54): pid=11672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1694" name="/newroot/267/file0/file0/file0" dev="loop4" ino=13 res=1 errno=0
[  675.593047][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  675.713432][ T5988] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  675.742902][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  675.939614][ T5988] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  675.968494][ T5988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.009536][T11689] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1700'.
[  676.019114][ T5988] usb 1-1: Product: syz
[  676.030898][ T5988] usb 1-1: Manufacturer: syz
[  676.053829][ T5988] usb 1-1: SerialNumber: syz
[  676.450258][T11665] loop1: detected capacity change from 0 to 40427
[  676.509166][T11665] F2FS-fs (loop1): Invalid log_blocksize (64), supports only 12
[  676.531892][T11702] capability: warning: `syz.6.1707' uses deprecated v2 capabilities in a way that may be insecure
[  676.542728][T11665] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  676.656631][T11665] F2FS-fs (loop1): invalid crc value
[  676.914256][T11709] loop5: detected capacity change from 0 to 512
[  676.988213][T11709] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  677.001090][T11709] ext4 filesystem being mounted at /287/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  677.051057][T11708] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #2: comm syz.5.1704: corrupted inode contents
[  677.066649][T11708] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #2: comm syz.5.1704: mark_inode_dirty error
[  677.080420][T11708] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #2: comm syz.5.1704: corrupted inode contents
[  677.092648][T11708] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.1704: mark_inode_dirty error
[  677.135545][ T5988] cdc_ncm 1-1:1.0: failed to get mac address
[  677.373438][ T5988] cdc_ncm 1-1:1.0: bind() failure
[  677.451086][T11665] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  677.475209][ T5988] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  677.520528][ T5988] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  677.529505][T11715] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1709'.
[  677.543259][T11665] F2FS-fs (loop1): Start checkpoint disabled!
[  677.603096][ T5988] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  677.621472][T11665] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  677.674427][ T5988] usb 1-1: USB disconnect, device number 56
[  677.714340][T11665] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  677.751693][T11665] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  678.267392][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  678.444896][   T24] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  678.462773][   T24] usb 7-1: config 0 interface 0 has no altsetting 0
[  678.478452][   T24] usb 7-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  678.505103][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.573681][   T24] usb 7-1: config 0 descriptor??
[  679.184909][T11731] loop1: detected capacity change from 0 to 512
[  679.198345][   T24] hid-led 0003:0FC5:B080.0019: probe with driver hid-led failed with error -71
[  679.220675][   T24] usb 7-1: USB disconnect, device number 6
[  679.229723][T11731] EXT4-fs: Ignoring removed bh option
[  679.269352][T11731] EXT4-fs: Ignoring removed mblk_io_submit option
[  679.306572][T11731] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  679.355397][T11731] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  679.389319][T11731] EXT4-fs (loop1): orphan cleanup on readonly fs
[  679.540775][T11731] Quota error (device loop1): do_insert_tree: Free block already used in tree: block 4
[  679.600417][T11731] Quota error (device loop1): qtree_write_dquot: Error -5 occurred while creating quota
[  679.632663][T11731] EXT4-fs error (device loop1): ext4_acquire_dquot:6984: comm syz.1.1712: Failed to acquire dquot type 1
[  679.679566][T11731] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:482: comm syz.1.1712: Invalid block bitmap block 0 in block_group 0
[  679.836920][T11731] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:482: comm syz.1.1712: Invalid block bitmap block 0 in block_group 0
[  679.880187][T11731] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:482: comm syz.1.1712: Invalid block bitmap block 0 in block_group 0
[  679.919728][T11731] Quota error (device loop1): write_blk: dquota write failed
[  679.942537][T11731] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  679.971013][T11731] EXT4-fs error (device loop1): ext4_acquire_dquot:6984: comm syz.1.1712: Failed to acquire dquot type 1
[  680.003735][T11731] Quota error (device loop1): write_blk: dquota write failed
[  680.033377][T11731] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota
[  680.059183][T11731] EXT4-fs error (device loop1): ext4_acquire_dquot:6984: comm syz.1.1712: Failed to acquire dquot type 1
[  680.124199][T11731] EXT4-fs (loop1): 1 orphan inode deleted
[  680.156159][T11731] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  680.246653][T11731] EXT4-fs error (device loop1): ext4_lookup:1787: inode #2: comm syz.1.1712: deleted inode referenced: 12
[  680.405915][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.855390][T11759] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1724'.
[  681.872592][T11760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1721'.
[  681.890735][T11760] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1721'.
[  682.053356][T11755] loop4: detected capacity change from 0 to 2048
[  682.090484][T11097] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  682.246565][T11755] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  682.268932][T11097] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  682.337476][T11755] ext4 filesystem being mounted at /273/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  682.353822][T11097] usb 1-1: config 0 has no interfaces?
[  682.368098][T11097] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  682.400955][T11097] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.429932][T11097] usb 1-1: config 0 descriptor??
[  682.533760][T11755] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz.4.1722: invalid fast symlink length 39
[  682.762315][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  682.805425][   T24] usb 1-1: USB disconnect, device number 57
[  683.058218][T11769] loop4: detected capacity change from 0 to 512
[  683.158068][T11769] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  683.275726][T11769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  683.288547][T11769] ext4 filesystem being mounted at /274/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  685.930576][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  686.576233][T11798] FAT-fs (loop1): unable to read boot sector
[  688.329709][T11806] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1738'.
[  688.617682][T11811] loop4: detected capacity change from 0 to 256
[  689.051944][T11821] loop1: detected capacity change from 0 to 256
[  689.066427][T11821] exfat: Deprecated parameter 'utf8'
[  689.363512][ T5850] exFAT-fs (loop1): error, data size is invalid(34359738378)
[  689.379702][ T5850] exFAT-fs (loop1): Filesystem has been set read-only
[  689.396247][ T5850] exFAT-fs (loop1): error, data size is invalid(34359738378)
[  690.077736][T11834] FAT-fs (loop9): unable to read boot sector
[  690.914854][T11831] loop6: detected capacity change from 0 to 4096
[  690.956017][T11831] EXT4-fs: inline encryption not supported
[  691.003945][T11831] EXT4-fs (loop6): Test dummy encryption mode enabled
[  691.058151][T11831] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  691.074255][T11831] System zones: 0-5
[  691.128262][T11831] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  691.801241][T11831] fs-verity (loop6, inode 13): Error -4 reading file data
[  691.816291][T11831] fs-verity (loop6, inode 13): Error -4 building Merkle tree
[  691.916147][ T5833] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  692.084486][T10408] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  692.646067][T11845] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  692.689166][T11848] loop6: detected capacity change from 0 to 512
[  692.810448][   T12] bridge_slave_1: left allmulticast mode
[  692.837500][T11848] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  692.839894][   T12] bridge_slave_1: left promiscuous mode
[  692.877638][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.899928][T11848] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  694.089914][   T12] bridge_slave_0: left allmulticast mode
[  694.095625][   T12] bridge_slave_0: left promiscuous mode
[  694.141657][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  694.248565][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  694.281068][T11848] EXT4-fs error (device loop6): ext4_xattr_block_find:1879: inode #12: comm syz.6.1756: corrupted xattr block 6: invalid header
[  694.281541][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  694.315890][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  694.348577][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  694.402890][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  694.550031][T11865] loop2: detected capacity change from 0 to 1024
[  694.557465][T11865] EXT4-fs: inline encryption not supported
[  694.628429][T11865] EXT4-fs: Ignoring removed bh option
[  694.665843][T11865] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  694.740651][T10408] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  694.766465][T11865] EXT4-fs (loop2): orphan cleanup on readonly fs
[  694.796889][T11865] EXT4-fs error (device loop2): ext4_quota_enable:7177: comm syz.2.1760: inode #2304: comm syz.2.1760: iget: illegal inode #
[  694.818789][T11865] EXT4-fs (loop2): Remounting filesystem read-only
[  694.825462][T11865] EXT4-fs warning (device loop2): ext4_enable_quotas:7217: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  694.847322][T10410] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  694.848401][T11097] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  694.858695][T11865] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  694.870984][T10410] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  694.881599][T10410] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  694.897018][T10410] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  694.905133][T10410] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  694.917969][T11865] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  695.130561][T11097] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  695.165488][T11097] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  695.187483][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  695.218385][T11097] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  695.258354][T11097] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  695.303173][T11097] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  695.360137][T11097] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.394952][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  695.644560][T11097] usb 5-1: config 0 descriptor??
[  695.872412][T11892] FAT-fs (loop1): bogus number of reserved sectors
[  695.879246][T11892] FAT-fs (loop1): Can't find a valid FAT filesystem
[  696.437260][T10410] Bluetooth: hci2: command tx timeout
[  696.485415][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  696.507697][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  696.530047][   T12] bond0 (unregistering): Released all slaves
[  696.568258][T11097] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  696.799768][   T12] tipc: Left network mode
[  696.988024][T10410] Bluetooth: hci5: command tx timeout
[  697.168964][ T5955] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  697.726581][T11097] usb 5-1: USB disconnect, device number 45
[  698.017772][ T5955] usb 7-1: Using ep0 maxpacket: 16
[  698.040200][ T5955] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  698.091256][ T5955] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  698.142978][ T5955] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.208378][ T5955] usb 7-1: Product: syz
[  698.236086][ T5955] usb 7-1: Manufacturer: syz
[  698.252263][ T5955] usb 7-1: SerialNumber: syz
[  698.286500][ T5955] usb 7-1: config 0 descriptor??
[  698.325984][ T5955] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  698.356191][ T5955] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  698.507728][T10410] Bluetooth: hci2: command tx timeout
[  698.696064][   T12] hsr_slave_0: left promiscuous mode
[  698.753773][   T12] hsr_slave_1: left promiscuous mode
[  698.795812][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  698.827475][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  698.942767][ T5955] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  699.075844][T10410] Bluetooth: hci5: command tx timeout
[  699.178103][T11931] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1774'.
[  699.564895][ T5955] em28xx 7-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=65)
[  699.610522][ T5955] em28xx 7-1:0.0: board has no eeprom
[  700.385437][T11941] loop4: detected capacity change from 0 to 1024
[  700.408596][T11941] EXT4-fs: Ignoring removed nomblk_io_submit option
[  700.467463][T11941] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  700.486095][T11941] System zones: 0-1, 3-36
[  700.494812][T11941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  700.587357][ T5955] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  700.595395][T10410] Bluetooth: hci2: command tx timeout
[  700.605523][ T5955] em28xx 7-1:0.0: dvb set to bulk mode.
[  700.635966][ T5988] em28xx 7-1:0.0: Binding DVB extension
[  700.652150][ T5955] usb 7-1: USB disconnect, device number 7
[  700.714748][ T5955] em28xx 7-1:0.0: Disconnecting em28xx
[  701.167586][T10410] Bluetooth: hci5: command tx timeout
[  701.407385][ T5988] em28xx 7-1:0.0: Registering input extension
[  701.417181][ T5955] em28xx 7-1:0.0: Closing input extension
[  701.455916][ T5955] em28xx 7-1:0.0: Freeing device
[  701.697785][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  702.776214][ T5955] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  702.787548][T10410] Bluetooth: hci2: command tx timeout
[  702.959477][ T5955] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  702.999598][ T5955] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  703.033962][ T5955] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  703.077391][ T5955] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  703.120289][ T5955] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  703.129585][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.159462][ T5955] usb 5-1: config 0 descriptor??
[  703.316838][T10410] Bluetooth: hci5: command tx timeout
[  703.328078][   T12] team0 (unregistering): Port device team_slave_1 removed
[  703.445743][   T12] team0 (unregistering): Port device team_slave_0 removed
[  703.623543][ T5955] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  704.422046][ T5955] usb 5-1: USB disconnect, device number 46
[  704.645558][T11876] chnl_net:caif_netlink_parms(): no params data found
[  704.792728][T11860] chnl_net:caif_netlink_parms(): no params data found
[  706.128517][T11876] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.141855][T11876] bridge0: port 1(bridge_slave_0) entered disabled state
[  706.166629][T11876] bridge_slave_0: entered allmulticast mode
[  706.224227][T11876] bridge_slave_0: entered promiscuous mode
[  706.245028][T11876] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.282809][T11876] bridge0: port 2(bridge_slave_1) entered disabled state
[  706.520502][T11876] bridge_slave_1: entered allmulticast mode
[  706.686065][T11876] bridge_slave_1: entered promiscuous mode
[  707.207146][T11860] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.239752][T11860] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.286366][T11860] bridge_slave_0: entered allmulticast mode
[  707.308843][T11860] bridge_slave_0: entered promiscuous mode
[  707.360562][T11876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.424536][T12010] loop4: detected capacity change from 0 to 2048
[  707.608850][T11860] bridge0: port 2(bridge_slave_1) entered blocking state
[  707.654405][T12010] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  707.676683][T11860] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.686311][T11860] bridge_slave_1: entered allmulticast mode
[  707.697629][T11860] bridge_slave_1: entered promiscuous mode
[  708.992049][   T31] audit: type=1326 audit(1769199380.995:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12009 comm="syz.4.1793" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33a199acb9 code=0x0
[  709.506099][T11876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  709.679464][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  709.819615][T11860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.881406][T12034] loop6: detected capacity change from 0 to 256
[  709.981669][T12034] /dev/loop6: Can't open blockdev
[  709.998408][T11860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  711.144589][T11876] team0: Port device team_slave_0 added
[  711.158635][T11876] team0: Port device team_slave_1 added
[  711.512513][T11860] team0: Port device team_slave_0 added
[  712.034285][T12050] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1800'.
[  712.332268][T12047] netlink: 296 bytes leftover after parsing attributes in process `syz.4.1800'.
[  713.226297][T11860] team0: Port device team_slave_1 added
[  713.372135][ T5955] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  713.636124][ T5955] usb 7-1: config 0 has no interfaces?
[  713.670094][ T5955] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  713.686570][T11876] batman_adv: batadv0: Adding interface: batadv_slave_0
[  713.699728][ T5955] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.716527][ T5955] usb 7-1: config 0 descriptor??
[  713.743800][T11876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  714.121445][T11876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  714.148041][T12064] binder: 12060:12064 ioctl c0306201 200000000480 returned -14
[  714.172036][T11860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  714.204771][T11860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  714.278003][T11860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  714.295729][T12055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  714.339428][T12055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  714.398118][T11876] batman_adv: batadv0: Adding interface: batadv_slave_1
[  714.408574][T11097] usb 7-1: USB disconnect, device number 8
[  714.425174][T11876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  714.537209][T11876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  714.782305][T11860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  714.826182][T11860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  714.876173][T11097] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  714.894086][T11860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  714.989804][T11876] hsr_slave_0: entered promiscuous mode
[  715.009107][T11876] hsr_slave_1: entered promiscuous mode
[  715.025583][T11876] debugfs: 'hsr0' already exists in 'hsr'
[  715.039234][T11876] Cannot create hsr debugfs directory
[  715.056892][T11097] usb 7-1: config 0 has an invalid interface number: 69 but max is 0
[  715.074457][T11097] usb 7-1: config 0 has no interface number 0
[  715.103752][T11097] usb 7-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  715.138512][T11097] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.157071][T11097] usb 7-1: Product: syz
[  715.172732][T11097] usb 7-1: Manufacturer: syz
[  715.205325][T11097] usb 7-1: SerialNumber: syz
[  715.221820][T11097] usb 7-1: config 0 descriptor??
[  715.263228][T11097] cyberjack 7-1:0.69: required endpoints missing
[  715.512985][T11860] hsr_slave_0: entered promiscuous mode
[  715.540039][T11860] hsr_slave_1: entered promiscuous mode
[  715.547352][T11860] debugfs: 'hsr0' already exists in 'hsr'
[  715.553249][T11860] Cannot create hsr debugfs directory
[  715.603663][T11097] usbhid 7-1:0.69: can't add hid device: -71
[  715.621945][T11097] usbhid 7-1:0.69: probe with driver usbhid failed with error -71
[  715.642214][T11097] usb 7-1: USB disconnect, device number 9
[  716.432956][ T9012] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  716.564893][T12100] loop2: detected capacity change from 0 to 512
[  716.619353][T12100] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  716.619526][ T9012] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  716.665020][ T9012] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  716.675031][ T9012] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  716.695531][ T9012] usb 5-1: SerialNumber: syz
[  716.696823][T12100] EXT4-fs (loop2): 1 truncate cleaned up
[  716.766544][T12100] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  716.798280][   T31] audit: type=1800 audit(1769199388.807:56): pid=12100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1815" name="file1" dev="loop2" ino=15 res=0 errno=0
[  716.887040][   T31] audit: type=1800 audit(1769199388.807:57): pid=12100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1815" name="file1" dev="loop2" ino=15 res=0 errno=0
[  717.323179][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  717.566991][ T6027] tipc: Subscription rejected, illegal request
[  717.765298][   T12] bridge_slave_1: left allmulticast mode
[  717.782162][   T12] bridge_slave_1: left promiscuous mode
[  717.792835][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.807923][   T12] bridge_slave_0: left allmulticast mode
[  717.813780][   T12] bridge_slave_0: left promiscuous mode
[  717.822915][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.964222][ T9012] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  717.990283][ T9012] usb 5-1: USB disconnect, device number 47
[  718.683942][T12118] loop4: detected capacity change from 0 to 128
[  719.404927][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  719.431719][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  719.688434][   T12] bond0 (unregistering): Released all slaves
[  720.877075][T11860] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  720.924971][T12119] loop6: detected capacity change from 0 to 40427
[  720.963897][T12119] F2FS-fs (loop6): invalid crc value
[  721.015818][T11860] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  721.079687][T11860] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  721.127049][T11860] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  722.343654][T12119] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  722.355647][T12119] F2FS-fs (loop6): Start checkpoint disabled!
[  722.384224][T12119] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[  722.696465][T11876] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  722.713106][T11876] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  722.724758][T11876] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  723.683725][   T12] hsr_slave_0: left promiscuous mode
[  723.767426][   T12] hsr_slave_1: left promiscuous mode
[  723.801719][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  723.870109][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  724.330824][   T12] team0 (unregistering): Port device batadv2 removed
[  729.381377][   T12] team0 (unregistering): Port device batadv1 removed
[  729.467208][T12192] loop6: detected capacity change from 0 to 256
[  729.535427][T12192] exfat: Deprecated parameter 'utf8'
[  729.540797][T12192] exfat: Deprecated parameter 'namecase'
[  729.597225][T12192] exfat: Deprecated parameter 'utf8'
[  729.637153][T12192] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  731.931975][ T5988] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  732.092053][ T5988] usb 1-1: Using ep0 maxpacket: 16
[  732.100926][ T5988] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  732.109342][ T5988] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  732.119491][ T5988] usb 1-1: config 0 has no interface number 0
[  732.228692][   T12] team0 (unregistering): Port device team_slave_1 removed
[  732.241374][ T5988] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  732.251005][ T5988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.259073][ T5988] usb 1-1: Product: syz
[  732.263749][ T5988] usb 1-1: Manufacturer: syz
[  732.268357][ T5988] usb 1-1: SerialNumber: syz
[  732.276814][ T5988] usb 1-1: config 0 descriptor??
[  732.300418][ T5988] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  732.321326][ T5988] uvcvideo 1-1:0.105: No valid video chain found.
[  732.371252][   T12] team0 (unregistering): Port device team_slave_0 removed
[  732.613977][ T5988] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  732.677459][T11876] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  732.691635][T12212] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  732.804157][ T5988] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  732.845281][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  732.920807][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  732.956616][T12219] loop2: detected capacity change from 0 to 512
[  732.973363][ T5988] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  733.052097][ T5988] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  733.066573][T12219] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  733.109275][ T5988] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.144345][ T5931] usb 1-1: USB disconnect, device number 58
[  733.154767][T11876] 8021q: adding VLAN 0 to HW filter on device bond0
[  733.365503][T12219] ext4 filesystem being mounted at /314/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  733.885782][ T5988] usb 5-1: config 0 descriptor??
[  734.142748][T11876] 8021q: adding VLAN 0 to HW filter on device team0
[  734.177065][T11860] 8021q: adding VLAN 0 to HW filter on device bond0
[  734.248718][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state
[  734.255918][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state
[  734.297873][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  734.582039][ T5988] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  734.598511][T11860] 8021q: adding VLAN 0 to HW filter on device team0
[  735.653865][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.661111][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state
[  735.868128][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.875389][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.015162][  T792] usb 5-1: USB disconnect, device number 48
[  736.072975][ T1129] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.080216][ T1129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.909431][T12270] FAT-fs (loop13): unable to read boot sector
[  737.872051][T12271] fido_id[12271]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  738.124387][T12281] loop4: detected capacity change from 0 to 16
[  738.202611][T12281] erofs (device loop4): mounted with root inode @ nid 36.
[  742.565154][T11860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  742.766307][T11876] 8021q: adding VLAN 0 to HW filter on device batadv0
[  742.849719][T12317] loop4: detected capacity change from 0 to 2048
[  743.076858][T12317] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  743.158185][T12317] ext4 filesystem being mounted at /304/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  743.270447][T12333] FAT-fs (loop5): unable to read boot sector
[  744.157038][T12317] overlayfs: failed to create directory ./bus/index (errno: 28); mounting read-only
[  744.250051][T12317] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  746.276334][T12355] loop6: detected capacity change from 0 to 256
[  746.341285][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  746.376759][T12355] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  746.534450][T11860] veth0_vlan: entered promiscuous mode
[  746.608962][T11860] veth1_vlan: entered promiscuous mode
[  746.861067][T11876] veth0_vlan: entered promiscuous mode
[  746.891140][T11860] veth0_macvtap: entered promiscuous mode
[  746.968910][T11860] veth1_macvtap: entered promiscuous mode
[  747.023693][T11876] veth1_vlan: entered promiscuous mode
[  747.033585][T12368] loop4: detected capacity change from 0 to 512
[  747.262372][T12368] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  747.357667][T12368] ext4 filesystem being mounted at /306/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  748.021018][T11860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  748.167148][T11860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  748.188336][T11876] veth0_macvtap: entered promiscuous mode
[  748.287766][T11876] veth1_macvtap: entered promiscuous mode
[  748.298432][   T71] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  748.389768][ T6571] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  748.403011][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  748.498520][T11507] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  748.533458][T12389] loop2: detected capacity change from 0 to 1024
[  748.541032][T12389] EXT4-fs: Ignoring removed orlov option
[  748.546804][T12389] EXT4-fs: inline encryption not supported
[  748.589812][T12389] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  748.600212][T12389] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  748.668877][T12389] EXT4-fs (loop2): invalid journal inode
[  748.675237][T12389] EXT4-fs (loop2): can't get journal size
[  748.740642][T12389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  749.168266][T11507] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.299754][T12370] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  749.336698][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  749.380953][T10410] Bluetooth: hci0: command 0x0406 tx timeout
[  749.432972][T11876] batman_adv: batadv0: Interface activated: batadv_slave_0
[  749.532641][T11876] batman_adv: batadv0: Interface activated: batadv_slave_1
[  749.549900][T12370] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  749.582024][T12370] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  749.613029][T12370] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  749.635504][   T13] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  749.654751][T12370] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  749.685961][   T13] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  749.724817][   T13] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  749.738602][   T13] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.907509][T12370] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  750.429137][T12407] FAT-fs (loop5): unable to read boot sector
[  750.576095][T12370] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  750.919951][T12370] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  751.378811][T10410] Bluetooth: hci4: command 0x2016 tx timeout
[  751.619207][ T5839] Bluetooth: hci3: command 0x0406 tx timeout
[  751.625549][T10410] Bluetooth: hci6: command 0x0406 tx timeout
[  751.938665][T10410] Bluetooth: hci2: command 0x0c1a tx timeout
[  752.050636][T12370] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  752.068833][T12370] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  752.100084][T12370] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  753.203360][ T6008] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.236983][ T6008] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.388462][T11097] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  753.441828][T12423] tipc: Started in network mode
[  753.446750][T12423] tipc: Node identity 00000000000000000000ffffe0000002, cluster identity 4711
[  753.548979][T12428] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1880'.
[  753.592162][T11097] usb 1-1: Using ep0 maxpacket: 16
[  753.612663][T12429] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1880'.
[  753.698470][T10410] Bluetooth: hci6: command 0x0406 tx timeout
[  753.734459][T12423] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  753.792220][T11097] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  754.038405][T10410] Bluetooth: hci2: command 0x0c1a tx timeout
[  754.108726][T10410] Bluetooth: hci5: command 0x0c1a tx timeout
[  754.139631][T11097] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  754.337668][T11097] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  754.458126][T11097] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  754.516148][T11097] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.592736][T11097] usb 1-1: config 0 descriptor??
[  755.363954][T12448] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  755.531512][T12448] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  755.541872][T12448] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  755.553037][T12448] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  755.562281][T12448] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  755.578188][T12448] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  755.586240][T12448] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  755.595303][T12448] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  755.605914][T12448] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  755.811522][T12450] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  756.250067][T12450] Bluetooth: hci5: command 0x0c1a tx timeout
[  756.612505][T11097] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.001D/input/input42
[  756.823341][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  756.904474][T11097] microsoft 0003:045E:07DA.001D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  756.983420][T11097] usb 1-1: USB disconnect, device number 59
[  757.857958][T12450] Bluetooth: hci7: command tx timeout
[  757.946166][T12450] Bluetooth: hci1: command tx timeout
[  758.086989][T12462] fido_id[12462]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  758.182540][T12465] loop2: detected capacity change from 0 to 512
[  758.211086][T12465] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  759.192867][T12465] EXT4-fs (loop2): can't mount with journal_async_commit, fs mounted w/o journal
[  760.192339][ T5839] Bluetooth: hci7: command tx timeout
[  760.192350][T10410] Bluetooth: hci1: command tx timeout
[  762.003980][   T50] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.285187][ T5839] Bluetooth: hci1: command tx timeout
[  762.292079][T12450] Bluetooth: hci7: command tx timeout
[  762.431452][   T50] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.097124][T12490] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1894'.
[  763.336933][   T50] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.031224][   T50] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  764.346673][ T5839] Bluetooth: hci1: command tx timeout
[  764.346696][T12450] Bluetooth: hci7: command tx timeout
[  764.461992][T12511] loop6: detected capacity change from 0 to 2048
[  764.542542][T12511] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  765.056952][T12526] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1899'.
[  765.692306][T12444] chnl_net:caif_netlink_parms(): no params data found
[  765.766277][   T50] bridge_slave_1: left allmulticast mode
[  765.785594][   T50] bridge_slave_1: left promiscuous mode
[  765.793524][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.817517][   T50] bridge_slave_0: left allmulticast mode
[  765.845183][   T50] bridge_slave_0: left promiscuous mode
[  765.855440][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  766.532273][T10408] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  767.898818][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  767.911509][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  767.938353][   T50] bond0 (unregistering): Released all slaves
[  767.979226][T12442] chnl_net:caif_netlink_parms(): no params data found
[  769.322510][T12552] loop4: detected capacity change from 0 to 1024
[  769.341714][T12552] EXT4-fs: Ignoring removed nomblk_io_submit option
[  769.415671][T12552] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  769.466262][T12552] System zones: 0-1, 3-36
[  769.499148][T12552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  770.909927][ T5842] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  770.921993][   T50] hsr_slave_0: left promiscuous mode
[  770.945956][   T50] hsr_slave_1: left promiscuous mode
[  770.961758][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  770.974675][   T50] batman_adv: batadv0: Removing interface: batadv_slave_0
[  770.993371][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  771.012591][   T50] batman_adv: batadv0: Removing interface: batadv_slave_1
[  771.773128][   T50] veth1_macvtap: left promiscuous mode
[  771.883188][T12569] loop6: detected capacity change from 0 to 128
[  771.935010][   T50] veth0_macvtap: left promiscuous mode
[  771.940872][   T50] veth1_vlan: left promiscuous mode
[  771.946291][   T50] veth0_vlan: left promiscuous mode
[  772.029875][T12569] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  772.044170][T12569] ext4 filesystem being mounted at /86/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  772.196213][T10408] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  773.062685][T12581] loop4: detected capacity change from 0 to 512
[  773.138519][T12581] EXT4-fs: Ignoring removed bh option
[  773.339223][T12581] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e018, mo2=0002]
[  773.390537][T12581] System zones: 1-12
[  773.591152][T12581] 
[  773.593509][T12581] ======================================================
[  773.600520][T12581] WARNING: possible circular locking dependency detected
[  773.607537][T12581] syzkaller #0 Not tainted
[  773.611948][T12581] ------------------------------------------------------
[  773.618971][T12581] syz.4.1915/12581 is trying to acquire lock:
[  773.625035][T12581] ffff88807a064b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x278/0x600
[  773.634936][T12581] 
[  773.634936][T12581] but task is already holding lock:
[  773.642305][T12581] ffff888054f49408 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x5ad/0x840
[  773.652288][T12581] 
[  773.652288][T12581] which lock already depends on the new lock.
[  773.652288][T12581] 
[  773.662694][T12581] 
[  773.662694][T12581] the existing dependency chain (in reverse order) is:
[  773.671717][T12581] 
[  773.671717][T12581] -> #1 (&ei->xattr_sem){++++}-{4:4}:
[  773.679312][T12581]        down_write+0x8b/0x1f0
[  773.684110][T12581]        ext4_destroy_inline_data+0x2d/0xe0
[  773.690037][T12581]        ext4_do_writepages+0x118f/0x3df0
[  773.695781][T12581]        ext4_writepages+0x347/0x790
[  773.701088][T12581]        do_writepages+0x278/0x600
[  773.706226][T12581]        filemap_writeback+0x22d/0x2e0
[  773.711709][T12581]        file_write_and_wait_range+0xcd/0x140
[  773.717815][T12581]        generic_buffers_fsync_noflush+0x77/0x490
[  773.724257][T12581]        ext4_sync_file+0x5f1/0xe50
[  773.729473][T12581]        vfs_fsync_range+0x142/0x230
[  773.734775][T12581]        ext4_buffered_write_iter+0x2e2/0x440
[  773.740858][T12581]        ext4_file_write_iter+0xa3d/0x1d90
[  773.746676][T12581]        do_iter_readv_writev+0x6ee/0x920
[  773.752421][T12581]        vfs_writev+0x360/0xe10
[  773.757298][T12581]        do_pwritev+0x1ac/0x270
[  773.762261][T12581]        __x64_sys_pwritev2+0xef/0x160
[  773.767754][T12581]        do_syscall_64+0xc9/0xf80
[  773.772802][T12581]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  773.779229][T12581] 
[  773.779229][T12581] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}:
[  773.787693][T12581]        __lock_acquire+0x14b8/0x2630
[  773.793104][T12581]        lock_acquire+0x17c/0x330
[  773.798161][T12581]        ext4_writepages+0x21d/0x790
[  773.803466][T12581]        do_writepages+0x278/0x600
[  773.808601][T12581]        __writeback_single_inode+0x164/0x13c0
[  773.814783][T12581]        writeback_single_inode+0x4d3/0xf30
[  773.820705][T12581]        write_inode_now+0x174/0x1f0
[  773.826006][T12581]        iput.part.0+0x818/0x1150
[  773.831055][T12581]        iput+0x35/0x40
[  773.835218][T12581]        ext4_xattr_block_set+0x6f7/0x3660
[  773.841076][T12581]        ext4_expand_extra_isize_ea+0x17c6/0x1d70
[  773.847526][T12581]        __ext4_expand_extra_isize+0x346/0x480
[  773.853726][T12581]        __ext4_mark_inode_dirty+0x63a/0x840
[  773.859736][T12581]        ext4_evict_inode+0x813/0x1760
[  773.865214][T12581]        evict+0x3c2/0xad0
[  773.869645][T12581]        iput.part.0+0x624/0x1150
[  773.874689][T12581]        iput+0x35/0x40
[  773.878863][T12581]        ext4_orphan_cleanup+0x71e/0x11e0
[  773.884610][T12581]        ext4_fill_super+0x90b8/0xb3f0
[  773.890094][T12581]        get_tree_bdev_flags+0x38c/0x620
[  773.895754][T12581]        vfs_get_tree+0x92/0x320
[  773.900711][T12581]        path_mount+0x7d0/0x23c0
[  773.905654][T12581]        __x64_sys_mount+0x293/0x310
[  773.910948][T12581]        do_syscall_64+0xc9/0xf80
[  773.915992][T12581]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  773.922413][T12581] 
[  773.922413][T12581] other info that might help us debug this:
[  773.922413][T12581] 
[  773.932631][T12581]  Possible unsafe locking scenario:
[  773.932631][T12581] 
[  773.940074][T12581]        CPU0                    CPU1
[  773.945427][T12581]        ----                    ----
[  773.950782][T12581]   lock(&ei->xattr_sem);
[  773.955117][T12581]                                lock(&sbi->s_writepages_rwsem);
[  773.962841][T12581]                                lock(&ei->xattr_sem);
[  773.969790][T12581]   rlock(&sbi->s_writepages_rwsem);
[  773.975080][T12581] 
[  773.975080][T12581]  *** DEADLOCK ***
[  773.975080][T12581] 
[  773.983212][T12581] 3 locks held by syz.4.1915/12581:
[  773.988399][T12581]  #0: ffff888034d080e0 (&type->s_umount_key#28/1){+.+.}-{4:4}, at: alloc_super+0x244/0xd20
[  773.998583][T12581]  #1: ffff888034d08610 (sb_internal){.+.+}-{0:0}, at: evict+0x3c2/0xad0
[  774.007074][T12581]  #2: ffff888054f49408 (&ei->xattr_sem){++++}-{4:4}, at: __ext4_mark_inode_dirty+0x5ad/0x840
[  774.017399][T12581] 
[  774.017399][T12581] stack backtrace:
[  774.023281][T12581] CPU: 1 UID: 0 PID: 12581 Comm: syz.4.1915 Not tainted syzkaller #0 PREEMPT(full) 
[  774.023320][T12581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  774.023340][T12581] Call Trace:
[  774.023351][T12581]  <TASK>
[  774.023363][T12581]  dump_stack_lvl+0x100/0x190
[  774.023405][T12581]  print_circular_bug.cold+0x178/0x1c7
[  774.023460][T12581]  check_noncircular+0x146/0x160
[  774.023517][T12581]  __lock_acquire+0x14b8/0x2630
[  774.023578][T12581]  lock_acquire+0x17c/0x330
[  774.023628][T12581]  ? do_writepages+0x278/0x600
[  774.023672][T12581]  ? __pfx___might_resched+0x10/0x10
[  774.023713][T12581]  ext4_writepages+0x21d/0x790
[  774.023753][T12581]  ? do_writepages+0x278/0x600
[  774.023793][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.023832][T12581]  ? lockdep_hardirqs_on+0x78/0x100
[  774.023872][T12581]  ? __pfx_ext4_writepages+0x10/0x10
[  774.023918][T12581]  ? do_writepages+0x4b5/0x600
[  774.023963][T12581]  ? do_writepages+0x4b5/0x600
[  774.024003][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024046][T12581]  ? __pfx_ext4_writepages+0x10/0x10
[  774.024086][T12581]  do_writepages+0x278/0x600
[  774.024130][T12581]  ? __pfx_do_writepages+0x10/0x10
[  774.024177][T12581]  __writeback_single_inode+0x164/0x13c0
[  774.024224][T12581]  ? preempt_schedule_common+0x42/0xc0
[  774.024261][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024303][T12581]  ? __pfx___writeback_single_inode+0x10/0x10
[  774.024352][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024395][T12581]  writeback_single_inode+0x4d3/0xf30
[  774.024447][T12581]  write_inode_now+0x174/0x1f0
[  774.024494][T12581]  ? __pfx_write_inode_now+0x10/0x10
[  774.024541][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024581][T12581]  ? trace_sched_exit_tp+0xcd/0x100
[  774.024653][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024693][T12581]  ? preempt_schedule_common+0x42/0xc0
[  774.024732][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024772][T12581]  ? preempt_schedule_thunk+0x16/0x30
[  774.024810][T12581]  iput.part.0+0x818/0x1150
[  774.024854][T12581]  iput+0x35/0x40
[  774.024890][T12581]  ext4_xattr_block_set+0x6f7/0x3660
[  774.024946][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.024995][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.025040][T12581]  ? __pfx_ext4_xattr_block_set+0x10/0x10
[  774.025098][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.025138][T12581]  ? xattr_find_entry+0x240/0x2e0
[  774.025191][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.025230][T12581]  ? ext4_xattr_block_find+0x59/0x430
[  774.025285][T12581]  ext4_expand_extra_isize_ea+0x17c6/0x1d70
[  774.025333][T12581]  ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10
[  774.025372][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.025412][T12581]  ? dquot_initialize_needed+0x183/0x2a0
[  774.025454][T12581]  __ext4_expand_extra_isize+0x346/0x480
[  774.025510][T12581]  __ext4_mark_inode_dirty+0x63a/0x840
[  774.025554][T12581]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  774.025594][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.025635][T12581]  ? __pfx___might_resched+0x10/0x10
[  774.025676][T12581]  ? ext4_journal_check_start+0x224/0x340
[  774.025714][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.025753][T12581]  ? __ext4_journal_start_sb+0x1ce/0x5c0
[  774.025817][T12581]  ? ext4_evict_inode+0x695/0x1760
[  774.025859][T12581]  ext4_evict_inode+0x813/0x1760
[  774.025902][T12581]  ? __pfx_ext4_evict_inode+0x10/0x10
[  774.025942][T12581]  ? evict+0x37e/0xad0
[  774.025983][T12581]  ? evict+0x37e/0xad0
[  774.026017][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026061][T12581]  ? __pfx_ext4_evict_inode+0x10/0x10
[  774.026101][T12581]  evict+0x3c2/0xad0
[  774.026136][T12581]  ? __ext4_msg+0x163/0x1d0
[  774.026175][T12581]  ? __pfx_evict+0x10/0x10
[  774.026211][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026255][T12581]  ? iput.part.0+0x61c/0x1150
[  774.026293][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026338][T12581]  iput.part.0+0x624/0x1150
[  774.026380][T12581]  iput+0x35/0x40
[  774.026416][T12581]  ext4_orphan_cleanup+0x71e/0x11e0
[  774.026465][T12581]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  774.026510][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026550][T12581]  ? ext4_register_li_request+0xef/0xa00
[  774.026601][T12581]  ext4_fill_super+0x90b8/0xb3f0
[  774.026664][T12581]  ? __pfx_ext4_fill_super+0x10/0x10
[  774.026710][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026753][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026793][T12581]  ? sb_set_blocksize+0x1fe/0x290
[  774.026828][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.026867][T12581]  ? setup_bdev_super+0x425/0x730
[  774.026914][T12581]  get_tree_bdev_flags+0x38c/0x620
[  774.026969][T12581]  ? __pfx_ext4_fill_super+0x10/0x10
[  774.027017][T12581]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  774.027066][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.027109][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.027149][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.027188][T12581]  ? security_capable+0x80/0x260
[  774.027230][T12581]  vfs_get_tree+0x92/0x320
[  774.027269][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.027311][T12581]  path_mount+0x7d0/0x23c0
[  774.027350][T12581]  ? __pfx_path_mount+0x10/0x10
[  774.027387][T12581]  ? kmem_cache_free+0x143/0x720
[  774.027433][T12581]  ? strncpy_from_user+0x19d/0x2d0
[  774.027478][T12581]  ? putname+0xf5/0x1a0
[  774.027513][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.027553][T12581]  ? putname+0xfa/0x1a0
[  774.027587][T12581]  ? __x64_sys_mount+0x293/0x310
[  774.027622][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.027661][T12581]  __x64_sys_mount+0x293/0x310
[  774.027698][T12581]  ? __pfx___x64_sys_mount+0x10/0x10
[  774.027743][T12581]  do_syscall_64+0xc9/0xf80
[  774.027784][T12581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  774.027818][T12581] RIP: 0033:0x7f33a199bf4a
[  774.027843][T12581] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  774.027876][T12581] RSP: 002b:00007f33a27d0e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  774.027907][T12581] RAX: ffffffffffffffda RBX: 00007f33a27d0ee0 RCX: 00007f33a199bf4a
[  774.027930][T12581] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f33a27d0ea0
[  774.027951][T12581] RBP: 0000200000000180 R08: 00007f33a27d0ee0 R09: 0000000000800740
[  774.027976][T12581] R10: 0000000000800740 R11: 0000000000000246 R12: 00002000000001c0
[  774.027998][T12581] R13: 00007f33a27d0ea0 R14: 000000000000046f R15: 0000200000000400
[  774.028031][T12581]  </TASK>
[  774.697262][T12581] ------------[ cut here ]------------
[  774.702763][T12581] EA inode 11 i_nlink=2
[  774.702782][T12581] WARNING: fs/ext4/xattr.c:1057 at ext4_xattr_inode_update_ref+0x477/0x590, CPU#0: syz.4.1915/12581
[  774.719340][T12581] Modules linked in:
[  774.723247][T12581] CPU: 0 UID: 0 PID: 12581 Comm: syz.4.1915 Not tainted syzkaller #0 PREEMPT(full) 
[  774.733028][T12581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  774.743469][T12581] RIP: 0010:ext4_xattr_inode_update_ref+0x47e/0x590
[  774.750424][T12581] Code: 40 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 01 00 00 48 8d 3d f9 a4 e1 0d 48 8b 73 40 44 89 e2 <67> 48 0f b9 3a eb a6 e8 d6 ae 2a ff 48 8d 7b 40 48 b8 00 00 00 00
[  774.770513][T12581] RSP: 0018:ffffc9000416f190 EFLAGS: 00010246
[  774.776955][T12581] RAX: dffffc0000000000 RBX: ffff888054f4bc58 RCX: ffffc9000dfda000
[  774.786181][T12581] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff90bdd4f0
[  774.794647][T12581] RBP: ffffc9000416f258 R08: 0000000000000005 R09: 0000000000000001
[  774.802679][T12581] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000002
[  774.811390][T12581] R13: 1ffff9200082de35 R14: 00000000ffffffff R15: 0000000000000000
[  774.819713][T12581] FS:  00007f33a27d16c0(0000) GS:ffff8881245de000(0000) knlGS:0000000000000000
[  774.828975][T12581] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  774.835883][T12581] CR2: 00007f51683e1198 CR3: 00000000652bf000 CR4: 0000000000350ef0
[  774.843871][T12581] Call Trace:
[  774.847491][T12581]  <TASK>
[  774.850453][T12581]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  774.857131][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.862817][T12581]  ? ext4_xattr_inode_iget+0x1ee/0x400
[  774.868574][T12581]  ext4_xattr_set_entry+0x185b/0x20b0
[  774.874033][T12581]  ? __pfx_ext4_xattr_set_entry+0x10/0x10
[  774.880339][T12581]  ? xattr_find_entry+0x240/0x2e0
[  774.885913][T12581]  ext4_xattr_ibody_set+0x3d3/0x5d0
[  774.891581][T12581]  ext4_expand_extra_isize_ea+0x180d/0x1d70
[  774.898045][T12581]  ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10
[  774.904509][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.910470][T12581]  ? dquot_initialize_needed+0x183/0x2a0
[  774.916423][T12581]  __ext4_expand_extra_isize+0x346/0x480
[  774.922091][T12581]  __ext4_mark_inode_dirty+0x63a/0x840
[  774.927883][T12581]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  774.933898][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.939647][T12581]  ? __pfx___might_resched+0x10/0x10
[  774.945045][T12581]  ? ext4_journal_check_start+0x224/0x340
[  774.950817][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.956551][T12581]  ? __ext4_journal_start_sb+0x1ce/0x5c0
[  774.962221][T12581]  ? ext4_evict_inode+0x695/0x1760
[  774.967428][T12581]  ext4_evict_inode+0x813/0x1760
[  774.972411][T12581]  ? __pfx_ext4_evict_inode+0x10/0x10
[  774.977888][T12581]  ? evict+0x37e/0xad0
[  774.981992][T12581]  ? evict+0x37e/0xad0
[  774.986124][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  774.991793][T12581]  ? __pfx_ext4_evict_inode+0x10/0x10
[  774.997623][T12581]  evict+0x3c2/0xad0
[  775.001552][T12581]  ? __ext4_msg+0x163/0x1d0
[  775.006145][T12581]  ? __pfx_evict+0x10/0x10
[  775.010600][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.016338][T12581]  ? iput.part.0+0x61c/0x1150
[  775.021042][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.026781][T12581]  iput.part.0+0x624/0x1150
[  775.031327][T12581]  iput+0x35/0x40
[  775.035046][T12581]  ext4_orphan_cleanup+0x71e/0x11e0
[  775.040283][T12581]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  775.046028][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.051749][T12581]  ? ext4_register_li_request+0xef/0xa00
[  775.057476][T12581]  ext4_fill_super+0x90b8/0xb3f0
[  775.062469][T12581]  ? __pfx_ext4_fill_super+0x10/0x10
[  775.067882][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.073570][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.079313][T12581]  ? sb_set_blocksize+0x1fe/0x290
[  775.084381][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.090194][T12581]  ? setup_bdev_super+0x425/0x730
[  775.095471][T12581]  get_tree_bdev_flags+0x38c/0x620
[  775.100634][T12581]  ? __pfx_ext4_fill_super+0x10/0x10
[  775.106226][T12581]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  775.112353][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.118063][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.123732][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.129441][T12581]  ? security_capable+0x80/0x260
[  775.134402][T12581]  vfs_get_tree+0x92/0x320
[  775.138883][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.144596][T12581]  path_mount+0x7d0/0x23c0
[  775.149040][T12581]  ? __pfx_path_mount+0x10/0x10
[  775.153896][T12581]  ? kmem_cache_free+0x143/0x720
[  775.158934][T12581]  ? strncpy_from_user+0x19d/0x2d0
[  775.164079][T12581]  ? putname+0xf5/0x1a0
[  775.168301][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.173963][T12581]  ? putname+0xfa/0x1a0
[  775.178176][T12581]  ? __x64_sys_mount+0x293/0x310
[  775.183141][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.188864][T12581]  __x64_sys_mount+0x293/0x310
[  775.193649][T12581]  ? __pfx___x64_sys_mount+0x10/0x10
[  775.199169][T12581]  do_syscall_64+0xc9/0xf80
[  775.203706][T12581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.209844][T12581] RIP: 0033:0x7f33a199bf4a
[  775.214274][T12581] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  775.234668][T12581] RSP: 002b:00007f33a27d0e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  775.243124][T12581] RAX: ffffffffffffffda RBX: 00007f33a27d0ee0 RCX: 00007f33a199bf4a
[  775.251208][T12581] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f33a27d0ea0
[  775.259274][T12581] RBP: 0000200000000180 R08: 00007f33a27d0ee0 R09: 0000000000800740
[  775.267336][T12581] R10: 0000000000800740 R11: 0000000000000246 R12: 00002000000001c0
[  775.275379][T12581] R13: 00007f33a27d0ea0 R14: 000000000000046f R15: 0000200000000400
[  775.283379][T12581]  </TASK>
[  775.286464][T12581] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  775.293746][T12581] CPU: 0 UID: 0 PID: 12581 Comm: syz.4.1915 Not tainted syzkaller #0 PREEMPT(full) 
[  775.303118][T12581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  775.313166][T12581] Call Trace:
[  775.316482][T12581]  <TASK>
[  775.319402][T12581]  dump_stack_lvl+0x100/0x190
[  775.324085][T12581]  vpanic+0x20d/0x630
[  775.328067][T12581]  panic+0xd1/0xd1
[  775.331802][T12581]  ? __pfx_panic+0x10/0x10
[  775.336222][T12581]  check_panic_on_warn.cold+0x19/0x34
[  775.341593][T12581]  ? ext4_xattr_inode_update_ref+0x477/0x590
[  775.347593][T12581]  __warn.cold+0x191/0x2f8
[  775.352018][T12581]  __report_bug+0x296/0x3d0
[  775.356560][T12581]  ? ext4_xattr_inode_update_ref+0x477/0x590
[  775.362604][T12581]  ? __pfx___report_bug+0x10/0x10
[  775.367685][T12581]  ? rcu_is_watching+0x12/0xc0
[  775.372458][T12581]  report_bug_entry+0xe1/0x290
[  775.377225][T12581]  ? ext4_xattr_inode_update_ref+0x47e/0x590
[  775.383223][T12581]  handle_bug+0x1c9/0x2a0
[  775.387582][T12581]  exc_invalid_op+0x17/0x50
[  775.392098][T12581]  asm_exc_invalid_op+0x1a/0x20
[  775.396957][T12581] RIP: 0010:ext4_xattr_inode_update_ref+0x47e/0x590
[  775.403589][T12581] Code: 40 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 01 00 00 48 8d 3d f9 a4 e1 0d 48 8b 73 40 44 89 e2 <67> 48 0f b9 3a eb a6 e8 d6 ae 2a ff 48 8d 7b 40 48 b8 00 00 00 00
[  775.423314][T12581] RSP: 0018:ffffc9000416f190 EFLAGS: 00010246
[  775.429398][T12581] RAX: dffffc0000000000 RBX: ffff888054f4bc58 RCX: ffffc9000dfda000
[  775.437374][T12581] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff90bdd4f0
[  775.445354][T12581] RBP: ffffc9000416f258 R08: 0000000000000005 R09: 0000000000000001
[  775.453335][T12581] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000002
[  775.461307][T12581] R13: 1ffff9200082de35 R14: 00000000ffffffff R15: 0000000000000000
[  775.469300][T12581]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  775.475674][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.481325][T12581]  ? ext4_xattr_inode_iget+0x1ee/0x400
[  775.486825][T12581]  ext4_xattr_set_entry+0x185b/0x20b0
[  775.492260][T12581]  ? __pfx_ext4_xattr_set_entry+0x10/0x10
[  775.498011][T12581]  ? xattr_find_entry+0x240/0x2e0
[  775.503072][T12581]  ext4_xattr_ibody_set+0x3d3/0x5d0
[  775.508290][T12581]  ext4_expand_extra_isize_ea+0x180d/0x1d70
[  775.514224][T12581]  ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10
[  775.520486][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.526142][T12581]  ? dquot_initialize_needed+0x183/0x2a0
[  775.531799][T12581]  __ext4_expand_extra_isize+0x346/0x480
[  775.537551][T12581]  __ext4_mark_inode_dirty+0x63a/0x840
[  775.543045][T12581]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  775.549073][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.554726][T12581]  ? __pfx___might_resched+0x10/0x10
[  775.560026][T12581]  ? ext4_journal_check_start+0x224/0x340
[  775.565848][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.571493][T12581]  ? __ext4_journal_start_sb+0x1ce/0x5c0
[  775.577137][T12581]  ? ext4_evict_inode+0x695/0x1760
[  775.582269][T12581]  ext4_evict_inode+0x813/0x1760
[  775.587226][T12581]  ? __pfx_ext4_evict_inode+0x10/0x10
[  775.592610][T12581]  ? evict+0x37e/0xad0
[  775.596690][T12581]  ? evict+0x37e/0xad0
[  775.600773][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.606429][T12581]  ? __pfx_ext4_evict_inode+0x10/0x10
[  775.611817][T12581]  evict+0x3c2/0xad0
[  775.615811][T12581]  ? __ext4_msg+0x163/0x1d0
[  775.620337][T12581]  ? __pfx_evict+0x10/0x10
[  775.624852][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.630504][T12581]  ? iput.part.0+0x61c/0x1150
[  775.635195][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.640847][T12581]  iput.part.0+0x624/0x1150
[  775.645371][T12581]  iput+0x35/0x40
[  775.649017][T12581]  ext4_orphan_cleanup+0x71e/0x11e0
[  775.654323][T12581]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  775.659970][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.665613][T12581]  ? ext4_register_li_request+0xef/0xa00
[  775.671273][T12581]  ext4_fill_super+0x90b8/0xb3f0
[  775.676250][T12581]  ? __pfx_ext4_fill_super+0x10/0x10
[  775.681556][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.687204][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.692847][T12581]  ? sb_set_blocksize+0x1fe/0x290
[  775.697879][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.703528][T12581]  ? setup_bdev_super+0x425/0x730
[  775.708578][T12581]  get_tree_bdev_flags+0x38c/0x620
[  775.713723][T12581]  ? __pfx_ext4_fill_super+0x10/0x10
[  775.719032][T12581]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  775.724701][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.730364][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.736006][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.741653][T12581]  ? security_capable+0x80/0x260
[  775.746606][T12581]  vfs_get_tree+0x92/0x320
[  775.751043][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.756783][T12581]  path_mount+0x7d0/0x23c0
[  775.761216][T12581]  ? __pfx_path_mount+0x10/0x10
[  775.766077][T12581]  ? kmem_cache_free+0x143/0x720
[  775.771062][T12581]  ? strncpy_from_user+0x19d/0x2d0
[  775.776540][T12581]  ? putname+0xf5/0x1a0
[  775.780714][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.786443][T12581]  ? putname+0xfa/0x1a0
[  775.790607][T12581]  ? __x64_sys_mount+0x293/0x310
[  775.795555][T12581]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.801218][T12581]  __x64_sys_mount+0x293/0x310
[  775.805999][T12581]  ? __pfx___x64_sys_mount+0x10/0x10
[  775.811302][T12581]  do_syscall_64+0xc9/0xf80
[  775.815820][T12581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.821728][T12581] RIP: 0033:0x7f33a199bf4a
[  775.826232][T12581] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  775.845896][T12581] RSP: 002b:00007f33a27d0e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  775.854327][T12581] RAX: ffffffffffffffda RBX: 00007f33a27d0ee0 RCX: 00007f33a199bf4a
[  775.862315][T12581] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f33a27d0ea0
[  775.870377][T12581] RBP: 0000200000000180 R08: 00007f33a27d0ee0 R09: 0000000000800740
[  775.878434][T12581] R10: 0000000000800740 R11: 0000000000000246 R12: 00002000000001c0
[  775.886403][T12581] R13: 00007f33a27d0ea0 R14: 000000000000046f R15: 0000200000000400
[  775.894388][T12581]  </TASK>
[  775.897720][T12581] Kernel Offset: disabled
[  775.902038][T12581] Rebooting in 86400 seconds..